Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The security of all RSA and discrete log bits
KTH, Superseded Departments, Numerical Analysis and Computer Science, NADA.ORCID iD: 0000-0002-5379-345X
2004 (English)In: Journal of the ACM, ISSN 0004-5411, E-ISSN 1557-735X, Vol. 51, no 2, 187-230 p.Article in journal (Refereed) Published
Abstract [en]

We study the security of individual bits in an RSA encrypted message E-N(x). We show that given E-N(x), predicting any single bit in x with only a nonnegligible advantage over the trivial guessing strategy, is (through a polynomial-time reduction) as hard as breaking RSA. Moreover, we prove that blocks of O (log log N) bits of x are computationally indistinguishable from random bits. The results carry over to the Rabin encryption scheme. Considering the discrete exponentiation function g(x) modulo p, with probability 1 - o(1) over random choices of the prime p, the analog results are demonstrated. The results do not rely on group representation, and therefore applies to general cyclic groups as well. Finally, we prove that the bits of ax + b modulo p give hard core predicates for any one-way function f. All our results follow from a general result on the chosen multiplier hidden numberproblem: given an integer N, and access to an algorithm P-x, that on input a random a epsilon Z(N), returns a guess of the ith bit of ax mod N, recover x. We show that for any i, if P-x has at least a nonnegligible advantage in predicting the ith bit, we either recover x, or, obtain a nontrivial factor of N in polynomial time. The result also extends to prove the results about simultaneous security of blocks of O (log log N) bits.

Place, publisher, year, edition, pages
2004. Vol. 51, no 2, 187-230 p.
Keyword [en]
cryptography, complexity, RSA-encryption, bit-security, discrete logarithms
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:kth:diva-23252DOI: 10.1145/972639.972642ISI: 000220153200003Scopus ID: 2-s2.0-4243189287OAI: oai:DiVA.org:kth-23252DiVA: diva2:341950
Note
QC 20100525 QC 20111028Available from: 2010-08-10 Created: 2010-08-10 Last updated: 2017-12-12Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Authority records BETA

Håstad, Johan

Search in DiVA

By author/editor
Håstad, Johan
By organisation
Numerical Analysis and Computer Science, NADA
In the same journal
Journal of the ACM
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 62 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf