Change search
ReferencesLink to record
Permanent link

Direct link
The security of all RSA and discrete log bits
KTH, Superseded Departments, Numerical Analysis and Computer Science, NADA.ORCID iD: 0000-0002-5379-345X
2004 (English)In: Journal of the ACM, ISSN 0004-5411, E-ISSN 1557-735X, Vol. 51, no 2, 187-230 p.Article in journal (Refereed) Published
Abstract [en]

We study the security of individual bits in an RSA encrypted message E-N(x). We show that given E-N(x), predicting any single bit in x with only a nonnegligible advantage over the trivial guessing strategy, is (through a polynomial-time reduction) as hard as breaking RSA. Moreover, we prove that blocks of O (log log N) bits of x are computationally indistinguishable from random bits. The results carry over to the Rabin encryption scheme. Considering the discrete exponentiation function g(x) modulo p, with probability 1 - o(1) over random choices of the prime p, the analog results are demonstrated. The results do not rely on group representation, and therefore applies to general cyclic groups as well. Finally, we prove that the bits of ax + b modulo p give hard core predicates for any one-way function f. All our results follow from a general result on the chosen multiplier hidden numberproblem: given an integer N, and access to an algorithm P-x, that on input a random a epsilon Z(N), returns a guess of the ith bit of ax mod N, recover x. We show that for any i, if P-x has at least a nonnegligible advantage in predicting the ith bit, we either recover x, or, obtain a nontrivial factor of N in polynomial time. The result also extends to prove the results about simultaneous security of blocks of O (log log N) bits.

Place, publisher, year, edition, pages
2004. Vol. 51, no 2, 187-230 p.
Keyword [en]
cryptography, complexity, RSA-encryption, bit-security, discrete logarithms
National Category
Computer and Information Science
URN: urn:nbn:se:kth:diva-23252DOI: 10.1145/972639.972642ISI: 000220153200003ScopusID: 2-s2.0-4243189287OAI: diva2:341950
QC 20100525 QC 20111028Available from: 2010-08-10 Created: 2010-08-10 Last updated: 2012-01-21Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Håstad, Johan
By organisation
Numerical Analysis and Computer Science, NADA
In the same journal
Journal of the ACM
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 46 hits
ReferencesLink to record
Permanent link

Direct link