ComSec作业三：RSA

为什么RSA加解密互逆

$$\begin{gathered} 已知p,q均为质数 \\ \begin{array}{rl}n& =pq\\ ed& \equiv 1(\mathrm{mod}\lambda (n))\\ \lambda (n)& =lcm(p-1,q-1)\\ & e与\lambda (n)互素\end{array} \end{gathered}$$

证明加解密互逆
$$\begin{gathered} c\equiv m^e(\mathrm{mod}n) \\ m\equiv c^d(\mathrm{mod}n) \\ {c}^d\equiv (m^e{)}^d\equiv m^{ed}\equiv m^{1+k\lambda (n)}\equiv m\cdot m^{\lambda (n)}\equiv m\cdot 1\equiv m(\mathrm{mod}n) \\ 接下来就是证明m^{\lambda (n)}\equiv 1(\mathrm{mod}n) \\ 由于\lambda (n)=lcm(p-1,q-1) \\ 则有\{\begin{array}{r}{m}^{\lambda (n)}\equiv 1(\mathrm{mod}p)\\ m^{\lambda (n)}\equiv 1(\mathrm{mod}q)\end{array} \\ 变换之后\{\begin{array}{c}{m}^{\lambda (n)}=1+k_{1}p\\ m^{\lambda (n)}=1+k_{2}q\end{array} \\ 再次变换\{\begin{array}{c}2m^{\lambda (n)}-2=k_{1}p+k_{2}q\\ m^{2\lambda (n)}=(1+k_{1}p)(1+k_{2}q)=1+k_{1}p+k_{2}q+k_1{k}_{2}pq\end{array} \end{gathered}$$
带入后得到
$$\begin{array}{rl}{m}^{2\lambda (n)}& =1+(2m^{\lambda (n)}-2)+k_1{k}_{2}pq\\ & =2m^{\lambda (n)}-1+k_1{k}_{2}pq\\ m^{2\lambda (n)}-2m^{\lambda (n)}+1& =k_1{k}_{2}pq\\ (m^{\lambda (n)}-1{)}^2& =k_1{k}_{2}pq\end{array}$$
则有
$$\begin{gathered} (m^{\lambda (n)}-1{)}^2\equiv 0(\mathrm{mod}pq) \\ {m}^{\lambda (n)}-1\equiv 0(\mathrm{mod}pq) \\ {m}^{\lambda (n)}\equiv 1(\mathrm{mod}pq) \end{gathered}$$
即证

后来才发现，过程搞复杂了其实只要在这一步，移动一下就好
$$\{\begin{array}{c}{m}^{\lambda (n)}-1=k_{1}p\\ m^{\lambda (n)}-1=k_{2}q\end{array}$$

9.2 Perform encryption and decryption using the RSA algorithm, as in Figure 9.5, for the following:

a. $p=3;q=7,e=5;M=10$
$$\begin{array}{l}n=pq=21\\ \varphi (n)=(p-1)(q-1)=2\times 6=12\\ exgcd:\{\begin{array}{rl}x& =\varphi (n)=12\\ y& =e=5\\ x-2y& =2\\ -2x+5y& =1\end{array}\text{\hspace{1em}((1))((2))((3)=(1)-2(2))((4)=(2)-2(3))}\\ d=5\\ encrypt:C\equiv M^e(\mathrm{mod}n)\\ 10^5\equiv 16^2\times 10\equiv (-5{)}^2\times 10\equiv 25\times 10\equiv 40\equiv 19(\mathrm{mod}21)\\ decrypt:M\equiv C^d(\mathrm{mod}n)\\ 19^5\equiv (-2{)}^5\equiv -32\equiv -11\equiv 10(\mathrm{mod}21)\end{array}$$

b. $p=5;q=13,e=5;M=8$
$$\begin{array}{l}n=pq=65\\ \varphi (n)=(p-1)(q-1)=4\times 12=48\\ exgcd:\{\begin{array}{rl}x& =\varphi (n)=48\\ y& =e=5\\ x-9y& =3\\ -x+10y& =2\\ 2x-19y& =1\end{array}\\ d=48-19=29\\ encrypt:C\equiv M^e(\mathrm{mod}n)\\ 8^5\equiv 64^2\times 8\equiv (-1{)}^2\times 8(\mathrm{mod}65)\\ decrypt:M\equiv C^d(\mathrm{mod}n)\\ 8^{29}\equiv 64^{14}\times 8\equiv (-1{)}^{14}\times 8\equiv 8(\mathrm{mod}65)\end{array}$$

