Abstract
Rivest (TCC 2004) explored the notion of a pseudo-free group from cryptographic perspective. He made the conjecture that the RSA group \(\mathbb{Z}_{N}^{*}\) is a plausible pseudo-free group. Daniele Micciancio proved that (to appear in Journal of Cryptology), under strong RSA assumption, \(\mathbb{Z}_{N}^{*}\) is pseudo-free. The proof uses the fact that N is the product of two safe primes, and elements are sampled uniformly at random from the subgroup QR N of quadratic residues. He asked whether the proof can be carried over if elements are sampled uniformly at random from the whole of \(\mathbb{Z}_{N}^{*}\). In this article, we show that one can sample uniformly at random from the subgroup \(QR_{N}^{+}\) of signed quadratic residues to prove that \(\mathbb{Z}_{N}^{*}\) is pseudo-free. Consequently, we believe one can show \(\mathbb{Z}_{N}^{*}\) pseudo-free where elements are sampled from \(QR_{N} \cup QR_{N}^{+}\), thus enlarging the set from which elements are sampled.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2), 103–127 (2002)
Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations. In: ACM Conference on Computer and Communications Security, pp. 220–230 (2003)
Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)
Burgess, D.A.: The distribution of quadratic residues and non-residues. Mathematika 4, 106–112 (1957)
Burgess, D.A.: On character sums and primitive roots. Proc. London Math. Soc. 12(3), 179–192 (1962)
Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)
Cramer, R., Shoup, V.: Signature schemes based on the strong rsa assumption. In: ACM Conference on Computer and Communications Security, pp. 46–51 (1999)
Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)
Fischlin, R., Schnorr, C.-P.: Stronger security proofs for rsa and rabin bits. J. Cryptology 13(2), 221–244 (2000)
Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)
Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009)
Hohenberger, S.: The cryptographic impact of groups with infeasible inversion. In: Master’s thesis, EECS Dept., MIT (June 2003)
Impagliazzo, R., Kapron, B.M.: Logics for reasoning about cryptographic constructions. In: FOCS, pp. 372–383 (2003)
Micciancio, D.: The rsa group is pseudo-free. Journal of Cryptology. A preliminary version appeared in Eurocrypt (2005) (to appear) , http://cseweb.ucsd.edu/~daniele/
Micciancio, D., Panjwani, S.: Adaptive security of symbolic encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 169–187. Springer, Heidelberg (2005)
Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 133–151. Springer, Heidelberg (2004)
Mitchell, J.C., Ramanathan, A., Scedrov, A., Teague, V.: A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols. Theor. Comput. Sci. 353(1-3), 118–164 (2006)
Neven, G.: A simple transitive signature scheme for directed trees. Theor. Comput. Sci. 396(1-3), 277–282 (2008)
Okamoto, T., Pointcheval, D.: The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)
Pólya, G.: Über die verteilung der quadratischen reste und nichtreste. Göttinger Nachrichte, pp. 21–29 (1918)
Rabin. Digital signatures and public key functions as intractable as factorization. Technical Report MIT/LCS/TR-212 (January 1979)
Rivest, R.L.: On the notion of pseudo-free groups. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 505–521. Springer, Heidelberg (2004)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Vinogradov, I.M.: Sur la distribution des résidus et des non-résidus des puissances. J. Phys.-Math. Soc. Perm. (1), 94–96 (1918)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jhanwar, M.P., Barua, R. (2009). Sampling from Signed Quadratic Residues: RSA Group Is Pseudofree. In: Roy, B., Sendrier, N. (eds) Progress in Cryptology - INDOCRYPT 2009. INDOCRYPT 2009. Lecture Notes in Computer Science, vol 5922. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10628-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-10628-6_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10627-9
Online ISBN: 978-3-642-10628-6
eBook Packages: Computer ScienceComputer Science (R0)