为什么RSA加解密互逆
已知:
e
d
≡
1 mod
λ
(
n
)
λ
(
n
)
≡
L
C
M
(
p
−
1
,
q
−
1
)
C
≡
M
e
mod n
M
≡
C
d
mod n
ed\equiv \text{1 mod }\lambda(n)\\ \lambda(n)\equiv LCM(p-1,q-1)\\ C\equiv M^e\text{ mod n}\\ M\equiv C^d\text{ mod n}\\
ed≡1 mod λ(n)λ(n)≡LCM(p−1,q−1)C≡Me mod nM≡Cd mod n
证明:
C
d
≡
(
M
e
)
d
≡
M
e
d
≡
M
k
λ
(
n
)
+
1
≡
M
∗
M
k
λ
(
n
)
mod n
λ
(
n
)
≡
L
C
M
(
p
−
1
,
q
−
1
)
可知:
{
M
λ
(
n
)
≡
1
mod p
M
λ
(
n
)
≡
1
mod q
即:
{
M
λ
(
n
)
−
1
=
k
1
p
M
λ
(
n
)
−
1
=
k
2
p
故有:
M
λ
(
n
)
≡
M
k
λ
(
n
)
≡
1 mod n
得证
C^d\equiv (M^e)^d\equiv M^{ed} \equiv M^{k\lambda(n)+1}\equiv M*M^{k\lambda(n)}\text{ mod n}\\ \\ \lambda(n)\equiv LCM(p-1,q-1)可知:\\ \begin{cases} M^{\lambda(n) }\equiv 1\text{ mod p}\\ M^{\lambda(n) }\equiv 1\text{ mod q}\\ \end{cases} \\ 即: \begin{cases} M^{\lambda(n) }-1 = k_1p\\ M^{\lambda(n) }-1 = k_2p\\ \end{cases}\\ 故有:M^{\lambda(n) } \equiv M^{k\lambda(n)} \equiv \text{1 mod n}\\ \\得证
Cd≡(Me)d≡Med≡Mkλ(n)+1≡M∗Mkλ(n) mod nλ(n)≡LCM(p−1,q−1)可知:{Mλ(n)≡1 mod pMλ(n)≡1 mod q即:{Mλ(n)−1=k1pMλ(n)−1=k2p故有:Mλ(n)≡Mkλ(n)≡1 mod n得证
9.2 Perform encryption and decryption using the RSA algorithm, as in Figure 9.5, for the following:
a.p=3;q=7,e=5;M=10
n
=
p
q
=
21
ϕ
(
n
)
=
(
p
−
1
)
∗
(
q
−
1
)
=
12
用
e
g
c
d
扩展欧几里得算法可知:
d
=
5
故公钥
P
U
=
{
5
,
21
}
,
私钥
P
R
=
{
5
,
21
}
加密:
C
=
M
e
mod n
=
1
0
5
mod 21 = 19 mod 21
解密:
M
=
C
d
mod n
=
1
9
5
mod 21 = 10 mod 21
n=pq=21\\ \phi(n)=(p-1)*(q-1) = 12\\ 用egcd扩展欧几里得算法可知:d=5\\ 故公钥PU=\{5, 21\},私钥PR=\{5, 21\}\\ \\ 加密:C=M^e \text { mod n} = 10^{5}\text { mod 21 = 19 mod 21} \\ 解密:M=C^d \text { mod n} = 19^{5}\text { mod 21 = 10 mod 21}
n=pq=21ϕ(n)=(p−1)∗(q−1)=12用egcd扩展欧几里得算法可知:d=5故公钥PU={5,21},私钥PR={5,21}加密:C=Me mod n=105 mod 21 = 19 mod 21解密:M=Cd mod n=195 mod 21 = 10 mod 21
b. p=5;q=13,e=5;M=8
n
=
p
q
=
65
ϕ
(
n
)
=
(
p
−
1
)
∗
(
q
−
1
)
=
48
用
e
g
c
d
扩展欧几里得算法可知:
d
=
29
故公钥
P
U
=
{
5
,
65
}
,
私钥
P
R
=
{
29
,
65
}
加密:
C
=
M
e
mod n
=
8
5
mod 65 = 8 mod 65
解密:
M
=
C
d
mod n
=
8
29
mod 65 = 8 mod 65
n=pq=65\\ \phi(n)=(p-1)*(q-1) = 48\\ 用egcd扩展欧几里得算法可知:d=29\\ 故公钥PU=\{5, 65\},私钥PR=\{29, 65\}\\ \\ 加密:C=M^e \text { mod n} = 8^{5}\text { mod 65 = 8 mod 65} \\ 解密:M=C^d \text { mod n} = 8^{29}\text { mod 65 = 8 mod 65}
n=pq=65ϕ(n)=(p−1)∗(q−1)=48用egcd扩展欧几里得算法可知:d=29故公钥PU={5,65},私钥PR={29,65}加密:C=Me mod n=85 mod 65 = 8 mod 65解密:M=Cd mod n=829 mod 65 = 8 mod 65
c. p=7;q=17,e=11;M=11
n
=
p
q
=
119
ϕ
(
n
)
=
(
p
−
1
)
∗
(
q
−
1
)
=
96
用
e
g
c
d
扩展欧几里得算法可知:
d
=
35
故公钥
P
U
=
{
11
,
119
}
,
私钥
P
R
=
{
35
,
119
}
加密:
C
=
M
e
mod n
=
1
1
11
mod 119 = 114 mod 119
解密:
M
=
C
d
mod n
=
11
4
35
mod 119 = 11 mod 119
