Abstract
Let
{\mathbb{G}_{n}}
be the subgroup of elements of odd order in the group
{\mathbb{Z}^{\star}_{n}}
, and let
{\mathcal{U}(\mathbb{G}_{n})}
be the uniform probability distribution on
{\mathbb{G}_{n}}
.
In this paper, we establish a probabilistic polynomial-time reduction from finding a nontrivial divisor of a composite number n to finding a nontrivial relation between l elements chosen independently and uniformly at random from
{\mathbb{G}_{n}}
, where
{l\geq 1}
is given in unary as a part of the input.
Assume that finding a nontrivial divisor of a random number in some set N of composite numbers (for a given security parameter) is a computationally hard problem.
Then, using the above-mentioned reduction, we prove that the family
{((\mathbb{G}_{n},\mathcal{U}(\mathbb{G}_{n}))\mid n\in N)}
of computational abelian groups is weakly pseudo-free.
The disadvantage of this result is that the probability ensemble
{(\mathcal{U}(\mathbb{G}_{n})\mid n\in N)}
is not polynomial-time samplable.
To overcome this disadvantage, we construct a polynomial-time computable function
{\nu\colon D\to N}
(where
{D\subseteq\{0,1\}^{*}}
) and a polynomial-time samplable probability ensemble
{(\mathcal{G}_{d}\mid d\in D)}
(where
{\mathcal{G}_{d}}
is a distribution on
{\mathbb{G}_{\nu(d)}}
for each
{d\in D}
) such that the family
{((\mathbb{G}_{\nu(d)},\mathcal{G}_{d})\mid d\in D)}
of computational abelian groups is weakly pseudo-free.
A Polynomial-Time Reduction from the 3SAT Problem to the Generalized String Puzzle Problem
