Cryptography - coin flipping protocol

In summary, the problem states that y cannot be a square both mod p and mod q, and the values of p and q must follow the conditions p = 3 (mod 4) and q = 3 (mod 4). The protocol described involves Alice sending n to Bob, Bob choosing a value for y, and Alice using p and q to find four square roots of y. Alice then picks one root at random and sends it to Bob, who must provide the factorization of n to determine if Alice won or lost. The problem also involves finding a relationship between p and q using the values of b and y.
  • #1
docnet
Gold Member
696
349
Homework Statement
coin flipping protocol
Relevant Equations
n = pq
b^2 = y(modp)
b^2 = -y(modq)
Screen Shot 2020-11-02 at 2.37.00 AM.png

Conditions of the problem:
y =/= a^2 (mod pq)
-y =/= a^2 (mod pq)
p = 3 (mod 4)
q = 3 (mod 4)

(a) We assume y is both square (mod p) and (mod q). Then,
b^2 = y (mod p)
b^2 = y (mod q)
b^2 = y + pk
b^2 = y + qr
pk = qr ?

(should we assume b is the same between the two equations?)

(b)
-y = d^2 (modq)
q-y = d^2 (modq)
y + d^2 = q (modq)
d^2 = -y (modq)

(c)
y = a^2 (mod p)
-y = a^2 (mod q)

(again, should we assume b is the same between two equations?)

(d)
If bob has b and y, he can compute a relationship between p and q.
b^2 = y + pk
b^2 = -y + qr
2 b^2 + pk + qr ?

______________________________________________________________________________________________________________
(description of the coin flipping protocol)

Alice knows primes p = 3(mod) and q = 3(mod4). She computes pq = n, she sends n to Bob.

Bob chooses u so y = u^2 (modn), sends y to Alice

Alice finds 4 square roots of y using p and q.
square roots = u, -u, v, -v,

Alice picks one square root at random and sends it to Bob. If Alice picks u or -u she wins. If she picks v or -v, she loses.

Bob cannot lie and falsify Alice's loss because he only knows u, -u. therefore he will not be able to provide v if Alice asks for it.
 
Last edited:
Physics news on Phys.org
  • #2
Edit: At the end of the protocol, Alice asks Bob for the factorization of n. If Bob can produce p and q, it means he has all four square roots and Alice lost. If Bob can't produce p and q, it means Alice won.
 
  • #3
update on (a)

if y is square mod p and q, we have the system of equations

x^2 = y (mod p)
x^2 = y (mod q)

which is only true if

x^2 = y + p*q
x^2 = y + q*p

however,

x^2 =/= y (mod n)

and

x^2 =/= y + pq*r for some constant r. in this case, we have r = 1

so y can't be a square both mod p and mod q, We use the same procedure to show for -y.
 
Last edited:
  • #4
(b)

x^2 = -y (mod q)
x^2 = q-y (mod q)
x^2 + y = 0 (mod q)
x^2 = -y (mod q)
This seems like I'm going around in circles, it feels like i haven't used the relevant information. Does anyone see what i should be doing?

(c)
I'm not sure how to incorporate the right information to prove what the problem is aking. this sounds extremely general to me. any pointers?

(d). could he use b^2 as one of the square roots (mod n) and find gcd(x-b, n) to factor n?
 

1. What is cryptography?

Cryptography is the practice and study of techniques for secure communication in the presence of third parties. It involves creating and analyzing protocols that prevent third parties or the public from reading private messages.

2. How does the coin flipping protocol work?

The coin flipping protocol is a cryptographic method used to fairly determine a random outcome between two parties without the need for a trusted third party. It involves each party secretly choosing a random bit (0 or 1) and then revealing it to the other party. The outcome is determined by XOR-ing the two bits together.

3. Is the coin flipping protocol secure?

Yes, the coin flipping protocol is considered to be secure as long as both parties are honest and the communication channel is secure. It is based on the principles of information theory and computational complexity, making it difficult for a third party to manipulate the outcome.

4. What are the real-world applications of the coin flipping protocol?

The coin flipping protocol has various applications in cryptography, such as in secure multi-party computation, electronic voting, and fair exchange protocols. It can also be used in online games and lotteries to ensure a fair and unbiased outcome.

5. Are there any limitations to the coin flipping protocol?

One limitation of the coin flipping protocol is that it requires a secure communication channel between the two parties. If the channel is compromised, a third party may be able to manipulate the outcome. Additionally, it may not be suitable for situations where a large number of parties need to participate in the random outcome.

Similar threads

Evaluate the line integral
    • Calculus and Beyond Homework Help
Replies
12
Views
996
Prove that if p > 3 is a prime number, then p^2 = [....]
    • Calculus and Beyond Homework Help
Replies
16
Views
2K
Is the function v(r) = (e^(-mr))/r a solution to the Yukawa PDE equation?
    • Calculus and Beyond Homework Help
Replies
1
Views
635
Showing that a certain summation is equal to a Dirac delta?
    • Advanced Physics Homework Help
Replies
1
Views
698
Comp Sci RSA to encrypt English Alphabets, any restrictions?
    • Engineering and Comp Sci Homework Help
Replies
7
Views
1K
MIT OCW, 8.02 Electromagnetism: Potential for an Electric Dipole
    • Introductory Physics Homework Help
Replies
1
Views
905
Finding the scalar equation of a plane
    • Calculus and Beyond Homework Help
Replies
2
Views
2K
Describe all points (x,y) satisfying the equation
    • Calculus and Beyond Homework Help
Replies
9
Views
1K
Finding an area of a triangle formed by three points
    • Calculus and Beyond Homework Help
Replies
2
Views
2K
A Crank-Nicholson method for spherical diffusion
    • Differential Equations
Replies
2
Views
2K

Hot Threads

Recent Insights

Back
Top