The goal is to have a encryption like:
c = m^e mod n
where c = m
I messed up in my conclusion by estimating that e=1 or e=4^x when 4^x < n, the second part is not true and a result of messy written code.
For better understanding:
c= encryptet Text
m= plain Text
n= the procuct of two primes
There is no reason for an arbitrary message m to have m^{4^x} = m mod n
A counterexample;
n=47∗43=2021
5^{4^2} = 1803 mod 2021 , see at WolframAlpha
import math
for m in range(1,2020):
for e in (4**x for x in range(1, int(math.log(2021,4))) ):
if (m**(e) % 2021) == m:
print (m,e)
With this python code you can see the examples for the specific modulus 2021.
As you can see many of the cases happens
(423, 4)
(423, 16)
(423, 64)
(423, 256)
Now, the reason is clear if you remember the RSA definition.
the e must have an inverse in phi(n). See live at WolframAlpha
So this choice of e is not RSA.
Note since phi(n) = (p-1)(q-1), any even e cannot be a public modulus.
Related
Im trying to understand the maths in a RSA asymetric keys generation. I founded few articles in the web, and my idea is not very clear, so i came here with the hope to finally be able to complete an example.
I understand very well maths, but im a bit confused with the steps so i will go step by step until I understand.
I will try this example with numbers lower than 16[0..15] (4bits)
To encrypt/decript the message: "hello world"
Step 1: Select 2 randomly prime numbers
P= 11
Q= 5
Step 2: Calculate H [(P-1)*(Q-1)]
H = (11-1) * (5-1) = 10* 4= 40
Step 3: Select a random prime number lower than H (E) (I believe coprimes of H also works for E)
E = 7
And now?
We can continue from step 2:
Step 3) Select E such that Greatest Common Divisor(H,E)=1 and (1 < E < H)
In your example we have gcd(40,?)=1 and 1<?<40 --> 7 satisfies this, so we choose E=7
Step 4) Compute d such that (dE) mod H =1 and d<H
In the example we have (d*7) mod 40=1 and d< 40 so we get d= 23
Step 5) public key is {E,n} and private key is {d,n} in which n = P * Q.
In the example we have the public key={7,55} and the private key={23,55}
Step 6) Compute C= M^E(mod n) for encrypting in which M is the numerical representation of the message we want to encrypt.
In the example, we have to interpret M="hello world" as a number. Here, I assume it is equal to 39 for keeping it simple (this number should be less than n). You can refer to here to know more about how to encode a text to a numeric value.
C= 39 ^7 mod 55 = 19 (encrypted value of M)
Step 7) Compute M= C^d(mod n) for decrypting 19
In the example, we have M=19^23 mod 55 = 39 (the Message which should be decoded to "hello world").
I have been given the question:
"Decrypt this message using RSA: 072 062 120 129 (Hint you will need to convert your final answer from ASCII to plain text.
The public key used to encrypt the message was (n, e) = (143, 7)."
I don't have any clue how to decrypt it, and this is the only information we have been given. However, I do know that p and q are 13 and 11, which you can get from finding 2 primes that multiply to make n.
Does anyone know how to decrypt this?
Thanks in advance, this has been kind of overwhelming.
You can use the wikipedia article as a guide.
From p and q you can compute λ(n):
λ(n) = lcm(p-1, q-1) = lcm(12, 10) = 60
Once you know λ(n), you can use it to calculate d, the multiplicative inverse of e modulo λ(n):
d = e⁻¹ (mod λ(n))
This essentially means finding a natural number d, such that d*e = 1 (mod 60).
The following snippet of Python code does that:
d = next(d for d in range(60) if d*7 % 60 == 1)
The value of d is 43.
Once we have d, we can use that to decrypt the individual numbers of the message:
decrypted_ascii = [(x**d) % 143 for x in [72, 62, 120, 129]]
decrypted_text = ''.join(chr(x) for x in decrypted_ascii)
The decrypted text is Text.
I fully understand the how the RSA algorithm works, but now I am trying to reason with the formula. I want to know:
why the public key e and the private key d in the RSA encryption have to satisfy the equation ed = 1 mod (p − 1)(q − 1)?
Is it because of the standard modular arithmetic rule where 1 mod anything is 1, or is there a more to this answer?
