2007
DOI: 10.1007/978-3-540-74143-5_26
|View full text |Cite
|
Sign up to set email alerts
|

A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator

Abstract: Abstract. An elliptic curve random number generator (ECRNG) has been approved in a NIST standard and proposed for ANSI and SECG draft standards. This paper proves that, if three conjectures are true, then the ECRNG is secure. The three conjectures are hardness of the elliptic curve decisional Diffie-Hellman problem and the hardness of two newer problems, the x-logarithm problem and the truncated point problem. The x-logarithm problem is shown to be hard if the decisional DiffieHellman problem is hard, although… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
21
1

Year Published

2008
2008
2023
2023

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 22 publications
(22 citation statements)
references
References 11 publications
0
21
1
Order By: Relevance
“…One main practical consequence of the result for elliptic curve is that, we can avoid the Truncated Point Problem (TPP) assumption used in the security proof of the NIST Elliptic Curve Dual Random Bit Generator (DRBG) [7,24].…”
Section: Our Resultsmentioning
confidence: 99%
See 3 more Smart Citations
“…One main practical consequence of the result for elliptic curve is that, we can avoid the Truncated Point Problem (TPP) assumption used in the security proof of the NIST Elliptic Curve Dual Random Bit Generator (DRBG) [7,24].…”
Section: Our Resultsmentioning
confidence: 99%
“…The first improvement reduces the number of assumptions on which the security proof relies. The second one decreases the implicit security bound given in [7].…”
Section: Nist Random Generatormentioning
confidence: 99%
See 2 more Smart Citations
“…An efficient pseudorandom generator based on elliptic curves is proposed by Barker and Kelsey [1]. Unfortunately, their generator (called Dual Elliptic Curve generator) is insecure the reason being that random bits are extracted from random points of the elliptic curve in an improper way [4,8,29]. Replacing the extractor used by Barker and Kelsey with one of our extractors yields a pseudorandom generator which is provably secure under the DDH assumption and the x-logarithm assumption [4].…”
mentioning
confidence: 99%