Journal of Cryptology

, Volume 23, Issue 2, pp 169–186

The RSA Group is Pseudo-Free

Open Access

DOI: 10.1007/s00145-009-9042-5

Cite this article as:
Micciancio, D. J Cryptol (2010) 23: 169. doi:10.1007/s00145-009-9042-5


We prove, under the strong RSA assumption, that the group of invertible integers modulo the product of two safe primes is pseudo-free. More specifically, no polynomial-time algorithm can output (with non negligible probability) an unsatisfiable system of equations over the free Abelian group generated by the symbols g1,…,gn, together with a solution modulo the product of two randomly chosen safe primes when g1,…,gn are instantiated to randomly chosen quadratic residues. Ours is the first provably secure construction of pseudo-free Abelian groups under a standard cryptographic assumption and resolves a conjecture of Rivest (Theory of Cryptography Conference—Proceedings of TCC 2004, LNCS, vol. 2951, pp. 505–521, 2004).


Cryptographic assumptions Pseudo-free Abelian group Strong RSA problem Safe primes 
Download to read the full article text

Copyright information

© The Author(s) 2009

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringUniversity of California at San DiegoLa JollaUSA

Personalised recommendations