Efficient Pseudorandom Generators Based on the DDH Assumption

A family of pseudorandom generators based on the decisional Diffie-Hellman assumption is proposed. The new construction is a modified and generalized version of the Dual Elliptic Curve generator proposed by Barker and Kelsey. Although the original Dual Elliptic Curve generator is shown to be insecure, the modified version is provably secure and very efficient in comparison with the other pseudorandom generators based on discrete log assumptions. Our generator can be based on any group of prime order provided that an additional requirement is met (i.e., there exists an efficiently computable function that in some sense enumerates the elements of the group). Two specific instances are presented. The techniques used to design the instances, for example, the new probabilistic randomness extractor are of independent interest for other applications.

[1]  Daniel R. L. Brown Conjectured Security of the ANSI-NIST Elliptic Curve RNG , 2006, IACR Cryptol. ePrint Arch..

[2]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[3]  Shaoquan Jiang,et al.  Efficient Primitives from Exponentiation in Zp , 2006, ACISP.

[4]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[5]  Claus-Peter Schnorr,et al.  Stronger Security Proofs for RSA and Rabin Bits , 1997, Journal of Cryptology.

[6]  Ueli Maurer,et al.  Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms , 1994, CRYPTO.

[7]  Berry Schoenmakers,et al.  Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator , 2006, IACR Cryptol. ePrint Arch..

[8]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[9]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[10]  Olivier Chevassut,et al.  The Twist-AUgmented Technique for Key Exchange , 2006, Public Key Cryptography.

[11]  Omer Reingold,et al.  On the Power of the Randomized Iterate , 2006, SIAM J. Comput..

[12]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[13]  Sarvar Patel,et al.  An Efficient Discrete Log Pseudo Random Generator , 1998, CRYPTO.

[14]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[15]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[16]  Olivier Chevassut,et al.  Key Derivation and Randomness Extraction , 2005, IACR Cryptol. ePrint Arch..

[17]  Hugo Krawczyk,et al.  Secure Hashed Diffie-Hellman over Non-DDH Groups , 2004, EUROCRYPT.

[18]  Stefan Wolf,et al.  Information-theoretically and computationally secure key agreement in cryptography , 1999 .

[19]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[20]  Jacques Stern,et al.  Hardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes , 2006, ICALP.

[21]  Arjen K. Lenstra,et al.  The XTR Public Key System , 2000, CRYPTO.

[22]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[23]  Ueli Maurer,et al.  Diffie-Hellman Oracles , 1996, CRYPTO.

[24]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[25]  Ron Steinfeld,et al.  On the Provable Security of an Efficient RSA-Based Pseudorandom Generator , 2006, ASIACRYPT.

[26]  Rosario Gennaro,et al.  An Improved Pseudo-Random Generator Based on the Discrete Logarithm Problem , 2005, Journal of Cryptology.

[27]  Reihaneh Safavi-Naini,et al.  An Efficient Signature Scheme from Bilinear Pairings and Its Applications , 2004, Public Key Cryptography.

[28]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[29]  L. Fortnow,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[30]  Markus Jakobsson,et al.  How to turn loaded dice into fair coins , 2000, IEEE Trans. Inf. Theory.

[31]  Burton S. Kaliski,et al.  Elliptic curves and cryptography: a pseudorandom bit generator and other tools , 1988 .