How does the e-th root mod N demonstrate one-way function behavior, and what role does the "trapdoor" play?
Computing $x^e \mod N$ is easy, but reversing it (finding $x$ from $y = x^e \mod N$) produces a chaotic, seemingly random mapping that's infeasible to invert without knowing the factorization of N.
* Cubing mod 33 is one-to-one yet scrambled: going forward is trivial, but recovering the cube root (e.g. that 29³ ≡ 2) means searching — unless you hold the trapdoor. *
Concrete example: $x^3 \mod 33$
| $x$ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | ... |
|---|---|---|---|---|---|---|---|---|---|---|
| $x^3 \mod 33$ | 0 | 1 | 8 | 27 | 31 | 26 | 18 | 13 | 17 | ... |
| $\sqrt[3]{x} \mod 33$ | 0 | 1 | 29 | 9 | 16 | 14 | 30 | 28 | 2 | ... |
Key observations:
- The mapping from $x$ to $x^3 \mod 33$ is bijective (one-to-one) but looks completely chaotic
- Given $y$, finding $x$ by inspection is essentially impossible for large N
- For small N, you can build a complete table — but for RSA-sized $N > 10^{600}$, this is unthinkable
The trapdoor: If you know that $N = p \cdot q$ (the prime factorization), you can compute $\varphi(N) = (p-1)(q-1)$ and then find the decryption exponent $d = e^{-1} \mod \varphi(N)$. With $d$, computing $y^d \mod N = x$ is easy via SAM. Without the factorization, you're stuck.
This is RSA in a nutshell: The public key makes $x^e \mod N$ easy for everyone; only the private key holder knows the factorization (trapdoor) to reverse it.
Go deeper:
RSA (cryptosystem) (Wikipedia) — the e-th root as RSA's trapdoor one-way function.
RSA Encryption (Art of the Problem) — a beautifully animated build-up of the trapdoor.