Searching for Elements in Black Box Fields and Applications

We introduce the notion of a black box eld and discuss the problem of explicitly exposing eld elements given in a black box form. We present several sub-exponential algorithms for this problem using a technique due to Maurer. These algorithms make use of elliptic curves over nite elds in a crucial way. We present three applications for our results: (1) We show that any algebraically homomorphic encryption scheme can be broken in expected sub-exponential time. The existence of such schemes has been open for a number of years. (2) We give an expected sub-exponential time reduction from the problem of nding roots of polynomials over nite elds with low straight line complexity (e.g. sparse polynomials) to the problem of testing whether such polynomials have a root in the eld. (3) We show that the hardness of computing discrete-log over elliptic curves implies the security of the Diie-Hellman protocol over elliptic curves. Finally in the last section of the paper we prove the hardness of exposing black box eld elements in a eld of characteristic zero.

[1]  Bert den Boer Diffie-Hellman is as Strong as Discrete Log for Certain Primes , 1988, CRYPTO.

[2]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[3]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[4]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[5]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[6]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[7]  Ivan Damgård,et al.  On the Randomness of Legendre and Jacobi Sequences , 1990, CRYPTO.

[8]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[9]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[10]  P. Erdös,et al.  On a problem of Oppenheim concerning “factorisatio numerorum” , 1983 .

[11]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[12]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[13]  J. Michael Steele,et al.  Lower Bounds for Algebraic Decision Trees , 1982, J. Algorithms.

[14]  Editors , 1986, Brain Research Bulletin.

[15]  Adolf Hildebrand,et al.  On the number of positive integers ≦ x and free of prime factors > y , 1986 .

[16]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[17]  Endre Szemerédi,et al.  On the Complexity of Matrix Group Problems I , 1984, FOCS.

[18]  Leonard M. Adleman,et al.  A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields , 1994, ANTS.

[19]  Kouichi Sakurai,et al.  Relationships Among the Computational Powers of Breaking Discrete Log Cryptosystems , 1995, EUROCRYPT.

[20]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[21]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[22]  Stefan WolfInstitute Diie-hellman Oracles , 1996 .

[23]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[24]  E. Bach Explicit bounds for primality testing and related problems , 1990 .

[25]  Richard J. Lipton,et al.  Straight-line complexity and integer factorization , 1994, ANTS.

[26]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[27]  Neal Koblitz,et al.  A Family of Jacobians Suitable for Discrete Log Cryptosystems , 1988, CRYPTO.

[28]  H. Davenport On the Distribution of Quadratic Residues (mod p) , 1931 .

[29]  Ueli Maurer,et al.  Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms , 1994, CRYPTO.

[30]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[31]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[32]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.