I've heard differing opinions/statements of fact from different professors and sources as to whether cracking RSA is "thought" to be in NP, or known to be an NP-complete problem. Can anyone shed light on this discrepancy? which is it, or do we know?
crack RSA: NP, or NP-complete?
1
$\begingroup$
computer-science
computational-complexity
np-complete
-
4This question is not research level. Read wiki [Integer factorization difficulty and complexity](http://en.wikipedia.org/wiki/Integer_factorization#Difficulty_and_complexity). – 2011-08-16
-
4George Bush: Great president, or greatest president? – 2011-08-16
-
0Please read the [FAQ](http://cstheory.stackexchange.com/faq) to understand the scope of cstheory. I am closing the question as off-topic and migrating to Math.SE. – 2011-08-16
1 Answers
10
Proving that breaking any cryptosystem is $\mathsf{NP}$-complete would be a great achievement in cryptography, since $\mathsf{P} \neq \mathsf{NP}$ is probably the most "standard" hardness assumption around. For the case of RSA, security of the system is based on hardness of the integer factorization problem. This problem lies in the intersection of $\mathsf{NP}$ and $\mathsf{coNP}$, and is thus unlikely to be $\mathsf{NP}$-complete. However, it's obviously in $\mathsf{NP}$ (just guess the private key, and decrypt).
-
7iirc then cracking RSA is not even known to be equivalent to factoring. It could be the case that factoring is hard, but cracking RSA is easy. – 2011-08-16
-
1There have been a number of non-number-theoretical attempts on NP-complete cryptosystems too (for instance, systems based on the knapsack problem), but all of those have had specialized constructions that turn out to yield non-NP-complete versions of the appropriate problem. In fact, proving the secureness of an encryption scheme (more specifically, proving the existence of one-way functions) is even harder than proving the P-NP separation, since IIRC there are worlds where P is inequal to NP but one-way functions don't exist. – 2011-08-16