This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: U.C. Berkeley CS276: Cryptography Lecture 2 1/24/2002 Professors Luca Trevisan and David Wagner Scribe: Jim Chou Lecture 2 1/24/2002 1 Another trapdoor function: Rabins function Rabins function is defined as: Given a generator, G ( n ), pick two primes p, q each of magnitude 2 n/ 2 . Let, N = pq be the public key. Trapdoor information: p , q . F ( x, N ) = x 2 mod N (not injective); x Z N , x is a quadratic residue. We would like to (1) Find an inversion algorithm given p , q and (2) show the hardness of inversion given only N . We will consider the aforementioned two points in the following subsections. 1.1 Inversion of Rabins function Given a , we want to find x such that x 2 a mod N . If x 2 a mod N admits a solution then we call the solution a quadratic residue. In general, r 2 y mod N ( r ) 2 y mod N Now, let us first consider x 2 a mod p for p prime. Under mod p , a polynomial of degree d will have at most d roots. If there is a solution to x 2 a mod p , then there will be exactly two square roots, because r 6 ( r ) mod p . Therefore, x 2 a mod p has either zero or two solutions. Question : How many quadratic residues are there in 1, 2, ..., p-1 ? Answer : p 1 2 , because every element of Z p is the root of some quadratic residue, and every quadratic residue has two roots. There is also polynomial time algorithm for finding the roots. Thus, x 2 a mod N is easy to invert when N is prime. Next, consider the case: x 2 a mod N ; N = pq, p, q > 2 , a 6 = 0 , gcd ( a, N ) = 1 There will be a solution iff x 2 a mod p and x 2 a mod q both admit solutions. Let us denote the solutions to x 2 a mod p as r p , r p Z p and the solutions to x 2 a mod q as r q , r q Z q . Then, consider the following four systems:....
View Full Document
This note was uploaded on 02/04/2008 for the course CS 276 taught by Professor Trevisan during the Spring '02 term at University of California, Berkeley.
- Spring '02