In practice, how many algorithms depend on the totient function?

Question

I am somewhat familiar with the RSA algorithm, and I know that the security comes from the fact that the totient $\phi(m)$ is difficult to compute when $m$ is large and of unknown factorisation. I have more or less assumed that something like this lies at the base for most modern public-key encryption, but how widespread in the real world are public key encryption schemes (including RSA) for which "finding $\phi(m)$ from $m$" is the main bottleneck for a brute-force attack?

I'm not asking how many such schemes there are out there that people have invented (although I actually only know of RSA, so if someone were to, say, drop the names of one or three others, that would be cool), but rather, in a sense, what qualification can I use when I say "_____ of modern public key encryption hinges on the fact that $\phi(m)$ is hard to compute" to laypeople, for instance in a high school math class where we take a day off from the usual curriculum. Can I say "Almost all of modern encryption", or "Most" or do I have to moderate it to "A lot", or even just "Some"?

Answer 1

I know that the security comes from the fact that the totient $\phi(n)$ is difficult to compute

Actually, we don't know that. We know that if we can recover $\phi(n)$, we can decrypt an RSA encrypted message (given the public key), but we don't know how to go the other way; given a way to decrypt RSA encrypted message (given the ciphertext and the public key), how we might recover $\phi(n)$. Decrypting RSA messages might be easier than recovering $\phi(n)$.

However, to address your question "what public key algorithms assume that recovering $\phi(n)$ is hard", well, recovering $\phi(n)$ is equivalent to factoring $n$ (in the sense that if you can solve one of them, you can immediately solve the other". Hence, what you're looking for are public encryption methods that assume that factorization is difficult; I believe that list would be RSA, Rabin and Paillier (which is a public key encryption scheme with some additional homomorphic properties that can be useful at time).