Say you have a message called x and you want to encrypt it with your public key (pq, e). If you encrypt x, you get x^e mod pq. Someone who knows d can get x^(ed) mod pq.
Because ed = 1 mod (p - 1)(q - 1), by Fermat's little theorem, we get that x^(ed) mod pq = x, thus decrypting the message. If ed != 1 mod (p - 1)(q - 1), then the message could not be decrypted.
A link to Fermat's little theorem:
https://en.wikipedia.org/wiki/Fermat%27s_little_theorem
Let's say we have a encryption function like this :
f(x) = x^5 mod 21
How can I get the plain text from the encrypted text which generated by this function? How can I denote the decryption function?
Is this homework? If so, you should tag it homework, and accept answers on some of your past questions.
This looks like RSA, where the modulus is the product of two primes (i.e. n = p*q). Just follow the steps of the algorithm.In this case, n = 21 = 7*3. This tells you phi(n) = (6*2) = 12.
If 5 is the encrypting exponent (e), and phi(n) = 12, then to calculate the decrypting exponent, you need to find d such that e*d = 1 (mod phi(n)). Written another way, e-1 = d (mod phi(n)). You can do this with the PowerMod function in Mathematica: PowerMod[5, -1, 12].
Once you know the modular inverse, the rest becomes easy:
c = (m)^5 mod 21
m = (c)^d mod 21
I'm trying to figure out how to implement RSA crypto from scratch (just for the intellectual exercise), and i'm stuck on this point:
For encryption, c = me mod n
Now, e is normally 65537. m and n are 1024-bit integers (eg 128-byte arrays). This is obviously too big for standard methods. How would you implement this?
I've been reading a bit about exponentiation here but it just isn't clicking for me:
Wikipedia-Exponentiation by squaring
This Chapter (see section 14.85)
Thanks.
edit: Also found this - is this more what i should be looking at? Wikipedia- Modular Exponentiation
Exponentiation by squaring:
Let's take an example. You want to find 1723. Note that 23 is 10111 in binary. Let's try to build it up from left to right.
// a exponent in binary
a = 17 //17^1 1
a = a * a //17^2 10
a = a * a //17^4 100
a = a * 17 //17^5 101
a = a * a //17^10 1010
a = a * 17 //17^11 1011
a = a * a //17^22 10110
a = a * 17 //17^23 10111
When you square, you double the exponent (shift left by 1 bit). When you multiply by m, you add 1 to the exponent.
If you want to reduce modulo n, you can do it after each multiplication (rather than leaving it to the end, which would make the numbers get very large).
65537 is 10000000000000001 in binary which makes all of this pretty easy. It's basically
a = m
repeat 16 times:
a = a * a
a = a mod n
a = a * m
a = a mod n
where of course a, n and m are "big integers". a needs to be at least 2048 bits as it can get as large as (n-1)2.
For an efficient algorithm you need to combine the exponentiation by squaring with repeated application of mod after each step.
For odd e this holds:
me mod n = m ⋅ me-1 mod n
For even e:
me mod n = (me/2 mod n)2 mod n
With m1 = m as a base case this defines a recursive way to do efficient modular exponentiation.
But even with an algorithm like this, because m and n will be very large, you will still need to use a type/library that can handle integers of such sizes.
result = 1
while e>0:
if (e & 1) != 0:
result = result * m
result = result mod n
m = m*m
m = m mod n
e = e>>1
return result
This checks bits in the exponent starting with the least significant bit. Each time we move up a bit it corresponds to doubling the power of m - hence we shift e and square m. The result only gets the power of m multiplied in if the exponent has a 1 bit in that position. All multiplications need to be reduced mod n.
As an example, consider m^13. 11 = 1101 in binary. so this is the same as m^8 * m^4 * m. Notice the powers 8,4,(not 2),1 which is the same as the bits 1101. And then recall that m^8 = (m^4)^2 and m^4 = (m^2)^2.
If g(x) = x mod 2^k is faster to calculate for your bignum library than f(x) = x mod N for N not divisible by 2, then consider using Montgomery multiplication. When used with modular exponentiation, it avoids having to calculate modulo N at each step, you just need to do the "Montgomeryization" / "un-Montgomeryization" at the beginning and end.