**Abstract** : Let N be the result of an RSA modulus generation, i.e., a random variable distributed according to some appropriate distribution over the set of products of two primes, such that factoring N is believed to be hard. The Strong RSA assumption states that, given an x chosen uniformly at random from ZN , it is computationally infeasible to com- pute a y 2 ZN and an e 2 N n f1g such that ye x (mod N) . This assumption is important in cryptography and has been used to construct several cryptosystems. Due to the lack of complexity-theoretic lower bound proofs for crypto- graphic problems in a general model of computation, it is a common practice in cryptography to give proofs of computational security in meaningful restricted models of computation. Some examples of restricted models that are interesting in cryptography are the generic group model for proving lower bounds for the discrete logarithm problem and related problems, and the random oracle model for proving the soundness of protocols or hash function constructions. A generic model captures that an algorithm does not exploit the bit rep- resentation of the elements other than for testing equality. The security of the RSA public-key cryptosystem can be analyzed in the generic ring model. In this paper, we prove that for almost all possible distributions of N , the problem of factoring N can be e ciently reduced to solving the Strong RSA problem on ZN in the generic ring model of computation, where an algorithm can perform ring operations, inverse ring operations, and test equality.