We prove, under the strong RSA assumption, that the group of invertible integers modulo the product of two safe primes is pseudo-free. More specifically, no polynomial time algorithm can output (with non negligible probability) an unsatisfiable system of equations over the free abelian group generated by the symbols g1, ⋯, gn, together with a solution modulo the product of two randomly chosen safe primes when g 1, ⋯, gn are instantiated to randomly chosen quadratic residues. Ours is the first provably secure construction of pseudo-free abelian groups under a standard cryptographic assumption, and resolves a conjecture of Rivest (TCC 2004). © International Association for Cryptologic Research 2005.
CITATION STYLE
Micciancio, D. (2005). The RSA group is pseudo-free. In Lecture Notes in Computer Science (Vol. 3494, pp. 387–403). Springer Verlag. https://doi.org/10.1007/11426639_23
Mendeley helps you to discover research relevant for your work.