Is security of the modulus needed to maintain the “discrete logarithm problem”?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












After a serious google search, I have been unable to find a definite yes/no answer to the following question.



Assume I have c, e and m, and I compute $r = c ^ e mod m$



This is with regard to the discrete-logarithm problem. My understanding is that revealing r and c does not compromise e, but what about revealing m?



I know enough about cryptography to know that I should never assume anything, thus my reason for asking.




modular-arithmetic discrete-logarithms




share|cite|improve this question





















  • Everyone must know the modulus, otherwise how are they supposed to do the calculations? You want to conceal its factors.
    – Randall
    Jul 28 at 21:57











  • @Randall Thanks - post that as an answer, and I'll accept it.
    – dgnuff
    Jul 28 at 21:59










  • Thanks, I’ll let someone else take it. I’m on my phone ;)
    – Randall
    Jul 28 at 22:02










  • Although "discreet" is also somewhat genre-appropriate, in this case it's the "discrete" logarithm problem.
    – SolveIt
    Jul 29 at 1:48














up vote
0
down vote

favorite












After a serious google search, I have been unable to find a definite yes/no answer to the following question.



Assume I have c, e and m, and I compute $r = c ^ e mod m$



This is with regard to the discrete-logarithm problem. My understanding is that revealing r and c does not compromise e, but what about revealing m?



I know enough about cryptography to know that I should never assume anything, thus my reason for asking.




modular-arithmetic discrete-logarithms




share|cite|improve this question





















  • Everyone must know the modulus, otherwise how are they supposed to do the calculations? You want to conceal its factors.
    – Randall
    Jul 28 at 21:57











  • @Randall Thanks - post that as an answer, and I'll accept it.
    – dgnuff
    Jul 28 at 21:59










  • Thanks, I’ll let someone else take it. I’m on my phone ;)
    – Randall
    Jul 28 at 22:02










  • Although "discreet" is also somewhat genre-appropriate, in this case it's the "discrete" logarithm problem.
    – SolveIt
    Jul 29 at 1:48












up vote
0
down vote

favorite









up vote
0
down vote

favorite











After a serious google search, I have been unable to find a definite yes/no answer to the following question.



Assume I have c, e and m, and I compute $r = c ^ e mod m$



This is with regard to the discrete-logarithm problem. My understanding is that revealing r and c does not compromise e, but what about revealing m?



I know enough about cryptography to know that I should never assume anything, thus my reason for asking.




modular-arithmetic discrete-logarithms




share|cite|improve this question













After a serious google search, I have been unable to find a definite yes/no answer to the following question.



Assume I have c, e and m, and I compute $r = c ^ e mod m$



This is with regard to the discrete-logarithm problem. My understanding is that revealing r and c does not compromise e, but what about revealing m?



I know enough about cryptography to know that I should never assume anything, thus my reason for asking.





modular-arithmetic discrete-logarithms





share|cite|improve this question












share|cite|improve this question




share|cite|improve this question








edited Jul 29 at 2:09
























asked Jul 28 at 21:55









dgnuff

1434




1434











  • Everyone must know the modulus, otherwise how are they supposed to do the calculations? You want to conceal its factors.
    – Randall
    Jul 28 at 21:57











  • @Randall Thanks - post that as an answer, and I'll accept it.
    – dgnuff
    Jul 28 at 21:59










  • Thanks, I’ll let someone else take it. I’m on my phone ;)
    – Randall
    Jul 28 at 22:02










  • Although "discreet" is also somewhat genre-appropriate, in this case it's the "discrete" logarithm problem.
    – SolveIt
    Jul 29 at 1:48
















  • Everyone must know the modulus, otherwise how are they supposed to do the calculations? You want to conceal its factors.
    – Randall
    Jul 28 at 21:57











  • @Randall Thanks - post that as an answer, and I'll accept it.
    – dgnuff
    Jul 28 at 21:59










