Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions

Lior Rotem; Gil Segev

doi:10.1007/978-3-030-56877-1_17

Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions

Lior Rotem^*
, Gil Segev

^*Corresponding author for this work

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

13 Scopus citations

Abstract

Despite the fundamental importance of delay functions, repeated squaring in RSA groups (Rivest, Shamir and Wagner ’96) is the only candidate offering both a useful structure and a realistic level of practicality. Somewhat unsatisfyingly, its sequentiality is provided directly by assumption (i.e., the function is assumed to be a delay function). We prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring. More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.

Original language	English
Title of host publication	Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings
Editors	Daniele Micciancio, Thomas Ristenpart
Publisher	Springer
Pages	481-509
Number of pages	29
ISBN (Print)	9783030568764
DOIs	https://doi.org/10.1007/978-3-030-56877-1_17
State	Published - 2020
Event	40th Annual International Cryptology Conference, CRYPTO 2020 - Santa Barbara, United States Duration: 17 Aug 2020 → 21 Aug 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12172 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	40th Annual International Cryptology Conference, CRYPTO 2020
Country/Territory	United States
City	Santa Barbara
Period	17/08/20 → 21/08/20

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2020.

Access to Document

10.1007/978-3-030-56877-1_17

Cite this

Rotem, L., & Segev, G. (2020). Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions. In D. Micciancio, & T. Ristenpart (Eds.), Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings (pp. 481-509). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12172 LNCS). Springer. https://doi.org/10.1007/978-3-030-56877-1_17

Rotem, Lior ; Segev, Gil. / Generically speeding-up repeated squaring is equivalent to factoring : Sharp thresholds for all generic-ring delay functions. Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings. editor / Daniele Micciancio ; Thomas Ristenpart. Springer, 2020. pp. 481-509 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{27c717edc9514d838a6827838c5e6ff1,

title = "Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions",

abstract = "Despite the fundamental importance of delay functions, repeated squaring in RSA groups (Rivest, Shamir and Wagner {\textquoteright}96) is the only candidate offering both a useful structure and a realistic level of practicality. Somewhat unsatisfyingly, its sequentiality is provided directly by assumption (i.e., the function is assumed to be a delay function). We prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring. More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.",

author = "Lior Rotem and Gil Segev",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2020.; 40th Annual International Cryptology Conference, CRYPTO 2020 ; Conference date: 17-08-2020 Through 21-08-2020",

year = "2020",

doi = "10.1007/978-3-030-56877-1\_17",

language = "אנגלית",

isbn = "9783030568764",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "481--509",

editor = "Daniele Micciancio and Thomas Ristenpart",

booktitle = "Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings",

}

Rotem, L & Segev, G 2020, Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions. in D Micciancio & T Ristenpart (eds), Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12172 LNCS, Springer, pp. 481-509, 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, United States, 17/08/20. https://doi.org/10.1007/978-3-030-56877-1_17

Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions. / Rotem, Lior; Segev, Gil.
Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings. ed. / Daniele Micciancio; Thomas Ristenpart. Springer, 2020. p. 481-509 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12172 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Generically speeding-up repeated squaring is equivalent to factoring

T2 - 40th Annual International Cryptology Conference, CRYPTO 2020

AU - Rotem, Lior

AU - Segev, Gil

PY - 2020

Y1 - 2020

N2 - Despite the fundamental importance of delay functions, repeated squaring in RSA groups (Rivest, Shamir and Wagner ’96) is the only candidate offering both a useful structure and a realistic level of practicality. Somewhat unsatisfyingly, its sequentiality is provided directly by assumption (i.e., the function is assumed to be a delay function). We prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring. More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.

AB - Despite the fundamental importance of delay functions, repeated squaring in RSA groups (Rivest, Shamir and Wagner ’96) is the only candidate offering both a useful structure and a realistic level of practicality. Somewhat unsatisfyingly, its sequentiality is provided directly by assumption (i.e., the function is assumed to be a delay function). We prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring. More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.

UR - https://www.scopus.com/pages/publications/85089720040

U2 - 10.1007/978-3-030-56877-1_17

DO - 10.1007/978-3-030-56877-1_17

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85089720040

SN - 9783030568764

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 481

EP - 509

BT - Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings

A2 - Micciancio, Daniele

A2 - Ristenpart, Thomas

PB - Springer

Y2 - 17 August 2020 through 21 August 2020

ER -

Rotem L, Segev G. Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions. In Micciancio D, Ristenpart T, editors, Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings. Springer. 2020. p. 481-509. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-56877-1_17

Generically speeding-up repeated squaring is equivalent to factoring: Sharp thresholds for all generic-ring delay functions

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this