Quiz Entry - updated: 2026.07.14
True or false: "EC security is based on a one-way function WITH trapdoor (like RSA)."
False — EC security is based on the discrete logarithm problem, which is a one-way function WITHOUT trapdoor. Unlike RSA, nobody has a secret shortcut — the problem is hard for everyone.
* RSA hides a trapdoor — the factorisation $p,q$ — that makes inversion easy for its owner; the discrete log has no such shortcut, so $k$ is hard to find for everyone. *
The distinction:
- RSA: One-way function WITH trapdoor. Computing $m^e \mod N$ is easy; the inverse (e-th root) is hard WITHOUT knowing $p,q$ but easy WITH knowing $p,q$
- EC/DH/ElGamal: One-way function WITHOUT trapdoor. Computing $k \cdot P$ is easy; finding $k$ from $P$ and $k \cdot P$ is hard for EVERYONE — there is no secret shortcut
How EC crypto works without a trapdoor:
- ECDH: Both parties contribute randomness → shared secret emerges without either solving the hard problem
- EC ElGamal: Message is masked with ephemeral key → receiver uses their secret exponent to reconstruct the same mask
- ECDSA: Signature is constructed so verification requires only public parameters
This is the same fundamental distinction that separates RSA (factoring-based) from all discrete-log-based schemes (DH, ElGamal, DSA, Schnorr, ECC variants of all these).
Go deeper:
Trapdoor function — Wikipedia — a one-way function with a secret that makes inversion easy (RSA has one).
One-way function — Wikipedia — hard to invert for everyone, with no trapdoor (the DLP case).