Prerequisite : RSA Algorithm
Why RSA decryption is slow ?
RSA decryption is slower than encryption because while doing decryption, private key parameter ” d ” is necessarily large. Moreover the parameters – ” p and q ” are two very large Prime Numbers.
Given integers c, e, p and q, find m such that c = pow(m, e) mod (p * q) (RSA decryption for weak integers).
Basics :
- RSA is a public key encryption system used for secure transmission of messages.
- RSA involves four steps typically :
(1) Key generation
(2) Key distribution
(3) Encryption
(4) Decryption - Message Encryption is done with a “Public Key”.
- Message Decryption is done with a “Private Key” – parameters (p, q, d) generated along with Public Key.
- The private key is known only to the user, and the public key can be made known to anyone who wishes to send an encrypted message to the person with the corresponding private key.
- A public key which is depicted by two parameters n (modulus) and e (exponent). The modulus is a product of two very large prime numbers (p and q as shown below). Decryption of this message would require the user to factorize n into two prime factors(the main reason, RSA is secure), and then find the modular inverse of e, wherein the difficult task lies.
- A text message is first converted to the respective decimal value, which is the parameter ‘m’ which we are finding below. We now encrypt this message by doing c = pow(m, e) mod (p * q), where c is the encrypted text.
In this code, we exploit weak modulus and exponent values to try and crack the encryption by generating the private key by finding the values of p, q and d. In these examples, we will try to find d given p and q.
NOTE :
Here, in this example we are using small values of p and q but in actual we use very large values of p and q to make our RSA system secure.
Examples :
Input :
c = 1614
e = 65537
p = 53
q = 31
Output :
1372
Explanation :
We calculate c = pow(m, e)mod(p * q).
Insert m = 1372.
On calculating, we get c = 1614.
Input :
c = 3893595
e = 101
p = 3191
q = 3203
Output :
6574839
Explanation :
As shown above, if we calculate pow(m, e)mod(p * q)
with m = 6574839, we get c = 3893595
Normally, we can find the value of m by following these steps:
(1) Calculate the modular inverse of e.
We can make use of the following equation, d = e^(-1)(mod lambda(n)),
where lambda is the Carmichael Totient function.
Read: Carmichael function
(2) Calculate m = pow(c, d)mod(p * q)
(3) We can perform this calculation faster by using the Chinese Remainder Theorem,
as defined below in the function
Further reading on Chinese Remainder Theorem can be done at
RSA (cryptosystem)
Below is the Python implementation of this approach :
def gcd(p, q):
if q == 0:
return p
return gcd(q, p % q)
def lcm(p, q):
return p * q / gcd(p, q)
def egcd(e, phi):
if e == 0:
return (phi, 0, 1)
else:
g, y, x = egcd(phi % e, e)
return (g, x - (phi // e) * y, y)
def modinv(e, phi):
g, x, y = egcd(e, phi)
return x % phi
def chineseremaindertheorem(dq, dp, p, q, c):
m1 = pow(c, dp, p)
m2 = pow(c, dq, q)
qinv = modinv(q, p)
h = (qinv * (m1 - m2)) % p
m = m2 + h * q
return m
p = 9817
q = 9907
e = 65537
c = 36076319
d = modinv(e, lcm(p - 1, q - 1))
dq = pow(d, 1, q - 1)
dp = pow(d, 1, p - 1)
print chineseremaindertheorem(dq, dp, p, q, c)
|
Output :
41892906