Revisiting modular inversion hidden number problem and its applications
The Modular Inversion Hidden Number Problem (MIHNP), which was proposed at Asiacrypt 2001 by Boneh, Halevi, and Howgrave-Graham, is summarized as follows: Assume that the δ most significant bits of z are denoted by MSBδ(z). The goal is to retrieve the hidden number α ϵ ℤp given many samples (ti,MSBδ...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/170743 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-170743 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1707432023-10-02T02:01:02Z Revisiting modular inversion hidden number problem and its applications Xu, Jun Sarkar, Santanu Hu, Lei Wang, Huaxiong Pan, Yanbin School of Physical and Mathematical Sciences Science::Mathematics LLL Algorithm Coppersmith Technique The Modular Inversion Hidden Number Problem (MIHNP), which was proposed at Asiacrypt 2001 by Boneh, Halevi, and Howgrave-Graham, is summarized as follows: Assume that the δ most significant bits of z are denoted by MSBδ(z). The goal is to retrieve the hidden number α ϵ ℤp given many samples (ti,MSBδ((α + ti)-1 mod p)) for random ti ϵ ℤp. MIHNP is a significant subset of Hidden Number Problems. Eichenauer and Lehn introduced the Inversive Congruential Generator (ICG) in 1986. It is basically characterized as follows: For iterated relations vi+1 = (avi-1 + b) mod p with a secret seed v0 ϵ ℤp, each iteration produces MSBδ(vi+1) where i ≥ 0. The ICG family of pseudorandom number generators is a significant subclass of number-theoretic pseudorandom number generators. Sakai-Kasahara scheme is an identity-based encryption (IBE) system proposed by Sakai and Kasahara. It is one of the few commercially implemented identity-based encryption schemes. We explore the Coppersmith approach for solving a class of modular polynomial equations, which is derived from the recovery issue for the hidden number α in MIHNP and the secret seed v0 in ICG, respectively. Take a positive integer n = d3+o(1) for some positive integer constant d. We propose a heuristic technique for recovering the hidden number α or secret seed v0 with a probability close to 1 when δ/log2 p > 1/d+1 +o(1/d ). The attack's total time complexity is polynomial in the order of log2 p, with the complexity of the LLL algorithm increasing as dO(d) and the complexity of the Grobner basis computation increasing as dO(n). When d > 2, this asymptotic bound surpasses the asymptotic bound δ/log2 p > 1/3 established by Boneh, Halevi, and Howgrave-Graham at Asiacrypt 2001. This is the first time a more precise constraint for solving MIHNP is established, implying that the claim that MIHNP is difficult is violated whenever δ/log2 p < 1/3 . Then we study ICG. To our knowledge, we achieve the best performance for attacking ICG to date. Finally, we provide an MIHNP-based lattice approach that recovers the signer's secret key in the Sakai-Kasahara type signatures when the most (least) significant bits of the signing exponents are exposed. This improves the existing work in this direction. Ministry of Education (MOE) National Research Foundation (NRF) The work of Jun Xu was supported in part by the National Natural Science Foundation of China under Grant 62272454; and in part by the Innovation Program for Quantum Science and Technology, China, under Grant 2021ZD0302902. The work of Huaxiong Wang was supported in part by the Singapore Ministry of Education Academic Research Fund Tier 2 under Grant MOE2019-T2-2-083; and in part by the National Research Foundation, Singapore, under its Strategic Capability Research Centres Funding Initiative. The work of Yanbin Pan was supported by the National Natural Science Foundation of China under Grant 62032009 and Grant 12226006. 2023-10-02T02:01:02Z 2023-10-02T02:01:02Z 2023 Journal Article Xu, J., Sarkar, S., Hu, L., Wang, H. & Pan, Y. (2023). Revisiting modular inversion hidden number problem and its applications. IEEE Transactions On Information Theory, 69(8), 5337-5356. https://dx.doi.org/10.1109/TIT.2023.3263485 0018-9448 https://hdl.handle.net/10356/170743 10.1109/TIT.2023.3263485 2-s2.0-85153406713 8 69 5337 5356 en MOE2019-T2-2-083 IEEE Transactions on Information Theory © 2023 IEEE. All rights reserved. |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Science::Mathematics LLL Algorithm Coppersmith Technique |
| spellingShingle |
Science::Mathematics LLL Algorithm Coppersmith Technique Xu, Jun Sarkar, Santanu Hu, Lei Wang, Huaxiong Pan, Yanbin Revisiting modular inversion hidden number problem and its applications |
| description |
The Modular Inversion Hidden Number Problem (MIHNP), which was proposed at Asiacrypt 2001 by Boneh, Halevi, and Howgrave-Graham, is summarized as follows: Assume that the δ most significant bits of z are denoted by MSBδ(z). The goal is to retrieve the hidden number α ϵ ℤp given many samples (ti,MSBδ((α + ti)-1 mod p)) for random ti ϵ ℤp. MIHNP is a significant subset of Hidden Number Problems. Eichenauer and Lehn introduced the Inversive Congruential Generator (ICG) in 1986. It is basically characterized as follows: For iterated relations vi+1 = (avi-1 + b) mod p with a secret seed v0 ϵ ℤp, each iteration produces MSBδ(vi+1) where i ≥ 0. The ICG family of pseudorandom number generators is a significant subclass of number-theoretic pseudorandom number generators. Sakai-Kasahara scheme is an identity-based encryption (IBE) system proposed by Sakai and Kasahara. It is one of the few commercially implemented identity-based encryption schemes. We explore the Coppersmith approach for solving a class of modular polynomial equations, which is derived from the recovery issue for the hidden number α in MIHNP and the secret seed v0 in ICG, respectively. Take a positive integer n = d3+o(1) for some positive integer constant d. We propose a heuristic technique for recovering the hidden number α or secret seed v0 with a probability close to 1 when δ/log2 p > 1/d+1 +o(1/d ). The attack's total time complexity is polynomial in the order of log2 p, with the complexity of the LLL algorithm increasing as dO(d) and the complexity of the Grobner basis computation increasing as dO(n). When d > 2, this asymptotic bound surpasses the asymptotic bound δ/log2 p > 1/3 established by Boneh, Halevi, and Howgrave-Graham at Asiacrypt 2001. This is the first time a more precise constraint for solving MIHNP is established, implying that the claim that MIHNP is difficult is violated whenever δ/log2 p < 1/3 . Then we study ICG. To our knowledge, we achieve the best performance for attacking ICG to date. Finally, we provide an MIHNP-based lattice approach that recovers the signer's secret key in the Sakai-Kasahara type signatures when the most (least) significant bits of the signing exponents are exposed. This improves the existing work in this direction. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Xu, Jun Sarkar, Santanu Hu, Lei Wang, Huaxiong Pan, Yanbin |
| format |
Article |
| author |
Xu, Jun Sarkar, Santanu Hu, Lei Wang, Huaxiong Pan, Yanbin |
| author_sort |
Xu, Jun |
| title |
Revisiting modular inversion hidden number problem and its applications |
| title_short |
Revisiting modular inversion hidden number problem and its applications |
| title_full |
Revisiting modular inversion hidden number problem and its applications |
| title_fullStr |
Revisiting modular inversion hidden number problem and its applications |
| title_full_unstemmed |
Revisiting modular inversion hidden number problem and its applications |
| title_sort |
revisiting modular inversion hidden number problem and its applications |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/170743 |
| _version_ |
1779156633469845504 |