0
$\begingroup$

Given generator $g$ of multiplicative cyclic group modulo $p$ a prime and two elements $h_1$ and $h_2$ such that there are $x_1$ and $x_2$ respectively satisfying $g^{x_i}=h_i\bmod p$ at every $i\in\{1,2\}$, the Discrete Logarithm problem is to find $x_1$ and $x_2$ while the Diffie Hellman problem is to find $g^{x_1x_2}\bmod p$. Both these problems do not have polynomial in $\log p$ time algorithm.

Is it possible to find LSB (Least Significant Bit) and MSB (Most Significant Bit) of $g^{x_1x_2}\bmod p$ in polynomial in $\log p$ time?

Improve this question
$\endgroup$
4
  • 3
    $\begingroup$ What is LSB and MSB? $\endgroup$ Commented Mar 18, 2024 at 11:22
  • $\begingroup$ @ChrisWuthrich a quick google search reveals the definition of the acronyms: most significant and least significant bits, respectively. $\endgroup$ Commented Mar 18, 2024 at 19:13
  • 1
    $\begingroup$ I think a good rule about posts is that I shouldn't have to google acronyms. If I understand it correctly one question is if the representative of $g^{x_1x_2}$ in $\mathbb{Z}$ between $0$ and $p-1$ is even or odd. (Probably the one between $-p/2$ and $p/2$ would be just as interesting) The other question is not clear to me, the first binary digit of any integer is $1$. $\endgroup$ Commented Mar 18, 2024 at 21:09
  • $\begingroup$ @ChrisWuthrich as you say .. it has at most $1+\log p $ bits of information and we seek if the least or the highest bit are one or zero. The interest in MSBs comes from section 6.2 in eprint.iacr.org/2020/1506.pdf. $\endgroup$ Commented Mar 19, 2024 at 1:43

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.