ComSec作业三：RSA

为什么RSA加解密互逆

已知 p , q 均为质数 n = p q e d ≡ 1 ( m o d λ ( n ) ) λ ( n ) = l c m ( p − 1 , q − 1 ) e 与 λ ( n ) 互素 已知p,q均为质数\\

已知p,q均为质数nedλ(n)​=pq≡1(modλ(n))=lcm(p−1,q−1)e与λ(n)互素​​

证明加解密互逆
c ≡ m e ( m o d n ) m ≡ c d ( m o d n ) c d ≡ ( m e ) d ≡ m e d ≡ m 1 + k λ ( n ) ≡ m ⋅ m λ ( n ) ≡ m ⋅ 1 ≡ m ( m o d n ) 接下来就是证明 m λ ( n ) ≡ 1 ( m o d n ) 由于 λ ( n ) = l c m ( p − 1 , q − 1 ) 则有 { m λ ( n ) ≡ 1 ( m o d p ) m λ ( n ) ≡ 1 ( m o d q ) 变换之后 { m λ ( n ) = 1 + k 1 p m λ ( n ) = 1 + k 2 q 再次变换 { 2 m λ ( n ) − 2 = k 1 p + k 2 q m 2 λ ( n ) = ( 1 + k 1 p ) ( 1 + k 2 q ) = 1 + k 1 p + k 2 q + k 1 k 2 p q c\equiv m^e \pmod{n}\\ m\equiv c^d \pmod{n}\\ c^d\equiv (m^e)^d \equiv m^{ed} \equiv m^{1+k\lambda(n)} \equiv m \cdot m^{\lambda(n)} \equiv m \cdot 1 \equiv m \pmod{n}\\ 接下来就是证明m^{\lambda(n)}\equiv 1 \pmod{n}\\ 由于\lambda(n)=lcm(p-1,q-1)\\ 则有\left \{

\right. \\ 变换之后 \left \{ \right. \\ 再次变换\left \{ \right.\\ c≡me(modn)m≡cd(modn)cd≡(me)d≡med≡m1+kλ(n)≡m⋅mλ(n)≡m⋅1≡m(modn)接下来就是证明mλ(n)≡1(modn)由于λ(n)=lcm(p−1,q−1)则有{mλ(n)≡1(modp)mλ(n)≡1(modq)​​变换之后{mλ(n)=1+k1​pmλ(n)=1+k2​q​再次变换{2mλ(n)−2=k1​p+k2​qm2λ(n)=(1+k1​p)(1+k2​q)=1+k1​p+k2​q+k1​k2​pq​
带入后得到
m 2 λ ( n ) = 1 + ( 2 m λ ( n ) − 2 ) + k 1 k 2 p q = 2 m λ ( n ) − 1 + k 1 k 2 p q m 2 λ ( n ) − 2 m λ ( n ) + 1 = k 1 k 2 p q ( m λ ( n ) − 1 ) 2 = k 1 k 2 p q

m2λ(n)=1+(2mλ(n)−2)+k1k2pq=2mλ(n)−1+k1k2pqm2λ(n)−2mλ(n)+1=k1k2pq(mλ(n)−1)2=k1k2pq" role="presentation">m2λ(n)m2λ(n)−2mλ(n)+1(mλ(n)−1)2=1+(2mλ(n)−2)+k1k2pq=2mλ(n)−1+k1k2pq=k1k2pq=k1k2pq$$\begin{array}{rl}{m}^{2\lambda (n)}& =1+(2m^{\lambda (n)}-2)+k_1{k}_{2}pq\\ & =2m^{\lambda (n)}-1+k_1{k}_{2}pq\\ m^{2\lambda (n)}-2m^{\lambda (n)}+1& =k_1{k}_{2}pq\\ (m^{\lambda (n)}-1{)}^2& =k_1{k}_{2}pq\end{array}$$

m2λ(n)m2λ(n)−2mλ(n)+1(mλ(n)−1)2​=1+(2mλ(n)−2)+k1​k2​pq=2mλ(n)−1+k1​k2​pq=k1​k2​pq=k1​k2​pq​
则有
$$\begin{gathered} (m^{\lambda (n)}-1{)}^2\equiv 0(\mathrm{mod}pq) \\ {m}^{\lambda (n)}-1\equiv 0(\mathrm{mod}pq) \\ {m}^{\lambda (n)}\equiv 1(\mathrm{mod}pq) \end{gathered}$$
即证

后来才发现，过程搞复杂了其实只要在这一步，移动一下就好
{ m λ ( n ) − 1 = k 1 p m λ ( n ) − 1 = k 2 q \left \{

