Prerequisite : RSA Algorithm
Why RSA decryption is slow ?
RSA decryption is slower than encryption because while doing decryption, private key parameter ” d ” is necessarily large. Moreover the parameters – ” p and q ” are two very large Prime Numbers.
Given integers c, e, p and q, find m such that c = pow(m, e) mod (p * q) (RSA decryption for weak integers).
- RSA is a public key encryption system used for secure transmission of messages.
- RSA involves four steps typically :
(1) Key generation
(2) Key distribution
- Message Encryption is done with a “Public Key”.
- Message Decryption is done with a “Private Key” – parameters (p, q, d) generated along with Public Key.
- The private key is known only to the user, and the public key can be made known to anyone who wishes to send an encrypted message to the person with the corresponding private key.
- A public key which is depicted by two parameters n (modulus) and e (exponent). The modulus is a product of two very large prime numbers (p and q as shown below). Decryption of this message would require the user to factorize n into two prime factors(the main reason, RSA is secure), and then find the modular inverse of e, wherein the difficult task lies.
- A text message is first converted to the respective decimal value, which is the parameter ‘m’ which we are finding below. We now encrypt this message by doing c = pow(m, e) mod (p * q), where c is the encrypted text.
In this code, we exploit weak modulus and exponent values to try and crack the encryption by generating the private key by finding the values of p, q and d. In these examples, we will try to find d given p and q.
Here, in this example we are using small values of p and q but in actual we use very large values of p and q to make our RSA system secure.
Input : c = 1614 e = 65537 p = 53 q = 31 Output : 1372 Explanation : We calculate c = pow(m, e)mod(p * q). Insert m = 1372. On calculating, we get c = 1614. Input : c = 3893595 e = 101 p = 3191 q = 3203 Output : 6574839 Explanation : As shown above, if we calculate pow(m, e)mod(p * q) with m = 6574839, we get c = 3893595
Normally, we can find the value of m by following these steps:
(1) Calculate the modular inverse of e.
We can make use of the following equation, d = e^(-1)(mod lambda(n)),
where lambda is the Carmichael Totient function.
Read: Carmichael function
(2) Calculate m = pow(c, d)mod(p * q)
(3) We can perform this calculation faster by using the Chinese Remainder Theorem,
as defined below in the function
Further reading on Chinese Remainder Theorem can be done at
Below is the Python implementation of this approach :
# Function to find the gcd of two # integers using Euclidean algorithm def gcd(p, q): if q == 0: return p return gcd(q, p % q) # Function to find the # lcm of two integers def lcm(p, q): return p * q / gcd(p, q) # Function implementing extended # euclidean algorithm def egcd(e, phi): if e == 0: return (phi, 0, 1) else: g, y, x = egcd(phi % e, e) return (g, x - (phi // e) * y, y) # Function to compute the modular inverse def modinv(e, phi): g, x, y = egcd(e, phi) return x % phi # Implementation of the Chinese Remainder Theorem def chineseremaindertheorem(dq, dp, p, q, c): # Message part 1 m1 = pow(c, dp, p) # Message part 2 m2 = pow(c, dq, q) qinv = modinv(q, p) h = (qinv * (m1 - m2)) % p m = m2 + h * q return m # Driver Code p = 9817 q = 9907 e = 65537 c = 36076319 d = modinv(e, lcm(p - 1, q - 1)) """ pow(a, b, c) calculates a raised to power b modulus c, at a much faster rate than pow(a, b) % c Furthermore, we use Chinese Remainder Theorem as it splits the equation such that we have to calculate two values whose equations have smaller moduli and exponent value, thereby reducing computing time. """ dq = pow(d, 1, q - 1) dp = pow(d, 1, p - 1) print chineseremaindertheorem(dq, dp, p, q, c)
This article is contributed by Deepak Srivatsav. If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above.
- Computer Network | Open shortest path first (OSPF) – Set 2
- TCP Server-Client implementation in C
- Computer Network | Birthday attack
- TCP and UDP server using select
- Types of Security attacks | Active and Passive attacks
- Computer Network | IPv4 classless Subnet equation
- Computer Network | Types of switches
- On-premises cost estimates of Virtualization
- Computer Network | Introduction to variable length subnet mask (VLSM)
- Computer Network | Multipurpose Internet mail extension (MIME)