{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Jan 24 notes

A Concrete Introduction to Higher Algebra, 2nd Edition

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: U.C. Berkeley — CS276: Cryptography Lecture 2 – 1/24/2002 Professors Luca Trevisan and David Wagner Scribe: Jim Chou Lecture 2 – 1/24/2002 1 Another trapdoor function: Rabin’s function Rabin’s function is defined as: • Given a generator, G ( n ), pick two primes p, q each of magnitude ∼ 2 n/ 2 . Let, N = pq be the public key. • Trapdoor information: p , q . • F ( x, N ) = x 2 mod N (not injective); x ∈ Z ∗ N , x is a quadratic residue. We would like to (1) Find an inversion algorithm given p , q and (2) show the hardness of inversion given only N . We will consider the aforementioned two points in the following subsections. 1.1 Inversion of Rabin’s function Given a , we want to find x such that x 2 ≡ a mod N . If x 2 ≡ a mod N admits a solution then we call the solution a quadratic residue. In general, r 2 ≡ y mod N ( − r ) 2 ≡ y mod N Now, let us first consider x 2 ≡ a mod p for p prime. Under mod p , a polynomial of degree d will have at most d roots. If there is a solution to x 2 ≡ a mod p , then there will be exactly two square roots, because r 6≡ ( − r ) mod p . Therefore, x 2 ≡ a mod p has either zero or two solutions. Question : How many quadratic residues are there in 1, 2, ..., p-1 ? Answer : p − 1 2 , because every element of Z ∗ p is the root of some quadratic residue, and every quadratic residue has two roots. There is also polynomial time algorithm for finding the roots. Thus, x 2 ≡ a mod N is easy to invert when N is prime. Next, consider the case: x 2 ≡ a mod N ; N = pq, p, q > 2 , a 6 = 0 , gcd ( a, N ) = 1 There will be a solution iff x 2 ≡ a mod p and x 2 ≡ a mod q both admit solutions. Let us denote the solutions to x 2 ≡ a mod p as r p , − r p ∈ Z p and the solutions to x 2 ≡ a mod q as r q , − r q ∈ Z q . Then, consider the following four systems:....
View Full Document

{[ snackBarMessage ]}

Page1 / 5

Jan 24 notes - U.C Berkeley — CS276 Cryptography Lecture...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online