Number Theory Question - Discrete Log mod (pq)^2.

Click For Summary
SUMMARY

The discussion focuses on solving the discrete logarithm problem in the context of modular arithmetic, specifically in Z_{N^2} where g is defined as g = aN + 1 mod N^2. The key insight is that given c = g^x mod N^2, one can express c in terms of a and N, allowing for the simplification of the problem. By leveraging properties of modular arithmetic and the assumption that the discrete logarithm problem is hard in Z_N, the solution can be derived as x = log_a(c - 1) + log_a(-1) mod N. This establishes that the discrete log problem is manageable under these specific conditions.

PREREQUISITES
  • Understanding of RSA algorithm and its components (p, q, N).
  • Familiarity with modular arithmetic and properties of Z_n.
  • Knowledge of discrete logarithm problem and its complexity in different groups.
  • Basic skills in algebraic manipulation of equations involving modular expressions.
NEXT STEPS
  • Research the properties of discrete logarithms in various modular groups, particularly Z_p and Z_{N^2}.
  • Study the implications of the RSA algorithm on the security of discrete logarithm problems.
  • Explore advanced techniques for solving discrete logarithm problems, such as the Pohlig-Hellman algorithm.
  • Learn about the role of modular exponentiation in cryptographic applications.
USEFUL FOR

This discussion is beneficial for cryptographers, mathematicians specializing in number theory, and anyone interested in the computational aspects of cryptography, particularly those working with RSA and discrete logarithm problems.

Chu
Messages
9
Reaction score
0
Hello all, here is a problem I am working on that is giving me some problems.

p,q, and N are defined as in RSA i.e.
{p,q} in (Z_p,*), N = pq

a in (Z_n,*)
g in (Z_{N^2}) s.t. g=aN+1 mod N^2

The problem is to show that the discrete log problem base g is easy in Z_{N^2}, i.e. :

given {g,c} s.t. c=g^x mod N^2, solve for x.

I've been messing around with this problem for quite a bit, and I assume that the solution has something to do with the form of g since along the way I proved (very informally) that this is NOT true for a general g*. Any further nudge in the right direction would be GREATLY appreciated.

-Chu

*assuming the discrete log problem is hard in Z_p of course
 
Physics news on Phys.org
.Since g has the form of aN + 1, you can use the fact that aN = -1 mod N^2 to rewrite c as:c = (-1)^x * (aN + 1)^x mod N^2Since (-1)^x is just 1 or -1, this reduces to:c = (-1)^x * a^xN + 1 mod N^2Now since a is in Z_N and N^2 is a multiple of N, we can break this up into a product of two terms, one in Z_N and one in Z_N^2:c = a^xN * (-1)^x + 1 mod N^2Since this is a product of two terms, we can solve for x by taking the logarithm of both sides:x = log_a(c-1) + log_a(-1) mod NSince the discrete logarithm problem is assumed to be hard in Z_N, this gives us the solution to the problem.
 


First, let's break down the problem into smaller parts. We know that the discrete log problem is easy in Z_p, so let's focus on the part where g is in Z_{N^2}. We also know that g = aN+1 mod N^2, so let's substitute that into the equation c=g^x mod N^2. We get c = (aN+1)^x mod N^2. Now, we can use the properties of modular arithmetic to simplify this further. We know that (a+b)^x mod N^2 = a^x mod N^2 + b^x mod N^2, so we can rewrite our equation as c = (a^x mod N^2) * (N^x mod N^2) mod N^2 + 1^x mod N^2. Since N^x mod N^2 will always be 0, we can simplify this to c = a^x mod N^2 + 1. Now, we can use the fact that the discrete log problem is easy in Z_p to solve for x in the equation a^x mod N^2 = c-1. This means that we can easily find the discrete log of g in Z_{N^2}. I hope this helps and gives you a nudge in the right direction. Good luck!
 

Similar threads

Yes, the derivative of log(x) is 1/x.
  • · Replies 1 ·
Replies
1
Views
1K
Cryptography - coin flipping protocol
  • · Replies 3 ·
Replies
3
Views
1K
Undergrad Understanding extinction probability in simple GWP
  • · Replies 1 ·
Replies
1
Views
3K
Can Discrete Logarithms Be Added in Modular Arithmetic?
  • · Replies 16 ·
Replies
16
Views
2K
Computing conditional extinction probabilities for pollen cells
  • · Replies 1 ·
Replies
1
Views
1K
Simple Induction Induction proof of Polynomial Division Theorem
  • · Replies 10 ·
Replies
10
Views
4K
Comp Sci RSA to encrypt English Alphabets, any restrictions?
  • · Replies 7 ·
Replies
7
Views
2K
Undergrad Questions regarding Kurepa's Conjecture
  • · Replies 1 ·
Replies
1
Views
3K
MHB What Is the Upper Bound of Groups of Order in Finite Group Theory?
  • · Replies 2 ·
Replies
2
Views
2K
Graduate Structure of modulo-integer matrix group GL(r,Z(n))?
  • · Replies 17 ·
Replies
17
Views
8K