How can I compute r from: c = g^m * r^N mod N^2

  • Context: Graduate 
  • Thread starter Thread starter vanvincent
  • Start date Start date
Click For Summary

Discussion Overview

The discussion centers around computing the integer "r" from the equation c = g^m * r^N mod N^2, specifically within the context of the Paillier cryptosystem. Participants explore methods and challenges related to this computation, touching on number theory concepts and potential approaches.

Discussion Character

  • Technical explanation
  • Mathematical reasoning
  • Debate/contested

Main Points Raised

  • One participant asks how to compute "r" when all other values are known, indicating a lack of familiarity with number theory.
  • Another participant mentions knowing the prime factors p and q of n, suggesting this information may be relevant to the computation.
  • A participant expresses skepticism about the existence of a known solution, proposing trial and error as a potential method, and suggests substituting x for g^m to compute c/x mod N^2.
  • Further elaboration on the trial and error method is provided, including a correction regarding the handling of modular arithmetic and the importance of keeping track of additions made to c.
  • Another participant provides an example to illustrate the method of reducing powers using Euler's theorem and finding modular inverses, framing it as a related problem to the original question.
  • A later reply seeks suggestions on solving the equation a = b^x mod c for b, indicating a continuation of the mathematical exploration.

Areas of Agreement / Disagreement

Participants express differing views on the feasibility of finding "r" and the methods to approach the problem. There is no consensus on a definitive solution or method, and the discussion remains unresolved.

Contextual Notes

Limitations include potential missing assumptions regarding the properties of the numbers involved, the dependence on specific definitions of modular arithmetic, and unresolved steps in the proposed methods.

vanvincent
Messages
6
Reaction score
0
How can I compute "r" from: c = g^m * r^N mod N^2

How can I compute "r" from: c = g^m * r^N mod N^2, when all values except r are known?

This is the encryption scheme for the paillier cryptosystem. The ciphertext c, plaintext m, and the public key <n, g> is known and I need to find the integer r used for the encryption. My number theory is a little rusty. Thanks!
 
Physics news on Phys.org


and we also know the prime factors p and q of n, such that n = p * q
 


vanvincent said:
How can I compute "r" from: c = g^m * r^N mod N^2, when all values except r are known?

This is the encryption scheme for the paillier cryptosystem. The ciphertext c, plaintext m, and the public key <n, g> is known and I need to find the integer r used for the encryption. My number theory is a little rusty. Thanks!
My bet is that there is no known solution but trial and error. If you find it submit your resume to the CIA. To start substitute x (found by computation) for g^m then compute c/x mod N^2. For the latter part you add N^2 (Mod x) to c repeatedly until it is divisible by x
 
Last edited:


ramsey2879 said:
My bet is that there is no known solution but trial and error. If you find it submit your resume to the CIA. To start substitute x (found by computation) for g^m then compute c/x mod N^2. For the latter part you add N^2 (Mod x) to c repeatedly until it is divisible by x
Foolish of me to say mod x! 1/13 mod 25 = 26/13 = 2 mod 25 but if I added only 12 to 1 and divided by 13, I would get 1 but 2*13 = 26 = 1 mod 25 so the correct answer will not be found if you add N^2 (mod x). It can be done the way I first suggested but you must keep track of how many times you added (say n times m is added to c and then divided by x) then to this result you would add n * (N^2-m)/x. 1*(25-12)/13 + 1 = 2 which is correct when you figure 1/13 Mod 25.
 
Last edited:


ramsey2879 said:
Foolish of me to say mod x! 1/13 mod 25 = 26/13 = 2 mod 25 but if I added only 12 to 1 and divided by 13, I would get 1 but 2*13 = 26 = 1 mod 25 so the correct answer will not be found if you add N^2 (mod x). It can be done the way I first suggested but you must keep track of how many times you added (say n times m is added to c and then divided by x) then to this result you would add n * (N^2-m)/x. 1*(25-12)/13 + 1 = 2 which is correct when you figure 1/13 Mod 25.

So if you had the problem

1 = 17^63 * r^5 mod 25

you would reduce 63 to 3 by repeatedly dividing by 17^20 which = 1 mod 25 since there are 20 numbers that are both prime to 25 and less than 25 (Euler's theorem) then compute 17^3 = 13 mod 25. Then you would find 1/13 mod 25 which as shown above = 2 (= a)

The problem then becomes finding b from the equation a = b^x mod c which is the topic of your earlier thread.
 


thanks ramsey for the detailed answer! any suggestions then on how to solve a = b^x mod c, for b?
 

Similar threads

Undergrad Dfns group action & group, written in terms of the other
  • · Replies 26 ·
Replies
26
Views
2K
Graduate Structure of modulo-integer matrix group GL(r,Z(n))?
  • · Replies 17 ·
Replies
17
Views
7K
Undergrad How Does the Equation D x E mod Φ(N) = 1 Relate to RSA Encryption?
  • · Replies 1 ·
Replies
1
Views
2K
Graduate How Does U(1) Double-Cover SO(2) for a Specified Angle?
  • · Replies 2 ·
Replies
2
Views
3K
Undergrad Relativistic Uniform Circular Motion
  • · Replies 15 ·
Replies
15
Views
1K
Graduate How can I find a x such that the order of 2 mod x is n?
  • · Replies 2 ·
Replies
2
Views
2K
Graduate About computing the tangent space at 1 of certain lie groups
  • · Replies 4 ·
Replies
4
Views
3K
Graduate N-Body inputs from Keplerian Orbits
  • · Replies 6 ·
Replies
6
Views
3K
Graduate Transform that maps points from any quad to an reactangle
  • · Replies 4 ·
Replies
4
Views
4K
Finding a periodic solution to ODE
  • · Replies 16 ·
Replies
16
Views
2K