Abstract. Assuming the intractability of factoring, we show that the output of the exponentiation modulo a composite function f N,g (x)=gx mod N (where N=P⋅ Q ) is pseudorandom, even when its input is restricted to being half the size (i.e. x<
). This result is equivalent to the simultaneous hardness of the upper half of the bits of f N,g , proven by Hastad, Schrift and Shamir. Yet, we provide a different proof that is significantly simpler than the original one. In addition, we suggest a pseudorandom generator that is more efficient than all previously known factoring-based pseudorandom generators.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Goldreich, ., Rosen, . On the Security of Modular Exponentiation with Application to the Construction of Pseudorandom Generators . J. Cryptology 16, 71–93 (2003). https://doi.org/10.1007/s00145-002-0038-7
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/s00145-002-0038-7