A One-Way Function Based On The Extended Euclidean Algorithm

1 A One-Way Function Based On The Extended Euclidea n Algorithm Ephraim Feig, Fellow IEEE and Vivian Feig Abstract: A problem based on the Extended Euclidean Algorithm applied to a class of polynomials with many factors is presented and be lieved to be hard. If so, it is a one-way function well suited for applications in digital signatures. Let ) ( x P and ) ( x Q be polynomials defined over the Integers modulo a prime integer p with ) 1 ( ) ( ) ( 1    p x x Q x P p mod . Also let ) ( x A be a polynomial such that 1 ) ( ) (  x P x A ) ( mod x Q mod p . In general, the pair   ) ( ), ( x Q x P is not uniquely determined (mod p ) from just ) ( x A and p ; using Mathematica, we have found counterexamples. However, when  ) ( deg x P 2 / ) 1 ( ) ( deg   p x Q , we have not found counterexamples, but neither have we proved that the solution is unique. More pertinent for this correspondence is the question: is finding such a pair of polynomials a hard problem? That is, can one find such a pair from just ) ( x A and p without testing all possible factorizations of 1 1   p x and checking for the congruence until a match is found? Because ) ( 1 1 1 1        p j p j x x p mod , (1) the number of such pairs is exponential in p . Identity (1) is true because, by Fermat’s Little Theorem [1], for every integer j relatively prime to p , 1 1   p j p mod , and so each of the 1  p values of j between 1 and 1  p is a root of the equation 0 1 1    p x p mod . If the problem is indeed hard, a one-way function [2] can be obtained as follows. Randomly factor 1 1   p x into two polynomials of degree 2 / ) 1 (  p , and then use the Extended Euclidean Algorithm (EEA) [3] to find poly nomials ) ( x A and ) ( x B such that 1 ) ( ) ( ) ( ) (   x Q x B x P x A p mod . (2) From equation (2) we get 1 ) ( ) (  x P x A ) ( mod x Q p mod . Since computing the EEA is simple (polynomial in the size of the input), the problem of computing ) ( x A from   ) ( ), ( x Q x P is simple; but its inverse, the computation of   ) ( ), ( x Q x P from ) ( x A is assumed hard. The application of one-way functions to digital 2 signatures is straightforward [4]. A would-be signer publishes ) ( x A as a public key. To prove authenticity , the signer presents ) ( x P . Since, as assumed, the problem of determining ) ( x P from ) ( x A is hard, we accept the signer as authentic. References: 1. T. Nagell, Introduction to Number Theory , Wiley, pp. 71-73, 1951. 2. O. Goldreich, Foundations of Cryptography: Vol. 1, Basic Tools . Cambridge University Press, 2001. 3. D. Knuth, The Art of Computer Programming, Vol. 2: Seminumerical Algorithms, Addison-Wesley, Reading, Mass., 3 rd Edition, 1998. 4. L. Lamport, “Constructing digital signatures from a one-way function,” Technical Report CSL-98, SRI International, Oct. 1979.