c. $p=7;q=17,e=11;M=11$
$$\begin{array}{l}n=pq=119\\ \varphi (n)=(p-1)(q-1)=6\times 16=96\\ exgcd:\{\begin{array}{rl}x& =\varphi (n)=96\\ y& =e=11\\ x-8y& =8\\ -x+9y& =3\\ 3x-26y& =2\\ -4x+35y& =1\end{array}\\ d=35\\ encrypt:C\equiv M^e(\mathrm{mod}n)\\ 11^{1}1\equiv 121^5\times 11\equiv 2^5\times 11\equiv 114(\mathrm{mod}119)\\ decrypt:M\equiv C^d(\mathrm{mod}n)\\ 114^{35}(\mathrm{mod}119)\\ \begin{array}{l}crt:\{\begin{array}{lc}114^{35}& \equiv 4\mathrm{mod}7\\ 114^{35}& \equiv 11\mathrm{mod}17\end{array}\\ exgcd:\{\begin{array}{cl}x& =17\\ y& =7\\ x-2y& =3\\ -2x+5y& =1\end{array}\end{array}\\ 114^{35}\equiv 5\times 4\times 17+5\times 11\times 7\equiv 11(\mathrm{mod}119)\end{array}$$

d. $p=7;q=13,e=11;M=2$
$$\begin{array}{l}n=pq=91\\ \varphi (n)=(p-1)(q-1)=6\times 12=72\\ exgcd:\{\begin{array}{rl}x& =\varphi (n)=72\\ y& =e=11\\ x-6y& =6\\ -x+7y& =5\\ 2x-13y& =1\end{array}\\ d=72-13=59\\ encrypt:C\equiv M^e(\mathrm{mod}n)\\ 2^{1}1\equiv 37\times 16\equiv 57\times 4\equiv 46(\mathrm{mod}91)\\ decrypt:M\equiv C^d(\mathrm{mod}n)\\ 46^{59}(\mathrm{mod}91)\\ crt:\{\begin{array}{lc}46^{59}& \equiv 2\mathrm{mod}7\\ 46^{59}& \equiv 2\mathrm{mod}13\end{array}\\ 斌头剩余定理:46^{59}\equiv 2\mathrm{mod}91\end{array}$$

e. $p=17;q=23,e=9;M=7$

$$\begin{array}{l}n=pq=391\\ \varphi (n)=(p-1)(q-1)=16\times 22=352\\ exgcd:\{\begin{array}{rl}x& =\varphi (n)=352\\ y& =e=9\\ x-39y& =1\end{array}\\ d=352-39=313\\ encrypt:C\equiv M^e(\mathrm{mod}n)\\ 7^9\equiv 61(\mathrm{mod}391)\\ decrypt:M\equiv C^d(\mathrm{mod}n)\\ 61^{313}\equiv 7(\mathrm{mod}119)\end{array}$$

9.3 In a public-key system using RSA, you intercept the ciphertext C = 20 sent to user whose public key is e=13, n=77. What is the plaintext M?

$$\begin{array}{l}n=77=7\times 11\\ p=7,q=11\\ \varphi (n)=6\times 10=60\\ e=13\\ exgcd:\{\begin{array}{lc}x& =60\\ y& =13\\ x-4y& =8\\ -x+5y& =5\\ 2x-9y& =3\\ -3x+14y& =2\\ 5x-23y& =1\end{array}\\ d=60-23=37\\ m=c^d\mathrm{mod}n\\ m=20^{37}\equiv 48(\mathrm{mod}77)\end{array}$$

9.4 In an RSA system, the public key of a given user is e=65, n=2881.What is the private key of this user? Hint: First use trial-and-error to determine p and q; then use the extended Euclidean algorithm to find the multiplicative inverse of 31 modulo $\varphi (n)$.

$$\begin{array}{l}n=43\times 67=2881\\ p=43,q=67\\ \varphi (n)=42\times 66=2772\\ exgcd:\{\begin{array}{cl}x& =2772\\ y& =65\\ x-42y& =42\\ -x+43y& =23\\ 2x-85y& =19\\ -3x+128y& =4\\ 14x-597y& =3\\ -17x+725y& =1\end{array}\\ 私钥d=725\\ exgcd:\{\begin{array}{cl}x& =2772\\ y& =31\\ x-89y& =13\\ -2x+179y& =5\\ 5x-447y& =3\\ -7x+626y& =2\\ 12x-1073y& =1\end{array}\\ (31{)}^{-1}\equiv 1699\mathrm{mod}2772\end{array}$$