  • Thanks, I’ll let someone else take it. I’m on my phone ;)
    – Randall
    Jul 28 at 22:02










  • Although "discreet" is also somewhat genre-appropriate, in this case it's the "discrete" logarithm problem.
    – SolveIt
    Jul 29 at 1:48















Everyone must know the modulus, otherwise how are they supposed to do the calculations? You want to conceal its factors.
– Randall
Jul 28 at 21:57





Everyone must know the modulus, otherwise how are they supposed to do the calculations? You want to conceal its factors.
– Randall
Jul 28 at 21:57













@Randall Thanks - post that as an answer, and I'll accept it.
– dgnuff
Jul 28 at 21:59




@Randall Thanks - post that as an answer, and I'll accept it.
– dgnuff
Jul 28 at 21:59












Thanks, I’ll let someone else take it. I’m on my phone ;)
– Randall
Jul 28 at 22:02




Thanks, I’ll let someone else take it. I’m on my phone ;)
– Randall
Jul 28 at 22:02












Although "discreet" is also somewhat genre-appropriate, in this case it's the "discrete" logarithm problem.
– SolveIt
Jul 29 at 1:48




Although "discreet" is also somewhat genre-appropriate, in this case it's the "discrete" logarithm problem.
– SolveIt
Jul 29 at 1:48










1 Answer
1






active

oldest

votes

















up vote
0
down vote













It looks like you are talking about public-key cryptography. For RSA, $e$ and $m$ are the public keys for the recipient; $c$ is the message to be encrypted and presumably is private to the sender, while $r$ is the encrypted message that is presumed to be open to interception. The secret decrypt value is $d:= e^-1 bmod$ $lambda(m)$, which is hard to discover since $m$ is a number that is chosen to be hard to factorize - the product of two large primes.



Even knowing all of $r$ and $c$ for a set of messages (and given that $e$ and $m$ are public anyway), the decrypt key value of $d$ is still secure by the size of the numbers involved.



One of the interesting tricks is to send a message encrypted with your own key but using the decrypt exponent $d$ instead of the public encrpyt $e$. Then anyone can decrypt it but it can only have come from you. Then wrapping this message (suitably tagged) in someone else's public key means only they can read it, and they know that only you could have sent it.






share|cite|improve this answer























  • If the talk is really on the discrete logarithm problem, then the "secret message" is $e$, not $c$ (and $m$ is usually taken to be prime).
    – metamorphy
    Jul 29 at 0:22










  • @metamorphy No, the whole point of $m$ is that it is not prime.
    – Joffan
    Jul 29 at 0:33











  • It is the point for RSA. For DLP, the security concerns on $m$ are "completely different".
    – metamorphy
    Jul 29 at 0:45










  • @metamorphy OK added that I am specifically talking about RSA. If you want to add an answer about DLP I will read with interest.
    – Joffan
    Jul 29 at 0:54










  • Joffan is correct, this is for the discrete logarithm problem, and as noted in Randall's comment to my original post, r, c, and m can all be published without compromising e, and m will be prime. I'll edit the question to clarify that. -- Edit -- I will add that I did include the Discrete-Logarithm Tag when originally posting.
    – dgnuff
    Jul 29 at 2:09










Your Answer




StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "69"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f2865602%2fis-security-of-the-modulus-needed-to-maintain-the-discrete-logarithm-problem%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













It looks like you are talking about public-key cryptography. For RSA, $e$ and $m$ are the public keys for the recipient; $c$ is the message to be encrypted and presumably is private to the sender, while $r$ is the encrypted message that is presumed to be open to interception. The secret decrypt value is $d:= e^-1 bmod$ $lambda(m)$, which is hard to discover since $m$ is a number that is chosen to be hard to factorize - the product of two large primes.



Even knowing all of $r$ and $c$ for a set of messages (and given that $e$ and $m$ are public anyway), the decrypt key value of $d$ is still secure by the size of the numbers involved.



One of the interesting tricks is to send a message encrypted with your own key but using the decrypt exponent $d$ instead of the public encrpyt $e$. Then anyone can decrypt it but it can only have come from you. Then wrapping this message (suitably tagged) in someone else's public key means only they can read it, and they know that only you could have sent it.






share|cite|improve this answer























  • If the talk is really on the discrete logarithm problem, then the "secret message" is $e$, not $c$ (and $m$ is usually taken to be prime).
    – metamorphy
    Jul 29 at 0:22










  • @metamorphy No, the whole point of $m$ is that it is not prime.
    – Joffan
    Jul 29 at 0:33











  • It is the point for RSA. For DLP, the security concerns on $m$ are "completely different".
    – metamorphy
    Jul 29 at 0:45










  • @metamorphy OK added that I am specifically talking about RSA. If you want to add an answer about DLP I will read with interest.
    – Joffan
    Jul 29 at 0:54










  • Joffan is correct, this is for the discrete logarithm problem, and as noted in Randall's comment to my original post, r, c, and m can all be published without compromising e, and m will be prime. I'll edit the question to clarify that. -- Edit -- I will add that I did include the Discrete-Logarithm Tag when originally posting.
    – dgnuff
    Jul 29 at 2:09














up vote
0
down vote













It looks like you are talking about public-key cryptography. For RSA, $e$ and $m$ are the public keys for the recipient; $c$ is the message to be encrypted and presumably is private to the sender, while $r$ is the encrypted message that is presumed to be open to interception. The secret decrypt value is $d:= e^-1 bmod$ $lambda(m)$, which is hard to discover since $m$ is a number that is chosen to be hard to factorize - the product of two large primes.



Even knowing all of $r$ and $c$ for a set of messages (and given that $e$ and $m$ are public anyway), the decrypt key value of $d$ is still secure by the size of the numbers involved.



One of the interesting tricks is to send a message encrypted with your own key but using the decrypt exponent $d$ instead of the public encrpyt $e$. Then anyone can decrypt it but it can only have come from you. Then wrapping this message (suitably tagged) in someone else's public key means only they can read it, and they know that only you could have sent it.






share|cite|improve this answer























  • If the talk is really on the discrete logarithm problem, then the "secret message" is $e$, not $c$ (and $m$ is usually taken to be prime).
    – metamorphy
    Jul 29 at 0:22










  • @metamorphy No, the whole point of $m$ is that it is not prime.
    – Joffan
    Jul 29 at 0:33











  • It is the point for RSA. For DLP, the security concerns on $m$ are "completely different".
    – metamorphy
    Jul 29 at 0:45










  • @metamorphy OK added that I am specifically talking about RSA. If you want to add an answer about DLP I will read with interest.
    – Joffan
    Jul 29 at 0:54










  • Joffan is correct, this is for the discrete logarithm problem, and as noted in Randall's comment to my original post, r, c, and m can all be published without compromising e, and m will be prime. I'll edit the question to clarify that. -- Edit -- I will add that I did include the Discrete-Logarithm Tag when originally posting.
    – dgnuff
    Jul 29 at 2:09












up vote
0
down vote










up vote
0
down vote









It looks like you are talking about public-key cryptography. For RSA, $e$ and $m$ are the public keys for the recipient; $c$ is the message to be encrypted and presumably is private to the sender, while $r$ is the encrypted message that is presumed to be open to interception. The secret decrypt value is $d:= e^-1 bmod$ $lambda(m)$, which is hard to discover since $m$ is a number that is chosen to be hard to factorize - the product of two large primes.



Even knowing all of $r$ and $c$ for a set of messages (and given that $e$ and $m$ are public anyway), the decrypt key value of $d$ is still secure by the size of the numbers involved.



