## Cryptographic Applications of Analytic Number Theory: Complexity Lower Bounds and PseudorandomnessThe book introduces new techniques that imply rigorous lower bounds on the com plexity of some number-theoretic and cryptographic problems. It also establishes certain attractive pseudorandom properties of various cryptographic primitives. These methods and techniques are based on bounds of character sums and num bers of solutions of some polynomial equations over finite fields and residue rings. Other number theoretic techniques such as sieve methods and lattice reduction algorithms are used as well. The book also contains a number of open problems and proposals for further research. The emphasis is on obtaining unconditional rigorously proved statements. The bright side of this approach is that the results do not depend on any assumptions or conjectures. On the downside, the results are much weaker than those which are widely believed to be true. We obtain several lower bounds, exponential in terms of logp, on the degrees and orders of o polynomials; o algebraic functions; o Boolean functions; o linear recurrence sequences; coinciding with values of the discrete logarithm modulo a prime p at sufficiently many points (the number of points can be as small as pI/2+O:). These functions are considered over the residue ring modulo p and over the residue ring modulo an arbitrary divisor d of p - 1. The case of d = 2 is of special interest since it corresponds to the representation of the rightmost bit of the discrete logarithm and defines whether the argument is a quadratic residue. |

### What people are saying - Write a review

We haven't found any reviews in the usual places.

### Contents

Basic Notation and Definitions | 17 |

Polynomials and Recurrence Sequences | 27 |

Exponential Sums | 37 |

Distribution and Discrepancy | 61 |

Arithmetic Functions | 67 |

Lattices and the Hidden Number Problem | 83 |

Complexity Theory | 103 |

Approximation and Complexity of the Discrete Logarithm | 107 |

Bit Security of the RSA Encryption and the Shamir Message Passing Scheme | 211 |

Bit Security of the XTR and LUC Secret Keys | 217 |

Bit Security of NTRU | 223 |

Distribution of the RSA and Exponential Pairs | 231 |

Exponentiation and Inversion with Precomputation | 239 |

Pseudorandom Number Generators | 247 |

RSA and BlumBlumShub Generators | 249 |

NaorReingold Function | 271 |

Approximation of the Discrete Logarithm Modulo p | 109 |

Approximation of the Discrete Logarithm Modulo p 1 | 123 |

Approximation of the Discrete Logarithm by Boolean Functions | 129 |

Approximation of the Discrete Logarithm by Real Polynomials | 143 |

Approximation and Complexity of the DiffieHellman Secret Key | 157 |

Polynomial Approximation and Arithmetic Complexity of the DiffieHellman Secret Key | 159 |

Boolean Complexity of the DiffieHellman Secret Key | 179 |

Bit Security of the DiffieHellman Secret Key | 189 |

Other Cryptographic Constructions | 195 |

Security Against the Cycling Attack on the RSA and Timedrelease Crypto | 197 |

The Insecurity of the Digital Signature Algorithm with Partially Known Nonces | 201 |

Distribution of the ElGamal Signature | 207 |

1M Generator | 279 |

Inversive Polynomial and Quadratic Exponential Generators | 283 |

Subset Sum Generators | 295 |

Other Applications | 301 |

SquareFreeness Testing and Other NumberTheoretic Problems | 303 |

Tradeoff Between the Boolean and Arithmetic Depths of Modulo p Functions | 309 |

Polynomial Approximation Permanents and Noisy Exponentiation in Finite Fields | 325 |

Special Polynomials and Boolean Functions | 333 |

Concluding Remarks and Open Questions | 341 |

Bibliography | 367 |

409 | |

### Common terms and phrases

assume binary bit representation bit security Boolean circuits Boolean function Carmichael function Cauchy inequality Chapter chosen uniformly coefficients compute congruence consider constant corresponding cryptographic cryptosystem define denote derive desired result Diffie-Hellman Diffie-Hellman key exchange Digital Signature Algorithm distribution divisor elements encryption equation estimate exponent exponential sums fan-in finite fields fixed holds I. E. Shparlinski implies indx inequality integer key exchange protocol lattice least Lemma linear complexity linear recurrence sequence log log logp logpj lower bound multiplicative order non-trivial non-zero Notes in Comp number of solutions oracle particular polynomial f(X polynomial time algorithm prime number primitive root problem proof of Theorem pseudorandom numbers purely periodic quadratic character quadratic residue quadratic residue modulo rational functions remark result follows rightmost bit satisfies secret key Springer-Verlag square-free sufficiently large uniformly and independently uniformly at random upper bound values vector zeros