The RSA Group is Pseudo-Free

  • Daniele Micciancio
Conference paper

DOI: 10.1007/11426639_23

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)
Cite this paper as:
Micciancio D. (2005) The RSA Group is Pseudo-Free. In: Cramer R. (eds) Advances in Cryptology – EUROCRYPT 2005. EUROCRYPT 2005. Lecture Notes in Computer Science, vol 3494. Springer, Berlin, Heidelberg


We prove, under the strong RSA assumption, that the group of invertible integers modulo the product of two safe primes is pseudo-free. More specifically, no polynomial time algorithm can output (with non negligible probability) an unsatisfiable system of equations over the free abelian group generated by the symbols g1,...,gn, together with a solution modulo the product of two randomly chosen safe primes when g1,...,gn are instantiated to randomly chosen quadratic residues. Ours is the first provably secure construction of pseudo-free abelian groups under a standard cryptographic assumption, and resolves a conjecture of Rivest (TCC 2004).

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Daniele Micciancio
    • 1
  1. 1.Department of Computer Science and EngineeringUniversity of California at San DiegoLa JollaUSA

Personalised recommendations