Geodesic
On generic complexity of the problem of finding roots in groups of residues
Prikladnaâ diskretnaâ matematika, no. 4 (2017), pp. 95-100.

Voir la notice de l'article provenant de la source Math-Net.Ru

Every algorithmic problem used in modern cryptography must satisfy important conditions. First of all, the problem should be easily decidable for legal users and hard for cryptanalysis. In addition, there should be an effective algorithm for generation of hard inputs. In practically used cryptosystems with open key, such inputs are randomly generated on a sufficiently large set of inputs. A problem may be hard only for a small part of the inputs (for example, only for polynomial number of words among exponential number of all binary words). So, the problem is easy for almost all inputs. This observation leads to the concept of generic complexity and computability. In the framework of this approach, the algorithmic problem is considered on some subset of “almost all” inputs. Such inputs form the so-called generic set. The concept of “almost all” can be formalized by the introduction of a natural measure on the set of inputs. The problem can be hard (moreover, algorithmically undecidable) on the whole set of inputs, but decidable (moreover, effectively decidable) for the “almost all” inputs. But cryptographic problems must remain hard in the generic case. In this paper, we study the generic complexity of the classical algorithmic problem of cryptography – the problem of extracting a root in the residue groups $\mathbb Z/(m)$, where $m=pq$ is the product of two different prime numbers. It is still unknown whether there exists a polynomial algorithm, deciding this problem for all inputs. Moreover, the famous cryptosystem RSA is based on the assumption of its hardness. We prove that this problem is generically undecidable in polynomial time, provided there is no polynomial probabilistic algorithm for its solution in the worst case. There is a plausible hypothesis ($\mathrm{P=BPP}$) that any polynomial probabilistic algorithm can be efficiently derandomized, i.e. that a polynomial deterministic algorithm can be build to solve the same problem.
Keywords: generic complexity, problem of finding roots in groups of residues, probabilistic algorithm. 
@article{PDM_2017_4_a6,
     author = {A. N. Rybalov},
     title = {On generic complexity of the problem of finding roots in groups of residues},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {95--100},
     publisher = {mathdoc},
     number = {4},
     year = {2017},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2017_4_a6/}
}
TY  - JOUR
AU  - A. N. Rybalov
TI  - On generic complexity of the problem of finding roots in groups of residues
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2017
SP  - 95
EP  - 100
IS  - 4
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2017_4_a6/
LA  - ru
ID  - PDM_2017_4_a6
ER  - 
%0 Journal Article
%A A. N. Rybalov
%T On generic complexity of the problem of finding roots in groups of residues
%J Prikladnaâ diskretnaâ matematika
%D 2017
%P 95-100
%N 4
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2017_4_a6/
%G ru
%F PDM_2017_4_a6
A. N. Rybalov. On generic complexity of the problem of finding roots in groups of residues. Prikladnaâ diskretnaâ matematika, no. 4 (2017), pp. 95-100. http://geodesic.mathdoc.fr/item/PDM_2017_4_a6/

[1] Kapovich I., Miasnikov A., Schupp P., Shpilrain V., “Generic-case complexity, decision problems in group theory and random walks”, J. Algebra, 264:2 (2003), 665–694 | DOI | MR | Zbl

[2] Kapovich I., Miasnikov A., Schupp P., Shpilrain V., “Average-case complexity for the word and membership problems in group theory”, Adv. Math., 190 (2005), 343–359 | DOI | MR | Zbl

[3] Hamkins J. D., Miasnikov A. G., “The halting problem is decidable on a set of asymptotic probability one”, Notre Dame J. Formal Logic, 47:4 (2006), 515–524 | DOI | MR | Zbl

[4] Gilman R., Miasnikov A. G., Myasnikov A. D., Ushakov A., “Report on generic case complexity”, Herald of Omsk University, 2007, Special Issue, 103–110

[5] Rybalov A., “On generic complexity of the quadratic residuosity problem”, Prikladnaya Diskretnaya Matematika, 2015, no. 2(28), 54–58 (in Russian) | DOI

[6] Rybalov A., “On generic complexity of the discrete logarithm problem”, Prikladnaya Diskretnaya Matematika, 2016, no. 3(33), 93–97 (in Russian) | DOI

[7] Rivest R., Shamir A., Adleman L., “A method for obtaining digital signatures and public-key cryptosystems”, Commun. ACM, 21:2 (1978), 120–126 | DOI | MR | Zbl

[8] Mao V., Modern Cryptography: Theory and Practice, Wil'yams Publ., Moscow, 2005, 768 pp. (in Russian)

[9] Impagliazzo R., Wigderson A., “$\mathrm{P=BPP}$ unless $\mathrm E$ has subexponential circuits: Derandomizing the XOR Lemma”, Proc. 29th STOC, ACM, El Paso, 1997, 220–229 | MR

[10] Myasnikov A., Rybalov A., “Generic complexity of undecidable problems”, J. Symbolic Logic, 73:2 (2008), 656–673 | DOI | MR | Zbl

[11] Koblits N., Course of Number Theory and Cryptography, TVP Publ., Moscow, 2001, 254 pp. (in Russian)