On the Analysis of Cryptographic Assumptions in the Generic Ring Model
At Eurocrypt 2009 Aggarwal and Maurer proved that breaking RSA is equivalent to factoring in the generic ring model. This model captures algorithms that may exploit the full algebraic structure of the ring of integers modulo n, but no properties of the given representation of ring elements. This interesting result raises the question how to interpret proofs in the generic ring model. For instance, one may be tempted to deduce that a proof in the generic model gives some evidence that solving the considered problem is also hard in a general model of computation. But is this reasonable?
We prove that computing the Jacobi symbol is equivalent to factoring in the generic ring model. Since there are simple and efficient non-generic algorithms computing the Jacobi symbol, we show that the generic model cannot give any evidence towards the hardness of a computational problem. Despite this negative result, we also argue why proofs in the generic ring model are still interesting, and show that solving the quadratic residuosity and subgroup decision problems is generically equivalent to factoring.
- 5.Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)Google Scholar
- 6.Boneh, D., Lipton, R.J.: Algorithms for black-box fields and their application to cryptography. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 283–297. Springer, Heidelberg (1996)Google Scholar
- 8.Brown, D.R.L.: Breaking RSA may be as difficult as factoring. Cryptology ePrint Archive, Report 2005/380 (2005), http://eprint.iacr.org/
- 13.Jager, T., Schwenk, J.: On the analysis of cryptographic assumptions in the generic ring model, full version. Cryptology ePrint Archive (2009), http://eprint.iacr.org/
- 14.Koblitz, N., Menezes, A.J.: Another look at generic groups, pp. 13–28 (2006)Google Scholar
- 21.Rupp, A., Leander, G., Bangerter, E., Dent, A.W., Sadeghi, A.-R.: Sufficient conditions for intractability over black-box groups: Generic lower bounds for generalized DL and DH problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 489–505. Springer, Heidelberg (2008)CrossRefGoogle Scholar
- 22.Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar