Inverse of an element in a RSA group

Question

Consider a RSA group $Z_N$ for $N=pq$, where $p,q$ are large prime numbers. Under strong RSA assumption, can an adversary efficiently compute the inverse of a random element $z$ from $Z_N$ without access to $p,q, \phi(N)$? Mathematically does there exists efficient algorithm $\mathcal{A}$ s.t

$$ \mathbb{P}\left( z.u=1,\quad z \leftarrow Z_N,\; u=\mathcal{A}(x,N) \right) \geq \text{neglible}? $$

PS: I am learning cryptography so my notations are quite shaky.

score 4 · Accepted Answer · answered Feb 10 '19 at 21:22

4

Mathematically does there exists efficient algorithm $\mathcal{A}$

Yes; the Extended Euclidean algorithm can be used to efficiently compute multiplicative inverses modulo $N$, without knowledge of the factorization of $N$.

answered Feb 10 '19 at 21:22

poncho

154,064
12
239
382

Inverse of an element in a RSA group

1 Answers1