Abstract
Jeffrey Hoffstein et al. (Discrete Appl. Math. 130:37–49, 2003) introduced the Low Hamming Weight products (LHWP) X=x_{1}x_{2}x_{3} as random exponent of elements in a group or a ring to improve the operational efficiency, where each x_{i} has Hamming Weight operatorname{Ham}(x_{i}) in its binary representation. The random power or multiple be used in many cryptographic constructions, such as Diffie–Hellman key exchange, elliptic curve ElGamal variants, and NTRU public-key cryptosystem. But their randomness is just a conjecture, which lacks of the security proof. The main purpose of this paper is using the analytic method and the properties of the character sums to prove the distribution of the Hamming weight products, which is related to their pseudorandomness and unpredictability. It is important to research the application of LHWP in cryptographic constructions. Our theory shows that the LHWP are exponentially close to the uniform distribution, namely, an attack on algorithm (Hoffstein et al. in Discrete Appl. Math. 130:37–49, 2003) needs polynomial time to reach exponentially close probabilities of success.
Highlights
BackgroundThe products X = x1x2x3 of integers in [1] acts as the exponent over G = F2n , where each xi is a low Hamming weight number in its binary representation
Silverman [1] proposed a new algorithm of fast exponentiation via Low Hamming Weight Products (LHWP), which is universally applied in cryptography
In this paper we use character sums to prove the pseudorandomness of LHWP, which play a central role in cryptology, algorithms, and many other areas
Summary
The products X = x1x2x3 of integers in [1] acts as the exponent over G = F2n , where each xi is a low Hamming weight number in its binary representation. It is a rapid method and has significant advantage of reducing the computation of powers in a group such as the Galois field F2n. Given n-bit strings A and B of low Hamming weight h are independent, it is difficult to distinguish between the product AB and a uniformly distributed random n-bit string.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have