One of the interesting tricks is to send a message encrypted with your own key but using the decrypt exponent $d$ instead of the public encrpyt $e$. Then anyone can decrypt it but it can only have come from you. Then wrapping this message (suitably tagged) in someone else's public key means only they can read it, and they know that only you could have sent it.






share|cite|improve this answer















It looks like you are talking about public-key cryptography. For RSA, $e$ and $m$ are the public keys for the recipient; $c$ is the message to be encrypted and presumably is private to the sender, while $r$ is the encrypted message that is presumed to be open to interception. The secret decrypt value is $d:= e^-1 bmod$ $lambda(m)$, which is hard to discover since $m$ is a number that is chosen to be hard to factorize - the product of two large primes.



Even knowing all of $r$ and $c$ for a set of messages (and given that $e$ and $m$ are public anyway), the decrypt key value of $d$ is still secure by the size of the numbers involved.



One of the interesting tricks is to send a message encrypted with your own key but using the decrypt exponent $d$ instead of the public encrpyt $e$. Then anyone can decrypt it but it can only have come from you. Then wrapping this message (suitably tagged) in someone else's public key means only they can read it, and they know that only you could have sent it.







share|cite|improve this answer















share|cite|improve this answer



share|cite|improve this answer








edited Jul 29 at 0:53


























answered Jul 28 at 23:15









Joffan

31.8k43169




31.8k43169











  • If the talk is really on the discrete logarithm problem, then the "secret message" is $e$, not $c$ (and $m$ is usually taken to be prime).
    – metamorphy
    Jul 29 at 0:22










  • @metamorphy No, the whole point of $m$ is that it is not prime.
    – Joffan
    Jul 29 at 0:33











  • It is the point for RSA. For DLP, the security concerns on $m$ are "completely different".
    – metamorphy
    Jul 29 at 0:45










  • @metamorphy OK added that I am specifically talking about RSA. If you want to add an answer about DLP I will read with interest.
    – Joffan
    Jul 29 at 0:54










  • Joffan is correct, this is for the discrete logarithm problem, and as noted in Randall's comment to my original post, r, c, and m can all be published without compromising e, and m will be prime. I'll edit the question to clarify that. -- Edit -- I will add that I did include the Discrete-Logarithm Tag when originally posting.
    – dgnuff
    Jul 29 at 2:09
















  • If the talk is really on the discrete logarithm problem, then the "secret message" is $e$, not $c$ (and $m$ is usually taken to be prime).
    – metamorphy
    Jul 29 at 0:22










  • @metamorphy No, the whole point of $m$ is that it is not prime.
    – Joffan
    Jul 29 at 0:33











  • It is the point for RSA. For DLP, the security concerns on $m$ are "completely different".
    – metamorphy
    Jul 29 at 0:45










  • @metamorphy OK added that I am specifically talking about RSA. If you want to add an answer about DLP I will read with interest.
    – Joffan
    Jul 29 at 0:54










  • Joffan is correct, this is for the discrete logarithm problem, and as noted in Randall's comment to my original post, r, c, and m can all be published without compromising e, and m will be prime. I'll edit the question to clarify that. -- Edit -- I will add that I did include the Discrete-Logarithm Tag when originally posting.
    – dgnuff
    Jul 29 at 2:09















If the talk is really on the discrete logarithm problem, then the "secret message" is $e$, not $c$ (and $m$ is usually taken to be prime).
– metamorphy
Jul 29 at 0:22




If the talk is really on the discrete logarithm problem, then the "secret message" is $e$, not $c$ (and $m$ is usually taken to be prime).
– metamorphy
Jul 29 at 0:22












@metamorphy No, the whole point of $m$ is that it is not prime.
– Joffan
Jul 29 at 0:33





@metamorphy No, the whole point of $m$ is that it is not prime.
– Joffan
Jul 29 at 0:33













It is the point for RSA. For DLP, the security concerns on $m$ are "completely different".
– metamorphy
Jul 29 at 0:45




