Cryptanalysis of the generalised Legendre pseudorandom function

Novak Kaluderovic (EPFL), Thorsten Kleinjung (EPFL), and Dusan Kostic (EPFL)

03-Jul-2020, 14:30-15:00 (5 years ago)

Abstract: Linear Legendre pseudorandom functions were introduced in 1988 by Damgård, and higher degree generalisations were introduced by Russell and Shparlinski in 2004. We present new key recovery methods that improve the state of the art for both cases. For degree $r\geq3$ we give an attack that runs (after precomputation) in time $O(p^{r-3})$ for the most relevant high degree case; it is based on an analysis of the actions of the group of Möbius transformations on degree $r$ polynomials. For $r< 3$ we give an $O(p^{r/2})$ attack with $O(p^{r/4})$ oracle queries. In the linear case we recovered the keys for the $64$, $74$ and $84$-bit prime Ethereum challenges, being the first to solve the $84$-bit case.

cryptography and securitynumber theory

Audience: researchers in the topic

( chat | paper | slides | video )

Comments: The slides used in the pre-recorded video can be found here.

Chairs: Marco Streng and David Kohel

Algorithmic Number Theory Symposium (ANTS XIV)

Series comments: Registration is now open. Registration is free but required to access the chat and livestream.

This is a hybrid synchronous/asynchronous conference with several ways to participate.

Click the "paper" link to view contributed papers and posters (open to all).
Click the "video" link to view pre-recorded talks of accepted papers (open to all).
These are 15-20 minutes aimed at a general algorithmic number theory audience.
Click the "slides" link to view slides used in the pre-recorded video when available (open to all).
Click the "chat" link to access the chat stream related to the talk or poster before, during, and after the live event (registration required).
Click the "livestream" button to join the live event when it is taking place (registration required and you must be logged in).
For accepted papers the audience will be expected to have watched the pre-recorded video and have the paper in front of them.

The invited talks will be recorded and made available via the "video" link after the talk is over. None of the other sessions will be recorded.

Organizer:	Steven Galbraith*
Curator:	Andrew Sutherland*
	*contact for this listing

Export talk to