Re: could it be a trapdoor

laicko <yichun.zhang@gmail.com> wrote:
>if E(K) is a elliptic curve over a finite field K, then we could
>construct a subgroup with order N.
>Let N=p*q, p and q are both big prime.
>
>Then here comes my question:
>if we make N in public , let p and q in secret,
>let the points in this subgroup is the plaintext space,
>
>then could we can conclude that: if we let e<N, then to compute eM from
>M is easy and compute M from eM is hard?

As Tom said, you only need 1/e mod N, not mod phi(N). It does not
matter if you publish N, point counting is easy in this context.

Second: I believe it is possible to extract e'th roots on an elliptic
curve even if you do not know N, at least if e is small. Simply
compute symbolic equations for multiplication by e, then solve them.
You can try yourself with e=2 and e=3.

-- 
Kristian Gjøsteen