Weak RSA decryption with Chinese-remainder theorem

Prerequisite : RSA Algorithm

Why RSA decryption is slow ?
RSA decryption is slower than encryption because while doing decryption, private key parameter ” d ” is necessarily large. Moreover the parameters – ” p and q ” are two very large Prime Numbers.

Given integers c, e, p and q, find m such that c = pow(m, e) mod (p * q) (RSA decryption for weak integers).

Basics :

  • RSA is a public key encryption system used for secure transmission of messages.
  • RSA involves four steps typically :
    (1) Key generation
    (2) Key distribution
    (3) Encryption
    (4) Decryption
  • Message Encryption is done with a “Public Key”.
  • Message Decryption is done with a “Private Key” – parameters (p, q, d) generated along with Public Key.
  • The private key is known only to the user, and the public key can be made known to anyone who wishes to send an encrypted message to the person with the corresponding private key.
  • A public key which is depicted by two parameters n (modulus) and e (exponent). The modulus is a product of two very large prime numbers (p and q as shown below). Decryption of this message would require the user to factorize n into two prime factors(the main reason, RSA is secure), and then find the modular inverse of e, wherein the difficult task lies.
  • A text message is first converted to the respective decimal value, which is the parameter ‘m’ which we are finding below. We now encrypt this message by doing c = pow(m, e) mod (p * q), where c is the encrypted text.

In this code, we exploit weak modulus and exponent values to try and crack the encryption by generating the private key by finding the values of p, q and d. In these examples, we will try to find d given p and q.

Here, in this example we are using small values of p and q but in actual we use very large values of p and q to make our RSA system secure.

Examples :

Input : 
c = 1614
e = 65537
p = 53
q = 31

Output :

Explanation :
We calculate c = pow(m, e)mod(p * q). 
Insert m = 1372. 
On calculating, we get c = 1614.

Input : 
c = 3893595
e = 101
p = 3191
q = 3203

Output :

Explanation :
As shown above, if we calculate pow(m, e)mod(p * q)
with m = 6574839, we get c = 3893595

Normally, we can find the value of m by following these steps:

(1) Calculate the modular inverse of e.
We can make use of the following equation, d = e^(-1)(mod lambda(n)),
where lambda is the Carmichael Totient function.
Read: Carmichael function

(2) Calculate m = pow(c, d)mod(p * q)

(3) We can perform this calculation faster by using the Chinese Remainder Theorem,
as defined below in the function
Further reading on Chinese Remainder Theorem can be done at
RSA (cryptosystem)

Below is the Python implementation of this approach :

# Function to find the gcd of two 
# integers using Euclidean algorithm
def gcd(p, q):
    if q == 0:
        return p
    return gcd(q, p % q)

# Function to find the
# lcm of two integers 
def lcm(p, q):
    return p * q / gcd(p, q)

# Function implementing extended
# euclidean algorithm
def egcd(e, phi):
    if e == 0:
        return (phi, 0, 1)
        g, y, x = egcd(phi % e, e)
        return (g, x - (phi // e) * y, y)

# Function to compute the modular inverse
def modinv(e, phi):
    g, x, y = egcd(e, phi)
    return x % phi

# Implementation of the Chinese Remainder Theorem
def chineseremaindertheorem(dq, dp, p, q, c):
    # Message part 1
    m1 = pow(c, dp, p)
    # Message part 2
    m2 = pow(c, dq, q)
    qinv = modinv(q, p)
    h = (qinv * (m1 - m2)) % p
    m = m2 + h * q
    return m

# Driver Code
p = 9817
q = 9907
e = 65537
c = 36076319
d = modinv(e, lcm(p - 1, q - 1))

pow(a, b, c) calculates a raised to power b 
modulus c, at a much faster rate than pow(a, b) % c
Furthermore, we use Chinese Remainder Theorem as it
splits the equation such that we have to calculate two
values whose equations have smaller moduli and exponent  
value, thereby reducing computing time.

dq = pow(d, 1, q - 1)
dp = pow(d, 1, p - 1)
print chineseremaindertheorem(dq, dp, p, q, c)

Output :


This article is contributed by Deepak Srivatsav. If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above.

Recommended Posts:

0 Average Difficulty : 0/5.0
No votes yet.