论文部分内容阅读
In this paper, we lower the upper bound of the number of solutions of oracle transformation polynomial F(x) over GF(q). So one can also recover all the secrete keys with fewer calls. We use our generalized “even-and-odd test” method to recover the least significant p-adic ‘bits’ of representations of the Lucas Cryptosystem secret keys x. Finally, we analyze the Efficient Compact Subgroup Trace Representation (XTR) Diffie-Hellmen secrete keys and point out that if the order of XTR-subgroup has a special form then all the bits of the secrete key of XTR can be recovered form any bit of the exponent x.
In this paper, we lower the upper bound of the number of solutions of oracle transformation polynomial F (x) over GF (q). So one can also recover all thecrete keys with fewer calls. We use our generalized “even-and- odd test ”method to recover the least significant p-adic ’bits’ of representations of the Lucas Cryptosystem secret keys x. Finally, we analyze the Efficient Compact Subgroup Trace Representation (XTR) Diffie-Hellmen secrete keys and point out that if the order of XTR-subgroup has a special form then all the bits of the secrete key of XTR can be recovered form any bit of the exponent x.