The Discrete Logarithm Modulo a Composite Hides O(n) Bits

Abstract In this paper we consider the one-way function f g , N ( X ) = g X (mod N ), where N is a Blum integer. We prove that under the commonly assumed intractability of factoring Blum integers, all its bits are individually hard, and the lower as well as upper halves of them are simultaneously hard. As a result, f g , N can be used in efficient pseudo-random bit generators and multi-bit commitment schemes, where messages can be drawn according to arbitrary probability distributions.

[1]  Manuel Blum,et al.  How to Generate Cryptographically Strong Sequences of Pseudo Random Bits , 1982, FOCS.

[2]  Russell Impagliazzo,et al.  How to recycle random bits , 1989, 30th Annual Symposium on Foundations of Computer Science.

[3]  Moni Naor,et al.  Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[4]  Adi Shamir,et al.  The discrete log is very discreet , 1990, STOC '90.

[5]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[6]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[7]  Oded Goldreich,et al.  RSA/Rabin Bits are 1/2 + 1/poly(log N) Secure , 1984, FOCS.

[8]  Avi Wigderson,et al.  The Discrete Logarithm Hides O(log n) Bits , 1988, SIAM J. Comput..

[9]  B. Chor Two Issues in Public Key Cryptography: RSA Bit Security and a New Knapsack Type System , 1986 .

[10]  Rafail Ostrovsky,et al.  Minimum resource zero knowledge proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[11]  Eric Bach,et al.  How to generate random integers with known factorization , 1983, STOC.

[12]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[13]  Rafael Hirschfeld,et al.  Pseudorandom Generators and Complexity Classes , 1989, Advances in Computational Research.

[14]  Adi Shamir,et al.  Efficient Factoring Based on Partial Information , 1985, EUROCRYPT.

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[17]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[18]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[19]  Hugo Krawczyk,et al.  On the existence of pseudorandom generators , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[20]  Joe Kilian,et al.  Almost all primes can be quickly certified , 1986, STOC '86.

[21]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[22]  E. Bach Discrete Logarithms and Factoring , 1984 .

[23]  M. Blum,et al.  A simple secure pseudo-random number generator , 1982 .

[24]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[25]  Adi Shamir,et al.  On the Universality of the Next Bit Test , 1990, CRYPTO.

[26]  Hugo Krawczyk,et al.  On the Existence of Pseudorandom Generators , 1993, SIAM J. Comput..

[27]  Moni Naor,et al.  Efficient cryptographic schemes provably as secure as subset sum , 1989, 30th Annual Symposium on Foundations of Computer Science.

[28]  D. R. Heath-Brown The Differences between Consecutive Primes , 1978 .

[29]  Shafi Goldmer An Eflcient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985 .