The Security of All Bits Using List Decoding

Morillo, Paz; Ràfols, Carla

doi:10.1007/978-3-642-00468-1_2

Cited by 11 publications

(23 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2009, Morillo and Ràfols [28] extended these results and were able to prove the security of all bits in RSA, Rabin and DL for prime orders or RSA moduli using a careful analysis of the Fourier coefficients of the function that maps an element of Z/nZ to the value of the kth bit of its corresponding representative in [0, n − 1]. They also extended the result to the Paillier trapdoor permutation [32].…”

Section: Previous Workmentioning

confidence: 92%

“…end for 9: end for 10: [28] significantly simplify this computation by noticing that if the argument x was simple an integer (not an integer mod p) then B k (x) + B k (x + 2 k ) is identically zero and hence, is a constant function. This fails mod p, but it does not fail too much, so one still has good control over the coefficients.…”

Section: A2 the Sft Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

Hardness of Computing Individual Bits for One-Way Functions on Elliptic Curves

Duc

Jetchev

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We prove that if one can predict any of the bits of the input to an elliptic curve based one-way function over a finite field, then we can invert the function. In particular, our result implies that if one can predict any of the bits of the input to a classical pairing-based one-way function with non-negligible advantage over a random guess then one can efficiently invert this function and thus, solve the Fixed Argument Pairing Inversion problem (FAPI-1/FAPI-2). The latter has implications on the security of various pairing-based schemes such as the identity-based encryption scheme of BonehFranklin, Hess' identity-based signature scheme, as well as Joux's three-party one-round key agreement protocol. Moreover, if one can solve FAPI-1 and FAPI-2 in polynomial time then one can solve the Computational Diffie-Hellman problem (CDH) in polynomial time.Our result implies that all the bits of the functions defined above are hard-to-compute assuming these functions are one-way. The argument is based on a list-decoding technique via discrete Fourier transforms due to Akavia-Goldwasser-Safra as well as an idea due to Boneh-Shparlinski.

show abstract

Section: Previous Workmentioning

confidence: 92%

Section: A2 the Sft Algorithmmentioning

confidence: 99%

Hardness of Computing Individual Bits for One-Way Functions on Elliptic Curves

Duc

Jetchev

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…More precisely, one can prove security of the ( ( )) least and most significant bits of these functions, where is the size of the input parameter of the one-way function. Using the listdecoding method, Morillo and Ràfols [16] extended these results and were able to prove the security of all bits in RSA, Rabin and DL for prime orders or RSA moduli using a specific analysis of the Fourier coefficients of the function that maps an element of to the value of the -th bit of its corresponding representative in [0, − 1]. They also extended the result to the Paillier trapdoor permutation [17].…”

Section: Motivation and Related Workmentioning

confidence: 92%

“…This notion was extensively investigated in the early 1980's, culminating in proofs that some specific bits for these candidate oneway functions such as RSA, Rabin, ECL are individually hard( [7], [1], [5]), and that those ( ( )) bits are also simultaneously hard ( [1], [23]). All the subsequent efforts are to extend the techniques to prove the individual or simultaneous security of ( ) bits in these number theoretic functions ( [25], [3], [16]). …”

Section: Introductionmentioning

confidence: 99%

Bit Security for Lucas-Based One-Way Function

Ren¹,

Lu²

2014

2014 Ninth Asia Joint Conference on Information Security

View full text Add to dashboard Cite

show abstract

“…In recent years different areas of mathematics, such as additive number theory [2], combinatorial number theory [5] and cryptography [4], have seen results that take advantage of the structure arising from large values of the Fourier transform. Most notably, the quantum algorithm for period finding given by Shor [6] is an application that exploits this structure.…”

Section: Introductionmentioning

confidence: 99%

On sets of large Fourier transform under changes in domain

Laity

Shani

2018

Applied and Computational Harmonic Analysis

View full text Add to dashboard Cite

A function f : Z n → C can be represented as a linear combination f (where f is the (discrete) Fourier transform of f . Clearly, the basis {χ α,n (x) := exp(2πiαx/n)} depends on the value n.We show that if f has "large" Fourier coefficients, then the function f : Z m → C, given byalso has "large" coefficients. Moreover, they are all contained in a "small" interval around ⌊ m n α⌉ for each α ∈ Z n such that f (α) is large. One can use this result to recover the large Fourier coefficients of a function f by redefining it on a convenient domain. One can also use this result to reprove a result by Morillo and Ràfols: single-bit functions, defined over any domain, have a small set of large coefficients.

show abstract

The Security of All Bits Using List Decoding

Cited by 11 publications

References 11 publications

Hardness of Computing Individual Bits for One-Way Functions on Elliptic Curves

Hardness of Computing Individual Bits for One-Way Functions on Elliptic Curves

Bit Security for Lucas-Based One-Way Function

On sets of large Fourier transform under changes in domain

Contact Info

Product

Resources

About