4
$\begingroup$

Suppose I have a mystery number $m$ modulo $p$ that I wish to find. I know the value of $m+x_i^2$ where $x_i$ is randomly chosen modulo $p$ for some large number of different $x_i$, $N$ many, $N \gg \log(p)$.

Is it possible to deduce the value of $m$?

If we replace $m+x_i^2$ with $m+C_i*x_i^2$ for known $C_i$, can we find $m$?

I believe the answer should be yes in both cases, there are roughly $p/2$ quadratic residues so each question gives around $1$ bit of information. There are lattice and Fourier based solutions on the linear version of the problem with $m+K_ix_i$ where, lets say the first bit of $x$ is known modulo $p$ with probability $\varepsilon > 0$. (Bleichenbacher’s algorithm).

https://eprint.iacr.org/2013/346.pdf

I was thinking you can use Gauss sums or something to tease out the value of $m$ slowly from $x^2+m$. Something like computing an average of $e(m+x^2)$ where $e(x)$ is the complex exponential and having it converge to $m$. But I don't know enough about Gauss sums.

Improve this question
$\endgroup$
6
  • $\begingroup$ Proper notation is $N\gg\log(p),$ not $N>>\log(p).$ I edited accordingly (and also took the liberty of changing $\epsilon$ to $\varepsilon$). $\endgroup$ Commented Oct 21, 2023 at 21:14
  • 1
    $\begingroup$ What's known here? Is $p$ known? are the $x_i$ known? $\endgroup$ Commented Oct 22, 2023 at 5:38
  • $\begingroup$ $p$ is known, $x_i$ are unknown, $m$ is unknown, but the values $m+x_i^2$ are given to you. It's very surprising that its possible to find $m$ even in the linear case. $\endgroup$ Commented Oct 22, 2023 at 12:26
  • $\begingroup$ If $Q$ is the set of quadratic residues, then $|Q\cap (Q+a)|$ is roughly $p/2$, which shows that roughly $p/2$ values suffice. $\endgroup$ Commented Oct 23, 2023 at 11:35
  • $\begingroup$ Yes, but how would one go about approximating the intersection set, actually finding the intersection? $\endgroup$ Commented Oct 23, 2023 at 16:02

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.