It is the point for RSA. For DLP, the security concerns on $m$ are "completely different".
– metamorphy
Jul 29 at 0:45












@metamorphy OK added that I am specifically talking about RSA. If you want to add an answer about DLP I will read with interest.
– Joffan
Jul 29 at 0:54




@metamorphy OK added that I am specifically talking about RSA. If you want to add an answer about DLP I will read with interest.
– Joffan
Jul 29 at 0:54












Joffan is correct, this is for the discrete logarithm problem, and as noted in Randall's comment to my original post, r, c, and m can all be published without compromising e, and m will be prime. I'll edit the question to clarify that. -- Edit -- I will add that I did include the Discrete-Logarithm Tag when originally posting.
– dgnuff
Jul 29 at 2:09




Joffan is correct, this is for the discrete logarithm problem, and as noted in Randall's comment to my original post, r, c, and m can all be published without compromising e, and m will be prime. I'll edit the question to clarify that. -- Edit -- I will add that I did include the Discrete-Logarithm Tag when originally posting.
– dgnuff
Jul 29 at 2:09












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f2865602%2fis-security-of-the-modulus-needed-to-maintain-the-discrete-logarithm-problem%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

What is the equation of a 3D cone with generalised tilt?

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite What is the equation of a 3D cone with generalized tilt? I've noticed that in most equations given to represent a cone, there is no parameter which defines the tilt of the cone in 3D space and that most of them have their point at the origin $(0,0,0)$ - I was wondering if anyone could give me a more generalized cone equation for a cone in any position in 3D space 3d share | cite | improve this question edited Jul 25 '16 at 0:05 ervx 9,425 3 13 36 asked Jul 24 '16 at 15:38 Charlene 11 2 2 Welcome to Math.SE! Could you please explain a few things to help people give an answer useful to you: 1. What do you mean by "generalized tilt"? 2. Are you asking about a right circular cone? Does the angle at the vertex matter? 3. What form of answer (implicit, parametric...?) are you looking for? 4. If this is homework, what tools do you have available, an...
Read more

Relationship between determinant of matrix and determinant of adjoint?

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite We are studying adjoints in class, and I was curious if there is a relationship between the determinant of matrix A, and the determinant of the adjoint of matrix A? I assume there would be a relationship because finding the adjoint requires creating a cofactor matrix and then transposing it. linear-algebra determinant adjoint-operators share | cite | improve this question asked Nov 17 '17 at 17:32 CluelessCoder 32 5 For a square matrix $A$ of order $n$, we have $A(operatornameadj A)=(operatornameadj A)A=|A|I_n$ where $I_n$ is the identity matrix of order $n$. This should tell you about the determinant of the adjoint in terms of that of $A$ (use multiplicative property and other elementary properties of determinants). – Prasun Biswas Nov 17 '17 at 17:35 1 @CluelessCoder: see here: math.stackexchange.com/questions/516127/…...
Read more

Color the edges and diagonals of a regular polygon

Image
Clash Royale CLAN TAG #URR8PPP up vote 5 down vote favorite 1 Here is the problem: For what $n$ is it possible to color the edges and diagonals of an $n$-side regular polygon with $dfracbinomn23$ colors, such that you use every color exactly three times and for every color the three segments (edges or diagonals) with that color form a triangle? Trivially $nequiv 0 text or 1 pmod3$. I can also prove that if the statement is true for $k$ than it is true for $3k$ as well. How to finish? Please help! Thanks combinatorial-geometry share | cite | improve this question edited Aug 6 at 21:57 alcana 118 4 asked Aug 6 at 21:15 Leo Gardner 356 11 Even assuming "polyhpn" in the title is a typo for polygon , it is unclear what you mean by "the edges and sides". Aren't the side of a regular polygon the same as the edges? A regular $n$-sided polygon has $n$ edges. – hardmath Aug 6 at 21:20 3 $n$ ne...
Read more