n=pq=119\\ \phi(n)=(p-1)*(q-1) = 96\\ 用egcd扩展欧几里得算法可知:d=35\\ 故公钥PU=\{11, 119\},私钥PR=\{35, 119\}\\ \\ 加密:C=M^e \text { mod n} = 11^{11}\text { mod 119 = 114 mod 119} \\ 解密:M=C^d \text { mod n} = 114^{35}\text { mod 119 = 11 mod 119}
n=pq=119ϕ(n)=(p−1)∗(q−1)=96用egcd扩展欧几里得算法可知:d=35故公钥PU={11,119},私钥PR={35,119}加密:C=Me mod n=1111 mod 119 = 114 mod 119解密:M=Cd mod n=11435 mod 119 = 11 mod 119
d. p=7;q=13,e=11;M=2
n
=
p
q
=
91
ϕ
(
n
)
=
(
p
−
1
)
∗
(
q
−
1
)
=
72
用
e
g
c
d
扩展欧几里得算法可知:
d
=
59
故公钥
P
U
=
{
11
,
91
}
,
私钥
P
R
=
{
59
,
91
}
加密:
C
=
M
e
mod n
=
2
11
mod 91 = 46 mod 91
解密:
M
=
C
d
mod n
=
4
6
59
mod 91 = 2 mod 91
n=pq=91\\ \phi(n)=(p-1)*(q-1) = 72\\ 用egcd扩展欧几里得算法可知:d=59\\ 故公钥PU=\{11, 91\},私钥PR=\{59, 91\}\\ \\ 加密:C=M^e \text { mod n} = 2^{11}\text { mod 91 = 46 mod 91} \\ 解密:M=C^d \text { mod n} = 46^{59}\text { mod 91 = 2 mod 91}
n=pq=91ϕ(n)=(p−1)∗(q−1)=72用egcd扩展欧几里得算法可知:d=59故公钥PU={11,91},私钥PR={59,91}加密:C=Me mod n=211 mod 91 = 46 mod 91解密:M=Cd mod n=4659 mod 91 = 2 mod 91
e. p=17;q=23,e=9;M=7
n
=
p
q
=
391
ϕ
(
n
)
=
(
p
−
1
)
∗
(
q
−
1
)
=
352
用
e
g
c
d
扩展欧几里得算法可知:
d
=
313
故公钥
P
U
=
{
9
,
391
}
,
私钥
P
R
=
{
313
,
391
}
加密:
C
=
M
e
mod n
=
7
9
mod 391 = 61 mod 391
解密:
M
=
C
d
mod n
=
6
1
313
mod 391 = 7 mod 391
n=pq=391\\ \phi(n)=(p-1)*(q-1) = 352\\ 用egcd扩展欧几里得算法可知:d=313\\ 故公钥PU=\{9, 391\},私钥PR=\{313, 391\}\\ \\ 加密:C=M^e \text { mod n} = 7^{9}\text { mod 391 = 61 mod 391} \\ 解密:M=C^d \text { mod n} = 61^{313}\text { mod 391 = 7 mod 391}
n=pq=391ϕ(n)=(p−1)∗(q−1)=352用egcd扩展欧几里得算法可知:d=313故公钥PU={9,391},私钥PR={313,391}加密:C=Me mod n=79 mod 391 = 61 mod 391解密:M=Cd mod n=61313 mod 391 = 7 mod 391
9.3 In a public-key system using RSA, you intercept the ciphertext C = 20 sent to user whose public key is e=13, n=77. What is the plaintext M?
n = p q = 77 = 7 ∗ 11 ,故 p = 7 , q = 11 ϕ ( n ) = ( p − 1 ) ∗ ( q − 1 ) = 60 用 e g c d 扩展欧几里得算法可知: d = 37 故公钥 P U = { 13 , 77 } , 私钥 P R = { 37 , 77 } 解密: M = C d mod n = 2 0 37 mod 77 = 48 mod 77 n=pq=77=7*11,故p=7 ,q=11\\ \phi(n)=(p-1)*(q-1) = 60\\ 用egcd扩展欧几里得算法可知:d=37\\ 故公钥PU=\{13, 77\},私钥PR=\{37, 77\}\\ \\ 解密:M=C^d \text { mod n} = 20^{37}\text { mod 77 = 48 mod 77} n=pq=77=7∗11,故p=7,q=11ϕ(n)=(p−1)∗(q−1)=60用egcd扩展欧几里得算法可知:d=37故公钥PU={13,77},私钥PR={37,77}解密:M=Cd mod n=2037 mod 77 = 48 mod 77
9.4 In an RSA system, the public key of a given user is e=65, n=2881.What is the private key of this user? Hint: First use trial-and-error to determine p and q; then use the extended Euclidean algorithm to find the multiplicative inverse of 31 modulo ϕ ( n ) .
$$
n=2881 =4367,故p=43,q=67\
\phi(n)=4266=2772\
用egcd扩展欧几里得算法可知:d=725\
\
再用egcd算法,得到31模\phi(n)的乘法逆元\
1\quad0\quad2772\
0\quad1\quad31\
1\quad-89\quad13\
-2\quad179\quad5\
5\quad-447\quad3\
-7\quad626\quad2\
12\quad-1073\quad1\
\
所以(31)^{-1} = 1699\text{ mod 2772}
$$