The phi-hiding assumption or Φ-hiding assumption is an assumption about the difficulty of finding small

factors Factor, a Latin word meaning "who/which acts", may refer to: Commerce * Factor (agent), a person who acts for, notably a mercantile and colonial agent * Factor (Scotland), a person or firm managing a Scottish estate * Factors of production, suc ...

of φ(''m'') where ''m'' is a number whose

factorization In mathematics, factorization (or factorisation, see American and British English spelling differences#-ise, -ize (-isation, -ization), English spelling differences) or factoring consists of writing a number or another mathematical object as a p ...

is unknown, and φ is

Euler's totient function In number theory, Euler's totient function counts the positive integers up to a given integer that are relatively prime to . It is written using the Greek letter phi as \varphi(n) or \phi(n), and may also be called Euler's phi function. In ot ...

. The security of many modern

cryptosystem In cryptography, a cryptosystem is a suite of cryptographic algorithms needed to implement a particular security service, such as confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one for ...

s comes from the perceived difficulty of certain problems. Since P vs. NP problem is still unresolved, cryptographers cannot be sure computationally intractable problems exist. Cryptographers thus make assumptions as to which problems are ''hard''. It is commonly believed that if ''m'' is the product of two large

primes A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways ...

, then calculating φ(''m'') is currently computationally infeasible; this assumption is required for the security of the

RSA Cryptosystem RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. The acronym "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly ...

. The Φ-Hiding assumption is a stronger assumption, namely that if ''p''₁ and ''p''₂ are small primes exactly one of which divides φ(''m''), there is no

polynomial-time In computer science, the time complexity is the computational complexity that describes the amount of computer time it takes to run an algorithm. Time complexity is commonly estimated by counting the number of elementary operations performed by t ...

algorithm which can distinguish which of the primes ''p''₁ and ''p''₂ divides φ(''m'') with probability significantly greater than one-half. This assumption was first stated in the 1999 paper Computationally Private Information Retrieval with Polylogarithmic Communication, where it was used in a

Private Information Retrieval In cryptography, a private information retrieval (PIR) protocol is a protocol that allows a user to retrieve an item from a server in possession of a database without revealing which item is retrieved. PIR is a weaker version of 1-out-of-''n'' obli ...

scheme.

Applications

The Phi-hiding assumption has found applications in the construction of a few cryptographic primitives. Some of the constructions include:
Computationally Private Information Retrieval with Polylogarithmic Communication
(1999)

(1999) * ttps://doi.org/10.1007%2F11523468_65 Single-Database Private Information Retrieval with Constant Communication Rate(2005)
Password authenticated key exchange using hidden smooth subgroups
(2005)

References

{{Computational hardness assumptions Computational number theory Computational hardness assumptions Theory of cryptography