Analysis of Iterated Modular Exponentiation: The Orbits of xα mod N
 J. J. Brennan,
 Bruce Geist
 … show all 2 hide
Purchase on Springer.com
$39.95 / €34.95 / £29.95*
Rent the article at a discount
Rent now* Final gross prices may vary according to local VAT.
Abstract
Let N and α be integers larger than 1. Define an orbit to be the collection of residues in $Z_N^* $ generated byiteratively applying $x \to x^\alpha $ mod N to an element $x \in Z_N^* $ which eventually maps back to itself.An orbit's length is the number of distinct residues in the orbit. When N isa large bicomposite integer, such as is commonly used in many cryptographicapplications, and when certain prime factorizations related to N are known,all orbit lengths and the number of orbits of each possible length can beefficiently computed using the results presented. If the required integerfactorizations are only partially known, the risk that a randomly selectedperiodic element might produce an orbit shorter than some (typically large)divisor of $\phi (\phi (N))$ can be bounded. The information needed to producesuch a bound is fully available when the prime factors of N are generatedusing the prime generation algorithm defined in Maurer maur. Resultspresented can assist in choosing wisely a modulus N for the Blum, Blum, andShub pseudorandom bit generator. If N is a bicomposite RSA modulus, theanalysis shows how to quantify the risk posed by an iterated encryptionattack.
 Werner Alexi, Benny Chor, Oded Goldreich, and Claus P. Schnorr, RSA and Rabin functions: certain parts are as hard as the whole, Siam Journal of Computing, Vol. 17, No.2 (1988) pp. 194209. CrossRef
 Derek Atkins, Michael Graff, Arjen K. Lenstra, and Paul C. Leyland, The magic words are squeamish ossifrage, Advances in Cryptology  Asiacrypt'94, pp. 263277 (1994).
 L. Blum, M. Blum, and M. Shub, A simple unpredictable pseudorandom number generator, Siam Journal of Computing, Vol. 15, No.2 (1986) pp. 364381.
 David M. Burton, Elementary Number Theory, Wm. C. Brown Publishers, Dubuque, Iowa (1994).
 Benny Chor, Oded Goldreich, and Shafi Goldwasser, The bit security of modular squaring given partial factorization of the modulus, Advances in Cryptology: Proceedings of Crypto 85 (1986) pp. 448457.
 Donald E. Knuth. The Art of Computer Programming: Seminumerical Algorithms, volume 2, AddisonWesley, Reading, MA (1981).
 Ueli M. Maurer, Fast generation of prime numbers and secure publickey cryptographic parameters, Journal of Cryptology, Vol. 8 (1995) pp. 123155. CrossRef
 H. C. Pocklington, The determination of the prime or composite nature of large numbers by Fermat's Theorem, Proceedings of the Cambridge Philosophical Society 18 (19141916) pp. 2930.
 Umesh V. Vazirani and Vijay V. Vazirani, Efficient and secure pseudorandom number generation, Proc. 25th IEEE Symposium on Foundations of Computer Science (1984) pp. 458463.
 Title
 Analysis of Iterated Modular Exponentiation: The Orbits of xα mod N
 Journal

Designs, Codes and Cryptography
Volume 13, Issue 3 , pp 229245
 Cover Date
 19980301
 DOI
 10.1023/A:1008289605486
 Print ISSN
 09251022
 Online ISSN
 15737586
 Publisher
 Kluwer Academic Publishers
 Additional Links
 Topics
 Keywords

 Blum
 Blum and Shub pseudorandom generator
 RSA
 iterated encryption
 Industry Sectors
 Authors

 J. J. Brennan ^{(1)}
 Bruce Geist ^{(2)}
 Author Affiliations

 1. Electronic Data Systems, 750 Tower Drive, Troy, Michigan, 48098
 2. Unisys Corporation, 41100 Plymouth Road, Plymouth, Michigan, 481701892