Rad HAZU, Matematičke znanosti, Vol. 25 (2021), 15-31.

A NOTE ON LOW ORDER ASSUMPTIONS IN RSA GROUPS

István András Seres and Péter Burcsi

Faculty of Informatics, 3in Research Group, ELTE Eötvös Loránd University, 1117 Budapest, Hungary
e-mail: istvanseres@caesar.elte.hu
e-mail: bupe@inf.elte.hu

Abstract.   In this short note, we show that substantially weaker Low Order assumptions are sufficient to prove the soundness of Pietrzak’s protocol for proof of exponentiation in groups of unknown order. This constitutes the first step to a better understanding of the asymptotic computational complexity of breaking the soundness of the protocol. Furthermore, we prove the equivalence of the (weaker) Low Order assumption(s) and the Factoring assumption in RSA groups for a non-negligible portion of moduli. We argue that in practice our reduction applies for a considerable amount of deployed moduli. Our results have cryptographic applications, most importantly in the theory of recently proposed verifiable delay function constructions. Finally, we describe how to certify RSA moduli free of low order elements.

2020 Mathematics Subject Classification.   94A60.

Key words and phrases.   Verifiable delay functions, Low Order assumption, RSA.

Full text (PDF) (free access)

DOI: https://doi.org/10.21857/y54jofkjqm

References:

  1. V. Attias, L. Vigneri and V. Dimitrov, Implementation study of two verifiable delay functions, in: 2nd International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2020), Open Access Series in Informatics (OASIcs) 80, Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 2021, pp. 9:1-9:14.
    CrossRef

  2. E. Bach and J. P. Sorenson, Approximately counting semismooth integers, in: Proceedings of the 38th International Symposium on Symbolic and Algebraic Computation, ACM, New York, 2013, pp. 23-30.
    MathSciNet     CrossRef

  3. M. Bellare and G. Neven, Multi-signatures in the plain public-key model and a general forking lemma, in: Proceedings of the 13th ACM conference on Computer and communications security, 2006, pp. 390-399.
    CrossRef

  4. S. Berkovits, Factoring via superencyrption, Cryptologia 6 (1982), 229-237.
    MathSciNet     CrossRef

  5. D. Boneh, J. Bonneau, B. Bünz and B. Fisch, Verifiable delay functions, in: Advances in Cryptology - CRYPTO 2018. Part I, Lecture Notes in Comput. Sci. 10991, Springer, Cham, 2018, pp. 757-788.
    MathSciNet     CrossRef

  6. D. Boneh, B. Bünz and B. Fisch, A survey of two verifiable delay functions, IACR Cryptology ePrint Archive 2018:712, 2018.

  7. D. Boneh, B. Bünz and B. Fisch, Batching techniques for accumulators with applications to IOPs and stateless blockchains, in: Advances in Cryptology - CRYPTO 2019, Lecture Notes in Comput. Sci. 11692, Springer, Cham, 2019, pp. 561-586.
    CrossRef

  8. J. J. Brennan and B. Geist, Analysis of iterated modular exponentiation: the orbits of xα mod n, Designs, Codes and Cryptography 13 (1998), 229-245.
    MathSciNet     CrossRef

  9. B. Bünz, S. Goldfeder and J. Bonneau, Proofs-of-delay and randomness beacons in ethereum, IEEE Security and Privacy on the blockchain (IEEE S & B), 2017.

  10. W.-S. Chou and I. E. Shparlinski, On the cycle structure of repeated exponentiation modulo a prime, J. Number Theory 107 (2004), 345-356.
    MathSciNet     CrossRef

  11. B. Fisch, J. Bonneau, N. Greco and J. Benet, Scaling proof-of-replication for filecoin mining, Technical Report, Stanford University, May 2019.

  12. S. Goldberg, L. Reyzin, O. Sagga and F. Baldimtsi, Efficient noninteractive certification of RSA moduli and beyond, in: Advances in Cryptology - ASIACRYPT 2019, Lecture Notes in Comput. Sci. 11923, Springer, Cham, 2019, pp. 700-727.
    CrossRef

  13. M. Gysin and J. Seberry, Generalised cycling attacks on RSA and strong RSA primes, in: Australasian Conference on Information Security and Privacy, Lecture Notes in Comput. Sci. 1587, Springer, Berlin, 1999, pp. 149-163.
    CrossRef

  14. E. Landerreche, M. Stevens and C. Schaffner, Non-interactive cryptographic timestamping based on verifiable delay functions, in: Financial Cryptography and Data Security, Lecture Notes in Comput. Sci. 12059, Springer, Cham, 2020, pp. 541-558.
    CrossRef

  15. M. Mahmoody, C. Smith and D. J. Wu, A note on the (im)possibility of verifiable delay functions in the random oracle model, IACR Cryptology ePrint Archive 2019:663, 2019.

  16. K. Pietrzak, Simple verifiable delay functions, in: 10th Innovations in Theoretical Computer Science Conference (ITCS 2019), Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 2019, Art. No. 60, 15 pp.
    MathSciNet

  17. R. L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Comm. ACM 21 (1978), 120-126.
    MathSciNet     CrossRef

  18. L. Rotem, G. Segev and I. Shahaf, Generic-group delay functions require hiddenorder groups, in: Advances in Cryptology - EUROCRYPT 2020. Part III, Lecture Notes in Comput. Sci. 12107, Springer, Cham, 2020, pp. 155-180.
    MathSciNet     CrossRef

  19. G. J. Simmons and M. J. Norris, Preliminary comments on the MIT public-key cryptosystem, Cryptologia 1 (1977), 406-414.
    CrossRef

  20. P. Švenda, M. Nemec, P. Sekan, R. Kvašnovsky, D. Formánek, D. Komárek and V. Matyáš, The million-key question - investigating the origins of RSA public keys, in: 25th USENIX Security Symposium (USENIX Security 16), USENIX Association, Austin, 2016, pp. 893-910.

  21. T. Vasiga and J. Shallit, On the iteration of certain quadratic maps over GF(p), Discrete Math. 277 (2004), 219-240.
    MathSciNet     CrossRef

  22. R. Warlimont, Sieving by large prime factors, Monatsh. Math. 109 (1990), 247-256.
    MathSciNet     CrossRef

  23. A. Weingartner, Integers free of prime divisors from an interval, I, Acta Arith. 98 (2001), 117-131.
    MathSciNet     CrossRef

  24. B. Wesolowski, Efficient verifiable delay functions, in: Advances in Cryptology - EUROCRYPT 2019, Lecture Notes in Comput. Sci. 11478, Springer, Cham, 2019, pp. 379-407.
    CrossRef

Rad HAZU Home Page