Advertisement

Journal of Cryptology

, Volume 26, Issue 2, pp 225–245 | Cite as

On the Analysis of Cryptographic Assumptions in the Generic Ring Model

  • Tibor Jager
  • Jörg Schwenk
Article

Abstract

The generic ring model considers algorithms that operate on elements of an algebraic ring by performing only the ring operations and without exploiting properties of a given representation of ring elements. It is used to analyze the hardness of computational problems defined over rings. For instance, it is known that breaking RSA is equivalent to factoring in the generic ring model (Aggarwal and Maurer, Eurocrypt 2009). Do hardness results in the generic ring model support the conjecture that solving the considered problem is also hard in the standard model, where elements of ℤ n are represented by integers modulo n?

We prove in the generic ring model that computing the Jacobi symbol of an integer modulo n is equivalent to factoring. Since there are simple and efficient non-generic algorithms which compute the Jacobi symbol, this provides an example of a natural computational problem which is hard in the generic ring model, but easy to solve if elements of ℤ n are given in their standard representation as integers. Thus, a proof in the generic ring model is unfortunately not a very strong indicator for the hardness of a computational problem in the standard model.

Despite this negative result, generic hardness results still provide a lower complexity bound for a large class of algorithms, namely all algorithms solving a computational problem independent of a given representation of ring elements. From this point of view, results in the generic ring model are still interesting. Motivated by this fact, we also show that solving the quadratic residuosity problem generically is equivalent to factoring.

