On Black-Box Ring Extraction and Integer Factorization

The black-box extraction problem over rings has (at least) two important interpretations in cryptography: An efficient algorithm for this problem implies (i) the equivalence of computing discrete logarithms and solving the Diffie-Hellman problem and (ii) the in-existence of secure ring-homomorphic encryption schemes. In the special case of a finite field, Boneh/Lipton [1] and Maurer/ Raub [2] show that there exist algorithms solving the black-box extraction problem in subexponential time. It is unknown whether there exist more efficient algorithms. In this work we consider the black-box extraction problem over finite rings of characteristic n, where nhas at least two different prime factors. We provide a polynomial-time reduction from factoring nto the black-box extraction problem for a large class of finite commutative unitary rings. Under the factoring assumption, this implies the in-existence of certain efficient generic reductions from computing discrete logarithms to the Diffie-Hellman problem on the one side, and might be an indicator that secure ring-homomorphic encryption schemes exist on the other side.

[1]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[2]  A. Meyer,et al.  The complexity of the word problems for commutative semigroups and polynomial ideals , 1982 .

[3]  Ralf Fröberg,et al.  An introduction to Gröbner bases , 1997, Pure and applied mathematics.

[4]  Richard J. Lipton,et al.  Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract) , 1996, CRYPTO.

[5]  Nitin Saxena,et al.  Automorphisms of Finite Rings and Applications to Complexity of Problems , 2005, STACS.

[6]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[7]  E. Bach Discrete Logarithms and Factoring , 1984 .

[8]  Gregor Leander,et al.  On the Equivalence of RSA and Factoring Regarding Generic Ring Algorithms , 2006, ASIACRYPT.

[9]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[10]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[11]  L. O'carroll AN INTRODUCTION TO GRÖBNER BASES (Graduate Studies in Mathematics 3) , 1996 .

[12]  Ueli Maurer,et al.  Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms , 1994, CRYPTO.

[13]  Ueli Maurer,et al.  Abstract Models of Computation in Cryptography , 2005, IMACC.

[14]  Ueli Maurer,et al.  Black-Box Extension Fields and the Inexistence of Field-Homomorphic One-Way Permutations , 2007, ASIACRYPT.

[15]  Bert den Boer Diffie-Hellman is as Strong as Discrete Log for Certain Primes , 1988, CRYPTO.

[16]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[17]  Ueli Maurer,et al.  Lower Bounds on Generic Algorithms in Groups , 1998, EUROCRYPT.

[18]  B. R. McDonald Finite Rings With Identity , 1974 .

[19]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[20]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.