## On the Unpredictability of Bits of the Elliptic Curve Diffie-Hellman Scheme

Citations: | 13 - 4 self |

### BibTeX

@MISC{Boneh_onthe,

author = {Dan Boneh and Igor E. Shparlinski},

title = {On the Unpredictability of Bits of the Elliptic Curve Diffie-Hellman Scheme},

year = {}

}

### Years of Citing Articles

### OpenURL

### Abstract

Let E=F p be an elliptic curve, and G 2 E=F p . Dene the Die{Hellman function on E=F p as DH E;G (aG; bG) = abG. We show that if there is an ecient algorithm for predicting the LSB of the x or y coordinate of abG given hE ; G; aG; bGi for a certain family of elliptic curves, then there is an algorithm for computing the Die{Hellman function on all curves in this family. This seems stronger than the best analogous results for the Die{Hellman function in F p . Boneh and Venkatesan showed that in F p computing approximately (log p) 1=2 of the bits of the Die{Hellman secret is as hard as computing the entire secret. Our results show that just predicting one bit of the Elliptic Curve Die{Hellman secret in a family of curves is as hard as computing the entire secret. 1