TY - JOUR
T1 - On certain exponential sums and the distribution of Diffie-Hellman triples
AU - Canetti, Ran
AU - Friedlander, John
AU - Shparlinski, Igor
PY - 1999/6
Y1 - 1999/6
N2 - Let g be a primitive root modulo a prime p. It is proved that the triples (gx, gy, gxy), x, y = 1, ..., p-1, are uniformly distributed modulo p in the sense of H. Weyl. This result is based on the following upper bound for double exponential sums. Let ε > 0 be fixed. Then Σp-1x,y-1 exp (2πiagx+bgy+cgxy/p) = O(p31/16+ε) uniformly for any integers a, b, c with gcd(a, b, c, p) = 1. Incomplete sums are estimated as well. The question is motivated by the assumption, often made in cryptography, that the triples (gx, gy, gxy) cannot be distinguished from totally random triples in feasible computation time. The results imply that this is in any case true for a constant fraction of the most significant bits, and for a constant fraction of the least significant bits.
AB - Let g be a primitive root modulo a prime p. It is proved that the triples (gx, gy, gxy), x, y = 1, ..., p-1, are uniformly distributed modulo p in the sense of H. Weyl. This result is based on the following upper bound for double exponential sums. Let ε > 0 be fixed. Then Σp-1x,y-1 exp (2πiagx+bgy+cgxy/p) = O(p31/16+ε) uniformly for any integers a, b, c with gcd(a, b, c, p) = 1. Incomplete sums are estimated as well. The question is motivated by the assumption, often made in cryptography, that the triples (gx, gy, gxy) cannot be distinguished from totally random triples in feasible computation time. The results imply that this is in any case true for a constant fraction of the most significant bits, and for a constant fraction of the least significant bits.
UR - http://www.scopus.com/inward/record.url?scp=0000924324&partnerID=8YFLogxK
U2 - 10.1112/S002461079900736X
DO - 10.1112/S002461079900736X
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:0000924324
SN - 0024-6107
VL - 59
SP - 799
EP - 812
JO - Journal of the London Mathematical Society
JF - Journal of the London Mathematical Society
IS - 3
ER -