Cryptology ePrint Archive: Report 2013/134

Hard-Core Predicates for a Diffie-Hellman Problem over Finite Fields

Nelly Fazio and Rosario Gennaro and Irippuge Milinda Perera and William E. Skeith III

Abstract: A long-standing open problem in cryptography is proving the existence of (deterministic) hard-core predicates for the Diffie-Hellman problem defined over finite fields. In this paper, we make progress on this problem by defining a very natural variation of the Diffie-Hellman problem over $\mathbb{F}_{p^2}$ and proving the unpredictability of every single bit of one of the coordinates of the secret DH value.

To achieve our result, we modify an idea presented at CRYPTO'01 by Boneh and Shparlinski [4] originally developed to prove that the LSB of the elliptic curve Diffie-Hellman problem is hard. We extend this idea in two novel ways:

1. We generalize it to the case of finite fields $\mathbb{F}_{p^2}$;

2. We prove that any bit, not just the LSB, is hard using the list decoding techniques of Akavia et al. [1] (FOCS'03) as generalized at CRYPTO'12 by Duc and Jetchev [6].

In the process, we prove several other interesting results:

- Our result also hold for a larger class of predicates, called \emph{segment predicates} in [1];

- We extend the result of Boneh and Shparlinski to prove that every bit (and every segment predicate) of the elliptic curve Diffie-Hellman problem is hard-core;

- We define the notion of \emph{partial one-way function} over finite fields $\mathbb{F}_{p^2}$ and prove that every bit (and every segment predicate) of one of the input coordinates for these functions is hard-core.

Category / Keywords: foundations / Hard-Core Bits, Diffie-Hellman Problem, Finite Fields, Elliptic Curves

Original Publication (with major differences): IACR-CRYPTO-2013
DOI:
10.1007/978-3-642-40084-1_9

Date: received 6 Mar 2013, last revised 24 Aug 2013

Contact author: iperera at gc cuny edu

Available format(s): PDF | BibTeX Citation

Note: Added forgotten acknowledgments

Version: 20130824:230015 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]