The Relationship Between Breaking the Diffie--Hellman Protocol and Computing Discrete Logarithms
SIAM Journal on Computing
Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract)
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Generic Lower Bounds for Root Extraction and Signature Schemes in General Groups
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
A Note on Security Proofs in the Generic Model
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the Insecurity of a Server-Aided RSA Protocol
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The random oracle methodology, revisited
Journal of the ACM (JACM)
A computational introduction to number theory and algebra
A computational introduction to number theory and algebra
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Journal of Cryptology
On Black-Box Ring Extraction and Integer Factorization
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Breaking RSA Generically Is Equivalent to Factoring
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Black-box extension fields and the inexistence of field-homomorphic one-way permutations
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
On the equivalence of RSA and factoring regarding generic ring algorithms
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
The ideal-cipher model, revisited: an uninstantiable blockcipher-based hash function
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Evaluating 2-DNF formulas on ciphertexts
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Abstract models of computation in cryptography
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
| Hi-index | 0.00 |
At Eurocrypt 2009 Aggarwal and Maurer proved that breaking RSA is equivalent to factoring in the generic ring model . This model captures algorithms that may exploit the full algebraic structure of the ring of integers modulo n , but no properties of the given representation of ring elements. This interesting result raises the question how to interpret proofs in the generic ring model. For instance, one may be tempted to deduce that a proof in the generic model gives some evidence that solving the considered problem is also hard in a general model of computation. But is this reasonable? We prove that computing the Jacobi symbol is equivalent to factoring in the generic ring model. Since there are simple and efficient non-generic algorithms computing the Jacobi symbol, we show that the generic model cannot give any evidence towards the hardness of a computational problem. Despite this negative result, we also argue why proofs in the generic ring model are still interesting, and show that solving the quadratic residuosity and subgroup decision problems is generically equivalent to factoring.