Abstract
We prove, under the strong RSA assumption, that the group of invertible integers modulo the product of two safe primes is pseudo-free. More specifically, no polynomial-time algorithm can output (with non negligible probability) an unsatisfiable system of equations over the free Abelian group generated by the symbols g 1,…,g n , together with a solution modulo the product of two randomly chosen safe primes when g 1,…,g n are instantiated to randomly chosen quadratic residues. Ours is the first provably secure construction of pseudo-free Abelian groups under a standard cryptographic assumption and resolves a conjecture of Rivest (Theory of Cryptography Conference—Proceedings of TCC 2004, LNCS, vol. 2951, pp. 505–521, 2004).
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
M. Abadi, P. Rogaway, Reconciling two views of cryptography (The computational soundness of formal encryption). J. Cryptol. 15(2), 103–127 (2002)
E. Bach, Discrete logarithms and factoring. Technical Report CSD-84-186, University of California at Berkeley (1984)
M. Backes, B. Pfitzmann, M. Waidner, A composable cryptographic library with nested operations (extended abstract). In: Computer and Communications Security—Proceedings of CCS’03, pp. 220–230 (2003)
N. Baric’, B. Pfitzmann, Collision-free accumulators and fail-stop signature schemes without trees. In: Advances in Cryptology—Proceedings of EUROCRYPT’97. LNCS, vol. 1233, pp. 480–494 (1997)
E. Biham, D. Boneh, O. Reingold, Breaking generalized Diffie–Hellman modulo a composite is no easier than factoring. Inf. Process. Lett. 70(2), 83–87 (1999)
R. Cramer, V. Shoup, Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur. 3(3), 161–185 (2000). Preliminary version in CCS’99
D. Dolev, A. Yao, On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
E. Fujisaki, T. Okamoto, Statistical zero knowledge protocols to prove modular polynomial relations. In: Proceedings of CRYPTO ’97. LNCS, vol. 1294, pp. 16–30 (1997)
R. Gennaro, T. Rabin, H. Krawczyk, RSA-based undeniable signatures. J. Cryptol. 13(4), 397–416 (2000). Preliminary version in CRYPTO’97
P. Gupta, V. Shmatikiv, Towards computationally sound symbolic analysis of key exchange protocols (extended abstract). In: Formal Methods in Security Engineering—Proceedings of FMSE’05, ed. by V. Atluri, P. Samarati, R. Küsters, J.C. Mitchell. Fairfax, VA, USA, pp. 23–32 (2005)
S. Hohenberger, The cryptographic impact of groups with infeasible inversion. Master’s thesis, Massachusetts Institute of Technology, EECS Dept., Cambridge, MA (2003)
R. Impagliazzo, M.B. Kapron, Logics for reasoning about cryptographic constructions. J. Comput. Syst. Sci. 72(2), 286–320 (2006). Preliminary version in FOCS’03
O. Kharlampovich, A. Myasnikov, Implicit function theorem over free groups. J. Algebra 290(1), 1–203 (2005)
A.I. Mal’cev, On some correspondence between rings and groups. Mat. Sb. 50, 257–266 (1960)
K.S. McCurley, A key distribution system equivalent to factoring. J. Cryptol. 1(2), 95–105 (1988)
D. Micciancio, S. Goldwasser, Complexity of Lattice Problems: a Cryptographic Perspective, The Kluwer International Series in Engineering and Computer Science, vol. 671. (Kluwer Academic, Boston, 2002)
D. Micciancio, S. Panjwani, Adaptive security of symbolic encryption. In: Theory of Cryptography Conference—Proceedings of TCC. LNCS, vol. 3378, pp. 169–187 (2005)
D. Micciancio, B. Warinschi, Completeness theorems for the Abadi–Rogaway logic of encrypted expressions. J. Comput. Secur. 12(1), 99–129 (2004). Preliminary version in WITS’02
D. Micciancio, B. Warinschi, Soundness of formal encryption in the presence of active adversaries. In: Theory of Cryptography Conference—Proceedings of TCC’04. LNCS, vol. 2951, pp. 133–151 (2004)
J.C. Mitchell, A. Ramanathan, A. Scedrov, V. Teague, A probabilistic polynomial-time calculus for the analysis of cryptographic protocols. Theor. Comput. Sci. 353(1–3), 118–164 (2006). Preliminary version in MFPS’01
G. Neven, A simple transitive signature scheme for directed trees. Theor. Comput. Sci. 396(1–3), 277–282 (2008)
R.L. Rivest, On the notion of pseudo-free groups. In: Theory of Cryptography Conference—Proceedings of TCC’04. LNCS, vol. 2951, pp. 505–521 (2004)
R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Dan Boneh
A preliminary version of this work appeared in Advances in Cryptology, Proceedings of EUROCRYPT 2005, LNCS, vol. 3494, pp. 387–493, Springer.
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Micciancio, D. The RSA Group is Pseudo-Free. J Cryptol 23, 169–186 (2010). https://doi.org/10.1007/s00145-009-9042-5
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-009-9042-5