Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions

Lior Rotem; Gil Segev

doi:10.1007/978-3-030-56877-1_17

Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions

Lior Rotem^*, Gil Segev

^*Corresponding author for this work

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

Despite the fundamental importance of delay functions, repeated squaring in RSA groups (Rivest, Shamir and Wagner ’96) is the only candidate offering both a useful structure and a realistic level of practicality. Somewhat unsatisfyingly, its sequentiality is provided directly by assumption (i.e., the function is assumed to be a delay function). We prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring. More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.

Original language	American English
Title of host publication	Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings
Editors	Daniele Micciancio, Thomas Ristenpart
Publisher	Springer
Pages	481-509
Number of pages	29
ISBN (Print)	9783030568764
DOIs	https://doi.org/10.1007/978-3-030-56877-1_17
State	Published - 2020
Event	40th Annual International Cryptology Conference, CRYPTO 2020 - Santa Barbara, United States Duration: 17 Aug 2020 → 21 Aug 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12172 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	40th Annual International Cryptology Conference, CRYPTO 2020
Country/Territory	United States
City	Santa Barbara
Period	17/08/20 → 21/08/20

Bibliographical note

Funding Information:
L. Rotem and G. Segev—Supported by the European Union’s Horizon 2020 Framework Program (H2020) via an ERC Grant (Grant No. 714253). L. Rotem—Supported by the Adams Fellowship Program of the Israel Academy of Sciences and Humanities.

Publisher Copyright:
© International Association for Cryptologic Research 2020.

Access to Document

10.1007/978-3-030-56877-1_17

Cite this

Rotem, L., & Segev, G. (2020). Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions. In D. Micciancio, & T. Ristenpart (Eds.), Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings (pp. 481-509). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12172 LNCS). Springer. https://doi.org/10.1007/978-3-030-56877-1_17

Rotem, Lior ; Segev, Gil. / Generically speeding-up repeated squaring is equivalent to factoring : Sharp thresholds for all generic-ring delay functions. Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings. editor / Daniele Micciancio ; Thomas Ristenpart. Springer, 2020. pp. 481-509 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{27c717edc9514d838a6827838c5e6ff1,

title = "Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions",

abstract = "Despite the fundamental importance of delay functions, repeated squaring in RSA groups (Rivest, Shamir and Wagner {\textquoteright}96) is the only candidate offering both a useful structure and a realistic level of practicality. Somewhat unsatisfyingly, its sequentiality is provided directly by assumption (i.e., the function is assumed to be a delay function). We prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring. More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.",

author = "Lior Rotem and Gil Segev",

note = "Funding Information: L. Rotem and G. Segev—Supported by the European Union{\textquoteright}s Horizon 2020 Framework Program (H2020) via an ERC Grant (Grant No. 714253). L. Rotem—Supported by the Adams Fellowship Program of the Israel Academy of Sciences and Humanities. Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2020.; 40th Annual International Cryptology Conference, CRYPTO 2020 ; Conference date: 17-08-2020 Through 21-08-2020",

year = "2020",

doi = "10.1007/978-3-030-56877-1_17",

language = "American English",

isbn = "9783030568764",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "481--509",

editor = "Daniele Micciancio and Thomas Ristenpart",

booktitle = "Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings",

}

Rotem, L & Segev, G 2020, Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions. in D Micciancio & T Ristenpart (eds), Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12172 LNCS, Springer, pp. 481-509, 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, United States, 17/08/20. https://doi.org/10.1007/978-3-030-56877-1_17

Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions. / Rotem, Lior; Segev, Gil.
Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings. ed. / Daniele Micciancio; Thomas Ristenpart. Springer, 2020. p. 481-509 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12172 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Generically speeding-up repeated squaring is equivalent to factoring

T2 - 40th Annual International Cryptology Conference, CRYPTO 2020

AU - Rotem, Lior

AU - Segev, Gil

N1 - Funding Information: L. Rotem and G. Segev—Supported by the European Union’s Horizon 2020 Framework Program (H2020) via an ERC Grant (Grant No. 714253). L. Rotem—Supported by the Adams Fellowship Program of the Israel Academy of Sciences and Humanities. Publisher Copyright: © International Association for Cryptologic Research 2020.

PY - 2020

Y1 - 2020

N2 - Despite the fundamental importance of delay functions, repeated squaring in RSA groups (Rivest, Shamir and Wagner ’96) is the only candidate offering both a useful structure and a realistic level of practicality. Somewhat unsatisfyingly, its sequentiality is provided directly by assumption (i.e., the function is assumed to be a delay function). We prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring. More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.

AB - Despite the fundamental importance of delay functions, repeated squaring in RSA groups (Rivest, Shamir and Wagner ’96) is the only candidate offering both a useful structure and a realistic level of practicality. Somewhat unsatisfyingly, its sequentiality is provided directly by assumption (i.e., the function is assumed to be a delay function). We prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring. More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.

UR - http://www.scopus.com/inward/record.url?scp=85089720040&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-56877-1_17

DO - 10.1007/978-3-030-56877-1_17

M3 - Conference contribution

AN - SCOPUS:85089720040

SN - 9783030568764

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 481

EP - 509

BT - Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings

A2 - Micciancio, Daniele

A2 - Ristenpart, Thomas

PB - Springer

Y2 - 17 August 2020 through 21 August 2020

ER -

Rotem L, Segev G. Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions. In Micciancio D, Ristenpart T, editors, Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings. Springer. 2020. p. 481-509. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-56877-1_17

Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this