The Polynomial Composition Problem in (ℤ/nℤ)[X]

  • Marc Joye
  • David Naccache
  • Stéphanie Porte
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6035)


Let n be an RSA modulus and let \(\mathcal {P},\mathcal{Q} \in (\mathbb{Z}/n\mathbb{Z})[X]\). This paper explores the following problem: Given polynomials \(\mathcal{Q}\) and \(\mathcal{Q}(\mathcal{P})\), find polynomial \(\mathcal{P}\). We shed light on the connections between the above problem and the RSA problem and derive from it new zero-knowledge protocols suited to smart-card applications.


Polynomial composition zero-knowledge protocols Fiat-Shamir protocol Guillou-Quisquater protocol smart cards 


Authors and Affiliations

  • Marc Joye
    • 1
  • David Naccache
    • 2
  • Stéphanie Porte
    • 3
  1. 1.Thomson R&D, Security Competence CenterCesson-Sévigné CedexFrance
  2. 2.Ecole normale supérieureDépartement d’informatiqueParis Cedex 05France
  3. 3.Smart ConsultingLa CiotatFrance

