# Weak RSA decryption with Chinese-remainder theorem

Prerequisite : RSA Algorithm

**Why RSA decryption is slow ? **

RSA decryption is slower than encryption because while doing decryption, private key parameter ” d ” is necessarily large. Moreover the parameters – ” p and q ” are two very large Prime Numbers.

Given integers c, e, p and q, find m such that **c = pow(m, e) mod (p * q)** (RSA decryption for weak integers).

Basics :

- RSA is a public key encryption system used for secure transmission of messages.
- RSA involves four steps typically :

(1) Key generation

(2) Key distribution

(3) Encryption

(4) Decryption- Message
Encryptionis done with a “Public Key”.- Message
Decryptionis done with a “Private Key” – parameters (p, q, d) generated along with Public Key.- The private key is known only to the user, and the public key can be made known to anyone who wishes to send an encrypted message to the person with the corresponding private key.
- A public key which is depicted by two parameters n (modulus) and e (exponent). The modulus is a product of two very large prime numbers (p and q as shown below). Decryption of this message would require the user to factorize n into two prime factors(the main reason, RSA is secure), and then find the modular inverse of e, wherein the difficult task lies.
- A text message is first converted to the respective decimal value, which is the parameter ‘m’ which we are finding below. We now encrypt this message by doing
c = pow(m, e) mod (p * q), where c is the encrypted text.

In this code, we exploit weak modulus and exponent values to try and crack the encryption by generating the private key by finding the values of p, q and d. In these examples, we will try to find d given p and q.

**NOTE :**

Here, in this example we are using small values of **p** and **q** but in actual we use very large values of **p** and **q** to make our RSA system secure.

**Examples :**

Input :c = 1614 e = 65537 p = 53 q = 31Output :1372Explanation :We calculatec = pow(m, e)mod(p * q). Insert m = 1372. On calculating, we get c = 1614.Input :c = 3893595 e = 101 p = 3191 q = 3203Output :6574839Explanation :As shown above, if we calculate pow(m, e)mod(p * q) with m = 6574839, we get c = 3893595

Normally, we can find the value of m by following these steps:

(1) Calculate the modular inverse of e.

We can make use of the following equation,d = e^(-1)(mod lambda(n)),

where lambda is theCarmichael Totient function.

Read: Carmichael function(2) Calculate

m = pow(c, d)mod(p * q)(3) We can perform this calculation faster by using the Chinese Remainder Theorem,

as defined below in the function

Further reading on Chinese Remainder Theorem can be done at

RSA (cryptosystem)

Below is the Python implementation of this approach :

`# Function to find the gcd of two ` `# integers using Euclidean algorithm ` `def` `gcd(p, q): ` ` ` ` ` `if` `q ` `=` `=` `0` `: ` ` ` `return` `p ` ` ` ` ` `return` `gcd(q, p ` `%` `q) ` ` ` `# Function to find the ` `# lcm of two integers ` `def` `lcm(p, q): ` ` ` `return` `p ` `*` `q ` `/` `gcd(p, q) ` ` ` `# Function implementing extended ` `# euclidean algorithm ` `def` `egcd(e, phi): ` ` ` ` ` `if` `e ` `=` `=` `0` `: ` ` ` `return` `(phi, ` `0` `, ` `1` `) ` ` ` `else` `: ` ` ` `g, y, x ` `=` `egcd(phi ` `%` `e, e) ` ` ` `return` `(g, x ` `-` `(phi ` `/` `/` `e) ` `*` `y, y) ` ` ` `# Function to compute the modular inverse ` `def` `modinv(e, phi): ` ` ` ` ` `g, x, y ` `=` `egcd(e, phi) ` ` ` `return` `x ` `%` `phi ` ` ` ` ` `# Implementation of the Chinese Remainder Theorem ` `def` `chineseremaindertheorem(dq, dp, p, q, c): ` ` ` ` ` `# Message part 1 ` ` ` `m1 ` `=` `pow` `(c, dp, p) ` ` ` ` ` `# Message part 2 ` ` ` `m2 ` `=` `pow` `(c, dq, q) ` ` ` ` ` `qinv ` `=` `modinv(q, p) ` ` ` `h ` `=` `(qinv ` `*` `(m1 ` `-` `m2)) ` `%` `p ` ` ` `m ` `=` `m2 ` `+` `h ` `*` `q ` ` ` `return` `m ` ` ` `# Driver Code ` `p ` `=` `9817` `q ` `=` `9907` `e ` `=` `65537` `c ` `=` `36076319` `d ` `=` `modinv(e, lcm(p ` `-` `1` `, q ` `-` `1` `)) ` ` ` `""" ` `pow(a, b, c) calculates a raised to power b ` `modulus c, at a much faster rate than pow(a, b) % c ` `Furthermore, we use Chinese Remainder Theorem as it ` `splits the equation such that we have to calculate two ` `values whose equations have smaller moduli and exponent ` `value, thereby reducing computing time. ` `"""` ` ` `dq ` `=` `pow` `(d, ` `1` `, q ` `-` `1` `) ` `dp ` `=` `pow` `(d, ` `1` `, p ` `-` `1` `) ` `print` `chineseremaindertheorem(dq, dp, p, q, c) ` |

*chevron_right*

*filter_none*

**Output :**

41892906

## Recommended Posts:

- Rail Fence Cipher - Encryption and Decryption
- Ethical Hacking | Phishing
- Computer Network | Introduction To Subnetting
- Computer Network | Finding Network ID of a Subnet (using Subnet Mask)
- Computer Network | Evolution of Network
- Creating custom domain name instead of localhost in Ubuntu
- Use of Callbacks in Layered Architecture
- Computer Network | Network Simulator 3
- Dumpster Diving/Trashing
- Cryptography | One Time Password (OTP) algorithm
- What are Long-Polling, Websockets, Server-Sent Events (SSE) and Comet?
- Computer Network | Single band, Double band and Multi band Router
- Vishing (Voice Phishing)
- Private Browsing

This article is contributed by **Deepak Srivatsav**. If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.