Abstract. Assuming the intractability of factoring, we show that the output of the exponentiation modulo a composite function f N,g (x)=gx mod N (where N=P⋅ Q ) is pseudorandom, even when its input is restricted to being half the size (i.e. x<
). This result is equivalent to the simultaneous hardness of the upper half of the bits of f N,g , proven by Hastad, Schrift and Shamir. Yet, we provide a different proof that is significantly simpler than the original one. In addition, we suggest a pseudorandom generator that is more efficient than all previously known factoring-based pseudorandom generators.
Article PDF
Similar content being viewed by others
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Goldreich, ., Rosen, . On the Security of Modular Exponentiation with Application to the Construction of Pseudorandom Generators . J. Cryptology 16, 71–93 (2003). https://doi.org/10.1007/s00145-002-0038-7
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/s00145-002-0038-7