Warning: foreach() argument must be of type array|object, bool given in /var/www/html/web/app/themes/studypress-core-theme/template-parts/header/mobile-offcanvas.php on line 20

Suppose that (n,e)is an RSA encryption key, with where n=pqarepandq large primes and gcd(e,(p1)(q1))=1. Furthermore, suppose that dis an inverse of emodulo(p1)(q1). Suppose that CMe(modpq). In the text we showed that RSA decryption, that is, the congruence CdM(modpq)gcd(M,pq)=1holds when gcd(M,pq)>1. Show that this decryption congruence also holds when modulopandmoduloq. [Hint: Use congruences

and apply the Chinese remainder theorem].

Short Answer

Expert verified

CdM(modpq)whengcd(M,pq)>1.

Step by step solution

Achieve better grades quicker with Premium

  • Unlimited AI interaction
  • Study offline
  • Say goodbye to ads
  • Export flashcards

Over 22 million students worldwide already upgrade their learning with Vaia!

01

Step 1

DEFFINITIONS

adividesbif there exists an integer such that b=ac.

Notation: ab

Division algorithm: Let n be an integer and d a positive integer. Then there are unique integers

qandrwith0r<dsuch that n=dq+r..

q is called the quotient and r is called the remainder.

q=ndivdr=nmodd

a is congruent to bmodulomif mdividesab.Notation: ab(modm).

Euler’s theorem states ab(modm)aq(n)1(modn)when n is a positive integer and a relatively prime to n .

02

Step 2

SOLUTION

Given:

(n,e)is an RSA encryption key

n=pq

pandqare large primes.

gcd(e,(p1)(q1))=1

d is an inverse of emodulo(p1)(q1).

CMe(modpq)

To proof: CdM(modpq)when gcd(M,pq)>1.

PROOF

when gcd(M,pq)=pq,then CMε0(modpq)andCd0d0M(modpq).

When 1<gcd(M,pq)<pq,then either porqdividesM. Without loss of generality, we can assume that pdividesM (if not, then interchange pandq).

gcd(M,pq)=p

Since d is an inverse ofemodulo(p1)(q1),de1(mod(p1)(q1))or equivalently, there exists an integer k such that:

dek(p1)(q1)+1

However, this then implies:

CdMde(modpq)CMε(modpq)Mk(p1)(q1)+1(modpq)de=k(p1)(q1)+1Mk(p1)(q1)M(modpq).

Since pdividesM,pdividesMk(p1)(q1)MMas well.

03

Step 3

Since gcd(M,q)=1with φ(q)=q1as prime, we can apply Euler’s theorem:

Mq11(modq)

However, this then implies:

Mk(p1)(q1)MM(q1)k(p1)M(modq)1k(p1)M(modq)1M(modq)M(modq)

This then implies that Mk(p1)(q1)MM0(modq)and thus role="math" localid="1668663643939" qdividesMk(p1)(q1).M-Mas well.

However, pand qare primes:

Mk(p1)(q1)MM0(modn)Mk(p1)(q1)+1M(modn)MdeM(modn)MedM(modn)CdM(modn)CMe(modpq)

One App. One Place for Learning.

All the tools & learning materials you need for study success - in one app.

Get started for free

Study anywhere. Anytime. Across all devices.

Sign-up for free