用中国剩余定理进行弱 RSA 解密
先决条件:RSA算法
为什么RSA解密很慢?
RSA 解密比加密慢,因为在进行解密时,私钥参数“d”必然很大。此外,参数“p 和 q”是两个非常大的素数。
给定整数 c、e、p 和 q,找到 m 使得c = pow(m, e) mod (p * q) (弱整数的 RSA 解密)。
Basics :
- RSA is a public key encryption system used for secure transmission of messages.
- RSA involves four steps typically :
(1) Key generation
(2) Key distribution
(3) Encryption
(4) Decryption - Message Encryption is done with a “Public Key”.
- Message Decryption is done with a “Private Key” – parameters (p, q, d) generated along with Public Key.
- The private key is known only to the user, and the public key can be made known to anyone who wishes to send an encrypted message to the person with the corresponding private key.
- A public key which is depicted by two parameters n (modulus) and e (exponent). The modulus is a product of two very large prime numbers (p and q as shown below). Decryption of this message would require the user to factorize n into two prime factors(the main reason, RSA is secure), and then find the modular inverse of e, wherein the difficult task lies.
- A text message is first converted to the respective decimal value, which is the parameter ‘m’ which we are finding below. We now encrypt this message by doing c = pow(m, e) mod (p * q), where c is the encrypted text.
在这段代码中,我们利用弱模和指数值来尝试通过找到 p、q 和 d 的值来生成私钥来破解加密。在这些示例中,我们将尝试在给定 p 和 q 的情况下找到 d。
笔记 :
在这里,在这个示例中,我们使用了较小的p和q值,但实际上我们使用了非常大的p和q值来使我们的 RSA 系统安全。
例子 :
Input :
c = 1614
e = 65537
p = 53
q = 31
Output :
1372
Explanation :
We calculate c = pow(m, e)mod(p * q).
Insert m = 1372.
On calculating, we get c = 1614.
Input :
c = 3893595
e = 101
p = 3191
q = 3203
Output :
6574839
Explanation :
As shown above, if we calculate pow(m, e)mod(p * q)
with m = 6574839, we get c = 3893595
Normally, we can find the value of m by following these steps:
(1) Calculate the modular inverse of e.
We can make use of the following equation, d = e^(-1)(mod lambda(n)),
where lambda is the Carmichael Totient function.
Read: Carmichael function
(2) Calculate m = pow(c, d)mod(p * q)
(3) We can perform this calculation faster by using the Chinese Remainder Theorem,
as defined below in the function
Further reading on Chinese Remainder Theorem can be done at
RSA (cryptosystem)
下面是这种方法的Python实现:
# Function to find the gcd of two
# integers using Euclidean algorithm
def gcd(p, q):
if q == 0:
return p
return gcd(q, p % q)
# Function to find the
# lcm of two integers
def lcm(p, q):
return p * q / gcd(p, q)
# Function implementing extended
# euclidean algorithm
def egcd(e, phi):
if e == 0:
return (phi, 0, 1)
else:
g, y, x = egcd(phi % e, e)
return (g, x - (phi // e) * y, y)
# Function to compute the modular inverse
def modinv(e, phi):
g, x, y = egcd(e, phi)
return x % phi
# Implementation of the Chinese Remainder Theorem
def chineseremaindertheorem(dq, dp, p, q, c):
# Message part 1
m1 = pow(c, dp, p)
# Message part 2
m2 = pow(c, dq, q)
qinv = modinv(q, p)
h = (qinv * (m1 - m2)) % p
m = m2 + h * q
return m
# Driver Code
p = 9817
q = 9907
e = 65537
c = 36076319
d = modinv(e, lcm(p - 1, q - 1))
"""
pow(a, b, c) calculates a raised to power b
modulus c, at a much faster rate than pow(a, b) % c
Furthermore, we use Chinese Remainder Theorem as it
splits the equation such that we have to calculate two
values whose equations have smaller moduli and exponent
value, thereby reducing computing time.
"""
dq = pow(d, 1, q - 1)
dp = pow(d, 1, p - 1)
print chineseremaindertheorem(dq, dp, p, q, c)
输出 :
41892906