\right.\\ {mλ(n)−1=k1​pmλ(n)−1=k2​q​

9.2 Perform encryption and decryption using the RSA algorithm, as in Figure 9.5, for the following:

a. $p=3;q=7,e=5;M=10$
n = p q = 21 ϕ ( n ) = ( p − 1 ) ( q − 1 ) = 2 × 6 = 12 e x g c d : { x = ϕ ( n ) = 12 y = e = 5 x − 2 y = 2 − 2 x + 5 y = 1 d = 5 e n c r y p t : C ≡ M e ( m o d n ) 1 0 5 ≡ 1 6 2 × 10 ≡ ( − 5 ) 2 × 10 ≡ 25 × 10 ≡ 40 ≡ 19 ( m o d 21 ) d e c r y p t : M ≡ C d ( m o d n ) 1 9 5 ≡ ( − 2 ) 5 ≡ − 32 ≡ − 11 ≡ 10 ( m o d 21 )

n=pq=21ϕ(n)=(p−1)(q−1)=2×6=12exgcd:⎩ ⎨ ⎧​xyx−2y−2x+5y​=ϕ(n)=12=e=5=2=1​((1))((2))((3)=(1)-2(2))((4)=(2)-2(3))​d=5encrypt:C≡Me(modn)105≡162×10≡(−5)2×10≡25×10≡40≡19(mod21)decrypt:M≡Cd(modn)195≡(−2)5≡−32≡−11≡10(mod21)​

b. $p=5;q=13,e=5;M=8$
n = p q = 65 ϕ ( n ) = ( p − 1 ) ( q − 1 ) = 4 × 12 = 48 e x g c d : { x = ϕ ( n ) = 48 y = e = 5 x − 9 y = 3 − x + 10 y = 2 2 x − 19 y = 1 d = 48 − 19 = 29 e n c r y p t : C ≡ M e ( m o d n ) 8 5 ≡ 6 4 2 × 8 ≡ ( − 1 ) 2 × 8 ( m o d 65 ) d e c r y p t : M ≡ C d ( m o d n ) 8 29 ≡ 6 4 14 × 8 ≡ ( − 1 ) 14 × 8 ≡ 8 ( m o d 65 )

n=pq=65ϕ(n)=(p−1)(q−1)=4×12=48exgcd:⎩ ⎨ ⎧​xyx−9y−x+10y2x−19y​=ϕ(n)=48=e=5=3=2=1​​d=48−19=29encrypt:C≡Me(modn)85≡642×8≡(−1)2×8(mod65)decrypt:M≡Cd(modn)829≡6414×8≡(−1)14×8≡8(mod65)​

c. $p=7;q=17,e=11;M=11$
n = p q = 119 ϕ ( n ) = ( p − 1 ) ( q − 1 ) = 6 × 16 = 96 e x g c d : { x = ϕ ( n ) = 96 y = e = 11 x − 8 y = 8 − x + 9 y = 3 3 x − 26 y = 2 − 4 x + 35 y = 1 d = 35 e n c r y p t : C ≡ M e ( m o d n ) 1 1 1 1 ≡ 12 1 5 × 11 ≡ 2 5 × 11 ≡ 114 ( m o d 119 ) d e c r y p t : M ≡ C d ( m o d n ) 11 4 35 ( m o d 119 ) c r t : { 11 4 35 ≡ 4 m o d    7 11 4 35 ≡ 11 m o d    17 e x g c d : { x = 17 y = 7 x − 2 y = 3 − 2 x + 5 y = 1 11 4 35 ≡ 5 × 4 × 17 + 5 × 11 × 7 ≡ 11 ( m o d 119 )

\right. \\ exgcd:\left\{ \right. \\ \end{array} \\ 114^{35} \equiv 5\times4\times17+5\times11\times7\equiv 11\pmod{119} \\ \end{array} n=pq=119ϕ(n)=(p−1)(q−1)=6×16=96exgcd:⎩ ⎨ ⎧​xyx−8y−x+9y3x−26y−4x+35y​=ϕ(n)=96=e=11=8=3=2=1​​d=35encrypt:C≡Me(modn)1111≡1215×11≡25×11≡114(mod119)decrypt:M≡Cd(modn)11435(mod119)crt:{1143511435​≡4mod7≡11mod17​exgcd:⎩ ⎨ ⎧​xyx−2y−2x+5y​=17=7=3=1​​11435≡5×4×17+5×11×7≡11(mod119)​

d. $p=7;q=13,e=11;M=2$
n = p q = 91 ϕ ( n ) = ( p − 1 ) ( q − 1 ) = 6 × 12 = 72 e x g c d : { x = ϕ ( n ) = 72 y = e = 11 x − 6 y = 6 − x + 7 y = 5 2 x − 13 y = 1 d = 72 − 13 = 59 e n c r y p t : C ≡ M e ( m o d n ) 2 1 1 ≡ 37 × 16 ≡ 57 × 4 ≡ 46 ( m o d 91 ) d e c r y p t : M ≡ C d ( m o d n ) 4 6 59 ( m o d 91 ) c r t : { 4 6 59 ≡ 2 m o d    7 4 6 59 ≡ 2 m o d    13 斌头剩余定理 : 4 6 59 ≡ 2 m o d    91

