How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
Efficient factoring based on partial information
Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
On the cryptographic security of single RSA bits
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Why and how to establish a private code on a public network
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Verifiable secret sharing and achieving simultaneity in the presence of faults
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Efficient And Secure Pseudo-Random Number Generation
SFCS '84 Proceedings of the 25th Annual Symposium onFoundations of Computer Science, 1984
Hi-index | 0.00 |
It is known that given a composite integer N = p1p2 - such that p1 驴 p2 驴 3 (mod 4)), and q a quadratic residue modulo N, guessing the least significant bit of a square root of q with any non-negligible advantage is as hard as factoring N.In this paper we extend the above result to multi-prime numbers N = p1p2...p1 (such that p1 驴 p2 驴 ... 驴 p1 驴 3 (mod 1)). We show that given N and q, a quadratic residue mod N, guessing the least significant bit of a square root of q is as hard as completely factoring N. Furthermore, the difficulty of guessing the least significant bit of the square root or q remains unchanged evert when all but two of the prime factors of N, p3,...,p1, are known. The result is useful in desigihg multi-party cryptographic protocols.