Personal experience:
The core law is Fermat's law: when n = p q (p, q is a prime number), m = (p - 1)(q - 1) , and a is any natural number less than n, then a1+m mod n = a mod n = a
RSA extension: when the result of multiplying e by d is divided by m and the remainder is 1, ae*d mod n = a mod n, that is, ae*d mod n = a, which is applied to the operation e to calculate the public key For the outside world, the data ae mod n = y is used when the outside world is encrypted, and the original a is encrypted as y. The private key holder will (y)d mod n be a.
Example: p: 3, q: 5, n=15, m=8, e=3 (public key), d=11 (private key)
original text: 7, public key encryption: 13 (Excel: =MOD(7^ 3,15)), decryption: 7 (Excel:=MOD(13^11,15))
Reprinted from: http://www.matrix67.com/blog/archives/5100
Number Theory, the crown of mathematics, the purest mathematics. As far back as the ancient Greeks, people have been obsessed with numbers, indulging in a mind game with little practical value. It was not until the birth of the computer that the results of thousands of years of number theory research suddenly had practical applications, and this process was arguably one of the most exciting topics in mathematics.
...
First, find two prime numbers, say 13 and 17. In practice, we would choose much larger prime numbers. Multiply them together and you get 221. Then calculate (13 - 1) × (17 - 1) = 192. According to the previous conclusion, any number a, the remainder of dividing it to the power i by 221 will present a period of length 192 (although there may be shorter periods). In other words, for any a, a, a193, a385, a577, ... all have the same remainder when divided by 221. Note that 385 can be written as 11 × 35...hehe, now we can do a little math magic again. Ask someone to think of a random number up to 221, such as 123. Find the remainder of dividing 123 to the 11th power by 221 and tell you the result. If his calculations are correct, you will get the number 115. At first glance, it may seem difficult to restore 115 back, but in fact, you only need to calculate 115 to the 35th power, and the remainder of dividing it by 221 will return to 123. This is because the other party multiplied the number 123 he wanted 11 times in a row, and got a number X; you multiply this X by yourself 35 times, which is equivalent to 385 times of 123 multiplied by your cooperation. According to the cycle Sex phenomenon, the remainder when it is divided by 221 is still 123. However, when computing 35 consecutive X multiplications, we need to take the remainder of dividing the product by 221 anyway, so we don't have to know the full value of X, just the remainder of dividing X by 221. Therefore, let the other party only tell you the result after taking the remainder of X, which will not cause the loss of information.
This time, however, after only knowing the encryption method, it is difficult to construct the decryption method. It is easy to see that the reason why 35 can be used as the key for decryption is that the result of multiplying 11 by 35 is in the sequence 193, 385, 577, ..., and the remainder when it is divided by 192 is exactly 1. Therefore, the attacker can solve 11x mod 192 = 1 to find the key x that satisfies the requirement. But the point is, how did he know the number 192? To get the number 192, we need to decompose 221 into the product of 13 and 17. This is difficult to do when the prime numbers initially chosen are very, very large.
According to this principle, we can choose two sufficiently large prime numbers p and q and calculate n = p · q . Next, find m = (p - 1)(q - 1) . Finally, find two numbers e and d such that the result of multiplying e by d divides m with 1 remainder. How to find such a pair of e and d? Simple. First, find a random number that is relatively prime to m (it is possible, for example, to keep generating prime numbers less than m until you find one that does not divide m) and use it as our e. Then, solve the equation e · d mod m = 1 for d (just like what the attacker wanted to do just now, except that we have the value of m and he doesn't). Bézout's theorem will guarantee that such d must exist.
Well, now, e and n can be made public as encryption keys, and d and n are decryption keys known only to you. Therefore, the encryption key is sometimes referred to as a public key, and the decryption key is sometimes referred to as a private key. Anyone who knows the public key can use the formula c = ae mod n to encrypt the original data a into a new number c; the holder of the private key can calculate cd mod n to recover the original data a. However, there is still a big problem here: e and d are both large numbers with hundreds of digits, how can we calculate the e-power of a number or the d-power of a number? Obviously, you can't count so many multiplications honestly, otherwise the efficiency is too low. Fortunately, "repeated squaring" can help us quickly calculate the power of a number. For example, calculating a35 is equivalent to calculating a34 · a , which is (a17)2 · a , which is (a16 · a)2 · a , which is ((a8)2 · a)2 · a... which ultimately reduces to ((((a2)2)2)2 · a)2 · a , so 7 multiplications are enough. In the process of simplification, the exponent of a decreases at a rate of half, so in the final formula, the number of multiplications required is also logarithmic, which the computer can fully bear. However, reducing the number of operations does not reduce the size of the number. a is already a large number with tens or hundreds of digits, and multiplying a by itself several times will soon become a super large number that cannot be accommodated in computer memory. How to do it? Don't forget, "Anyway, we must take the remainder of the product at the end, and taking the remainder of the multiplier before multiplication will not affect the result", so we can take the remainder while calculating during the operation. Take the remainder of dividing the product by n. This way, each of our multiplications is a multiplication of two numbers up to n. Using these tips, the computer can complete the process of RSA encryption and decryption in a short enough time.
RSA 算法实施起来速度较慢,因此在运算速度上的任何一点优化都是有益的。利用中国剩余定理,我们还能进一步加快运算速度。我们想要求的是 a35 除以 n 的余数,而 n 是两个质数 p 和 q 的乘积。由于 p 和 q 都是质数,它们显然也就互质了。因而,如果我们知道 a35 分别除以 p 和 q 的余数,也就能够反推出它除以 n 的余数了。因此,在反复平方的过程中,我们只需要保留所得的结果除以 p 的余数和除以 q 的余数即可,运算时的数字规模进一步降低到了 p 和 q 所在的数量级上。到最后,我们再借助“今有物,不知其数”的求解思路,把这两条余数信息恢复成一个 n 以内的数。更神的是,别忘了, ai 除以 p 的余数是以 p - 1 为周期的,因此为了计算 a35 mod p ,我们只需要计算 a35 mod (p-1) mod p 就可以了。类似地,由于余数的周期性现象,计算 a35 mod q 就相当于计算 a35 mod (q-1) mod q 。这样一来,连指数的数量级也减小到了和 p 、 q 相同的水平, RSA 运算的速度会有明显的提升。
......