\right. \\ 斌头剩余定理:46^{59} \equiv 2 \mod 91 \end{array} n=pq=91ϕ(n)=(p−1)(q−1)=6×12=72exgcd:⎩ ⎨ ⎧​xyx−6y−x+7y2x−13y​=ϕ(n)=72=e=11=6=5=1​​d=72−13=59encrypt:C≡Me(modn)211≡37×16≡57×4≡46(mod91)decrypt:M≡Cd(modn)4659(mod91)crt:{46594659​≡2mod7≡2mod13​斌头剩余定理:4659≡2mod91​

e. $p=17;q=23,e=9;M=7$

n = p q = 391 ϕ ( n ) = ( p − 1 ) ( q − 1 ) = 16 × 22 = 352 e x g c d : { x = ϕ ( n ) = 352 y = e = 9 x − 39 y = 1 d = 352 − 39 = 313 e n c r y p t : C ≡ M e ( m o d n ) 7 9 ≡ 61 ( m o d 391 ) d e c r y p t : M ≡ C d ( m o d n ) 6 1 313 ≡ 7 ( m o d 119 )

n=pq=391ϕ(n)=(p−1)(q−1)=16×22=352exgcd:⎩ ⎨ ⎧​xyx−39y​=ϕ(n)=352=e=9=1​​d=352−39=313encrypt:C≡Me(modn)79≡61(mod391)decrypt:M≡Cd(modn)61313≡7(mod119)​

9.3 In a public-key system using RSA, you intercept the ciphertext C = 20 sent to user whose public key is e=13, n=77. What is the plaintext M?

n = 77 = 7 × 11 p = 7 , q = 11 ϕ ( n ) = 6 × 10 = 60 e = 13 e x g c d : { x = 60 y = 13 x − 4 y = 8 − x + 5 y = 5 2 x − 9 y = 3 − 3 x + 14 y = 2 5 x − 23 y = 1 d = 60 − 23 = 37 m = c d m o d    n m = 2 0 37 ≡ 48 ( m o d 77 )

\right.\\ d=60-23=37\\ m=c^{d}\mod n\\ m=20^{37}\equiv 48 \pmod{77} \end{array} n=77=7×11p=7,q=11ϕ(n)=6×10=60e=13exgcd:⎩ ⎨ ⎧​xyx−4y−x+5y2x−9y−3x+14y5x−23y​=60=13=8=5=3=2=1​d=60−23=37m=cdmodnm=2037≡48(mod77)​

9.4 In an RSA system, the public key of a given user is e=65, n=2881.What is the private key of this user? Hint: First use trial-and-error to determine p and q; then use the extended Euclidean algorithm to find the multiplicative inverse of 31 modulo $\varphi (n)$.

n = 43 × 67 = 2881 p = 43 , q = 67 ϕ ( n ) = 42 × 66 = 2772 e x g c d : { x = 2772 y = 65 x − 42 y = 42 − x + 43 y = 23 2 x − 85 y = 19 − 3 x + 128 y = 4 14 x − 597 y = 3 − 17 x + 725 y = 1 私钥 d = 725 e x g c d : { x = 2772 y = 31 x − 89 y = 13 − 2 x + 179 y = 5 5 x − 447 y = 3 − 7 x + 626 y = 2 12 x − 1073 y = 1 ( 31 ) − 1 ≡ 1699 m o d    2772

\right.\\ 私钥d=725\\ exgcd: \left\{ \right.\\ (31)^{-1}\equiv 1699 \mod 2772 \end{array} n=43×67=2881p=43,q=67ϕ(n)=42×66=2772exgcd:⎩ ⎨ ⎧​xyx−42y−x+43y2x−85y−3x+128y14x−597y−17x+725y​=2772=65=42=23=19=4=3=1​私钥d=725exgcd:⎩ ⎨ ⎧​xyx−89y−2x+179y5x−447y−7x+626y12x−1073y​=2772=31=13=5=3=2=1​(31)−1≡1699mod2772​