Analysis of Iterated Modular Exponentiation: The Orbits of xα mod N
Purchase on Springer.com
$39.95 / €34.95 / £29.95*
Rent the article at a discountRent now
* Final gross prices may vary according to local VAT.
Let N and α be integers larger than 1. Define an orbit to be the collection of residues in $Z_N^* $ generated byiteratively applying $x \to x^\alpha $ mod N to an element $x \in Z_N^* $ which eventually maps back to itself.An orbit's length is the number of distinct residues in the orbit. When N isa large bicomposite integer, such as is commonly used in many cryptographicapplications, and when certain prime factorizations related to N are known,all orbit lengths and the number of orbits of each possible length can beefficiently computed using the results presented. If the required integerfactorizations are only partially known, the risk that a randomly selectedperiodic element might produce an orbit shorter than some (typically large)divisor of $\phi (\phi (N))$ can be bounded. The information needed to producesuch a bound is fully available when the prime factors of N are generatedusing the prime generation algorithm defined in Maurer maur. Resultspresented can assist in choosing wisely a modulus N for the Blum, Blum, andShub pseudo-random bit generator. If N is a bicomposite RSA modulus, theanalysis shows how to quantify the risk posed by an iterated encryptionattack.
- Werner Alexi, Benny Chor, Oded Goldreich, and Claus P. Schnorr, RSA and Rabin functions: certain parts are as hard as the whole, Siam Journal of Computing, Vol. 17, No.2 (1988) pp. 194-209. CrossRef
- Derek Atkins, Michael Graff, Arjen K. Lenstra, and Paul C. Leyland, The magic words are squeamish ossifrage, Advances in Cryptology - Asiacrypt'94, pp. 263-277 (1994).
- L. Blum, M. Blum, and M. Shub, A simple unpredictable pseudo-random number generator, Siam Journal of Computing, Vol. 15, No.2 (1986) pp. 364-381.
- David M. Burton, Elementary Number Theory, Wm. C. Brown Publishers, Dubuque, Iowa (1994).
- Benny Chor, Oded Goldreich, and Shafi Goldwasser, The bit security of modular squaring given partial factorization of the modulus, Advances in Cryptology: Proceedings of Crypto 85 (1986) pp. 448-457.
- Donald E. Knuth. The Art of Computer Programming: Seminumerical Algorithms, volume 2, Addison-Wesley, Reading, MA (1981).
- Ueli M. Maurer, Fast generation of prime numbers and secure public-key cryptographic parameters, Journal of Cryptology, Vol. 8 (1995) pp. 123-155. CrossRef
- H. C. Pocklington, The determination of the prime or composite nature of large numbers by Fermat's Theorem, Proceedings of the Cambridge Philosophical Society 18 (1914-1916) pp. 29-30.
- Umesh V. Vazirani and Vijay V. Vazirani, Efficient and secure pseudo-random number generation, Proc. 25th IEEE Symposium on Foundations of Computer Science (1984) pp. 458-463.
- Analysis of Iterated Modular Exponentiation: The Orbits of xα mod N
Designs, Codes and Cryptography
Volume 13, Issue 3 , pp 229-245
- Cover Date
- Print ISSN
- Online ISSN
- Kluwer Academic Publishers
- Additional Links
- Blum and Shub pseudo-random generator
- iterated encryption
- Industry Sectors