Key words

Generic ring model Jacobi symbol Subset membership problems Idealized models of computation Quadratic residuosity assumption 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    D. Aggarwal, U. Maurer, Breaking RSA generically is equivalent to factoring, in Advances in Cryptology—EUROCRYPT 2009, Cologne, Germany, April 26–30, ed. by A. Joux. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 36–53 CrossRefGoogle Scholar
  2. [2]
    D. Aggarwal, U. Maurer, I. Shparlinski, The equivalence of strong RSA and factoring in the generic ring model of computation, in Workshop on Coding and Cryptography—WCC, ed. by D. Augot, A. Canteaut (INRIA, Rocquencourt, 2011) Google Scholar
  3. [3]
    K. Altmann, T. Jager, A. Rupp, On black-box ring extraction and integer factorization, in ICALP 2008: 35th International Colloquium on Automata, Languages and Programming, Part II, Reykjavik, Iceland, July 7–11, ed. by L. Aceto, I. Damgård, L.A. Goldberg, M.M. Halldórsson, A. Ingólfsdóttir, I. Walukiewicz. Lecture Notes in Computer Science, vol. 5126 (Springer, Berlin, 2008), pp. 437–448 Google Scholar
  4. [4]
    J. Black, The ideal-cipher model, revisited: An uninstantiable blockcipher-based hash function, in Fast Software Encryption—FSE 2006, Graz, Austria, March 15–17, ed. by M.J.B. Robshaw. Lecture Notes in Computer Science, vol. 4047 (Springer, Berlin, 2006), pp. 328–340 CrossRefGoogle Scholar
  5. [5]
    D. Boneh, X. Boyen, Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008) MathSciNetzbMATHCrossRefGoogle Scholar
  6. [6]
    D. Boneh, R.J. Lipton, Algorithms for black-box fields and their application to cryptography (extended abstract), in Advances in Cryptology—CRYPTO’96, Santa Barbara, CA, USA, August 18–22, ed. by N. Koblitz. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 283–297 Google Scholar
  7. [7]
    D. Boneh, R. Venkatesan, Breaking RSA may not be equivalent to factoring, in Advances in Cryptology—EUROCRYPT’98, Espoo, Finland, May 31–June 4, ed. by K. Nyberg. Lecture Notes in Computer Science, vol. 1403 (Springer, Berlin, 1998), pp. 59–71 Google Scholar
  8. [8]
    D.R.L. Brown, Breaking RSA may be as difficult as factoring. Cryptology ePrint Archive, Report 2005/380, 2005. http://eprint.iacr.org/
  9. [9]
    R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004) MathSciNetzbMATHCrossRefGoogle Scholar
  10. [10]
    I. Damgård, M. Koprowski, Generic lower bounds for root extraction and signature schemes in general groups, in Advances in Cryptology—EUROCRYPT 2002, Amsterdam, The Netherlands, April 28–May 2, ed. by L.R. Knudsen. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 256–271 CrossRefGoogle Scholar
  11. [11]
    A.W. Dent, Adapting the weaknesses of the random oracle model to the generic group model, in Advances in Cryptology–ASIACRYPT 2002, Queenstown, New Zealand, December 1–5, ed. by Y. Zheng. Lecture Notes in Computer Science, vol. 2501 (Springer, Berlin, 2002), pp. 100–109 CrossRefGoogle Scholar
  12. [12]
    W. Diffie, M. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory 22, 644–654 (1976) MathSciNetzbMATHCrossRefGoogle Scholar
  13. [13]
    M. Fischlin, A note on security proofs in the generic model, in Advances in Cryptology—ASIACRYPT 2000, Kyoto, Japan, December 3–7, ed. by T. Okamoto. Lecture Notes in Computer Science, vol. 1976 (Springer, Berlin, 2000), pp. 458–469 CrossRefGoogle Scholar
  14. [14]
    S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984) MathSciNetzbMATHCrossRefGoogle Scholar
  15. [15]
    T. Jager, Generic group algorithms. Master’s thesis, Ruhr-University Bochum, 2007 Google Scholar
  16. [16]
    T. Jager, J. Schwenk, On the analysis of cryptographic assumptions in the generic ring model, in Advances in Cryptology—ASIACRYPT 2009, Tokyo, Japan, December 6–10, ed. by M. Matsui. Lecture Notes in Computer Science, vol. 5912 (Springer, Berlin, 2009), pp. 399–416 CrossRefGoogle Scholar
  17. [17]
    G. Leander, A. Rupp, On the equivalence of RSA and factoring regarding generic ring algorithms, in Advances in Cryptology—ASIACRYPT 2006, Shanghai, China, December 3–7, ed. by X. Lai, K. Chen. Lecture Notes in Computer Science, vol. 4284 (Springer, Berlin, 2006), pp. 241–251 CrossRefGoogle Scholar
  18. [18]
    U.M. Maurer, Abstract models of computation in cryptography, in IMA Int. Conf, ed. by N.P. Smart. Lecture Notes in Computer Science, vol. 3796 (Springer, Berlin, 2005), pp. 1–12 Google Scholar
  19. [19]
    U.M. Maurer, D. Raub, Black-box extension fields and the inexistence of field-homomorphic one-way permutations, in Advances in Cryptology—ASIACRYPT 2007, Kuching, Malaysia, December 2–6, ed. by K. Kurosawa. Lecture Notes in Computer Science, vol. 4833 (Springer, Berlin, 2007), pp. 427–443 CrossRefGoogle Scholar
  20. [20]
    U.M. Maurer, S. Wolf, Lower bounds on generic algorithms in groups, in Advances in Cryptology—EUROCRYPT’98, Espoo, Finland, May 31–June 4, ed. by K. Nyberg. Lecture Notes in Computer Science, vol. 1403 (Springer, Berlin, 1998), pp. 72–84 Google Scholar
  21. [21]
    V.I. Nechaev, Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55(2), 165–172 (1994) MathSciNetCrossRefGoogle Scholar
  22. [22]
    R.L. Rivest, A. Shamir, L.M. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978) MathSciNetzbMATHCrossRefGoogle Scholar
  23. [23]
    A. Rupp, G. Leander, E. Bangerter, A.W. Dent, A.-R. Sadeghi, Sufficient conditions for intractability over black-box groups: Generic lower bounds for generalized DL and DH problems, in Advances in Cryptology—ASIACRYPT 2008, Melbourne, Australia, December 7–11, ed. by J. Pieprzyk. Lecture Notes in Computer Science, vol. 5350 (Springer, Berlin, 2008), pp. 489–505 CrossRefGoogle Scholar
  24. [24]
    J.T. Schwartz, Fast probabilistic algorithms for verification of polynomial identities. J. ACM 27(4), 701–717 (1980) zbMATHCrossRefGoogle Scholar
  25. [25]
    V. Shoup, Lower bounds for discrete logarithms and related problems, in Advances in Cryptology—EUROCRYPT’97, Konstanz, Germany, May 11–15, ed. by W. Fumy. Lecture Notes in Computer Science, vol. 1233 (Springer, Berlin, 1997), pp. 256–266 Google Scholar
  26. [26]
    V. Shoup, Sequences of games: A tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332, 2004. http://eprint.iacr.org/
  27. [27]
    V. Shoup, A Computational Introduction to Number Theory and Algebra, 2nd edn. (Cambridge University Press, Cambridge, 2008) Google Scholar
  28. [28]
    R. Zippel, Probabilistic algorithms for sparse polynomials, in Symbolic and Algebraic Computation (1979), pp. 216–226 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  1. 1.Institut für Kryptographie und SicherheitKarlsruhe Institute of TechnologyKarlsruheGermany
  2. 2.Horst Görtz Institute for IT SecurityRuhr-University BochumBochumGermany

Personalised recommendations