A certain family of subgroups of ℤ𝑛⋆ is weakly pseudo-free under the general integer factoring intractability assumption

Abstract

AbstractLet {\mathbb{G}_{n}} be the subgroup of elements of odd order in the group {\mathbb{Z}^{\star}_{n}}, and let {\mathcal{U}(\mathbb{G}_{n})} be the uniform probability distribution on {\mathbb{G}_{n}}. In this paper, we establish a probabilistic polynomial-time reduction from finding a nontrivial divisor of a composite number n to finding a nontrivial relation between l elements chosen independently and uniformly at random from {\mathbb{G}_{n}}, where {l\geq 1} is given in unary as a part of the input. Assume that finding a nontrivial divisor of a random number in some set N of composite numbers (for a given security parameter) is a computationally hard problem. Then, using the above-mentioned reduction, we prove that the family {((\mathbb{G}_{n},\mathcal{U}(\mathbb{G}_{n}))\mid n\in N)} of computational abelian groups is weakly pseudo-free. The disadvantage of this result is that the probability ensemble {(\mathcal{U}(\mathbb{G}_{n})\mid n\in N)} is not polynomial-time samplable. To overcome this disadvantage, we construct a polynomial-time computable function {\nu\colon D\to N} (where {D\subseteq\{0,1\}^{*}}) and a polynomial-time samplable probability ensemble {(\mathcal{G}_{d}\mid d\in D)} (where {\mathcal{G}_{d}} is a distribution on {\mathbb{G}_{\nu(d)}} for each {d\in D}) such that the family {((\mathbb{G}_{\nu(d)},\mathcal{G}_{d})\mid d\in D)} of computational abelian groups is weakly pseudo-free.