RSA encryption principle:
Lee Wing-lok Teacher Video: https://www.bilibili.com/video/av26639065?t=8
RSA proof:
RSA's proven
sequence
thanks to friends to remind, to (3) and the inference was amended.
Initially write this "proof of RSA" is to see a good text - '' not to force ah, the old wet! ": RSA encryption and crack", but in this article most of the share on the network, the formula most do not complete. And mathematical representation of the differences of language and habits of programmers throughout the deduction used too. So out of this article, on the "RSA encryption and crack" were summarized and math portions of the programmer into easily understandable way. But most of the content is derived from the "RSA encryption and crack", drawing a small amount of use of the "RSA algorithm basic explanation" supplementary explanation.
However, in retrospect this article, although had repeatedly revised, but there are still many places statements are not clear, not rigorous, but also simple enough. For example equation (3) can be more simplified, which leads to more simple derivation of the proof can be efficiently RSA; upside in proving RSA, the fundamental objective is not clear proof; Further, for the selection of n, this should be more detailed description, n is the RSA to select this crucial point established, but data on the domestic network seems rarely mentioned, or will not be described in detail.
Therefore, this article has been modified again, hoping to most domestic and wild RSA information reproduced a clear distinction, it can play the role of inspiration to the users look at the issue from another angle. And try to put the issue in detail, logical and smooth, precise.
Introduction
RSA is an asymmetric encryption algorithm, we can be able to understand the others can not read plain text into an encrypted ciphertext. In contrast, the first encryption, such as the Caesar shift cipher, which is used for encryption and decryption of the same key (key), is referred to as a symmetric encryption algorithm. This algorithm, a key Once you know, you can get all the plain text of encrypted communications.
However, if the encryption with a key, and can only be decrypted with another key, then, even if people get a wiretapping message encryption key can not restore the plaintext. This will greatly improve the security of encrypted communications. This different manner of encryption and decryption keys are called asymmetric encryption.
In 1977, Ronald Rivest (Ron Rivest), Adi Shamir (Adi Shamir) and Leonard Adleman (Leonard Adleman) jointly proposed the famous three asymmetric encryption algorithm --RSA, It is one of the most secure encryption algorithms.
Basics
To clearly understand this algorithm, we must first master a few mathematical concepts, theorems or axioms, the core of which to calculate Euler's theorem. Fermat 17th Century Firstly, a special form of the theorem that Fermat's little theorem:
p is a positive prime number, a is any integer p is not divisible. Then, a ^ (p-1) -1 is divisible by p.
1
is
(A ^ (the p--1)) = 1% the p-
1
Fermat have a habit to write notes in the book side, because the book is generally too small margin, led him to put forward the famous "Fermat's conjecture," but no place to write proof, then left at the margin of a book, "I found a wonderful proof, but because of gaps too small to be written down." Leading to a long period of time, then this conjecture so many people who want to break their heads nor permit. Visible, to write notes in the book side is not a good habit. Similarly, "Fermat's Little Theorem" proof, but also long after the fix.
One hundred years later, the big cattle call Euler, Euler saying life has written more than 70 math books, almost all areas of mathematics were then conquered again, such a person to conquer the addiction has, naturally did not spare expenses horse, so Euler wild child Fermat's little theorem, extending it to a wider application of mathematical language is described as follows:
If n is a positive integer, a is any non-zero integer, and n and a are relatively prime, then:
. (. 1) (a ^ [Phi] (n))% n =. 1
. 1
2
wherein, [Phi] (n) is the European pull function, φ (n) = from 1 to n-1 are all integers prime number n. Relatively prime, it means only one common divisor. So, for example 5, the 1,2,3,4 and 5 are coprime, so φ (5) = 4.
For the prime number p, and its 1,2,3, ..., p-1 are relatively prime, so φ (p) = p-1. For example φ (11) = 10.
Since there are a prime number p φ (p) = p-1. Therefore, from Euler's theorem can be launched Fermat's little theorem. After Euler child Fermat, we can forget the Fermat's Little Theorem (saying here just laugh Ha, Fermat or super cow). Simple test Euler's theorem with an example. If n is 6, then φ (6) = 2. Let a 11, and 6 are relatively prime. 121-1 120, can indeed be divisible by 6, in line with Euler's theorem.
About Euler function, there is a corollary:
m and n are positive integers coprime. Then
. (2) [Phi] (Mn) = [Phi] (m) * [Phi] (n-)
1
2
except that (1) and (2), ahead of the above should also be noted that:
. (. 3) (A * B) n-% = ((A n-%) * (n-% B)) n-% = ((% n-A) * B) n-%
. 1
simple proof is as follows:
The remainder is assumed that a and b are divided by n c1, c2, then a and b can be written as a = n * t1 + c1, b = n * t2 + c2.
Then, a * b = n ^ 2 * t1 * t2 + n * t1 * c2 + n * t2 * c1 + c1 * c2.
Therefore, the remainder a * b is divided by n (c1 * c2)% n, since the c1 and c2 not be divisible by n, so (c1 * c2)% n = c1 * c2, i.e. (a * b)% n = (a% n) * ( b% n).
. 1
2
. 3
According to this can be deduced
(A ^ m) the n-% = ((% the n-A) ^ m) the n-% = ((% the n-A) ^ m)% the n-
1
above is actually something very tedious aspects of number theory, these things would have been in ancient times not much practical significance, did not expect the development of modern computer and communications technology, opening up a vast space for the application of these theories. RSA encryption, it applied the above theory.
Encryption / decryption process
until proven RSA algorithm, we start to understand this algorithm and the encryption and decryption process
First select two primes p and q, let n = p * q;
and k = φ (n) = ( p-1) * (q-1);
selecting an arbitrary d, with the proviso that 1 <d <φ (n) and d is coprime to k;
rounded E, so that (d * e)% k = 1. That d * e = k * t + 1, t is some integer. The Euler's theorem (d ^ φ (k)) % k = (d * d ^ (φ (k) -1))% k = 1, calculate the e = d ^ (φ (k ) -1).
(e, n) and (d, n) is the key.
Plaintext to be encrypted with c, c and n are coprime. x ciphertext.
C encryption process is: x = (c ^ e)% n
Decryption process x is: c = (x ^ d)% n
Proof
Well, it's our turn to start, prove that the algorithm.
To demonstrate RSA, c evidenced after decrypting the encrypted again remains c, which is c = (((c ^ e)% n) ^ d)% n.
Proof (below mainly using d * e = k * t + 1, and (3) and deduced):
(((C ^ E)% n-) ^ D)% n-
= (C ^ (D * E))% n-
= (C ^ (K * T +. 1))% n-
= (C * ((C ^ K ) ^ T))% n-
= ((C% n-) * (((C ^ K) ^ T)% n-))% n-
= ((C% n-) * (((C ^ K)% n-) ^ T) n%) n%
1
2
. 3
. 4
. 5
. 6
according to Euler's theorem (1), for any c, if c is prime to n, then:
(C ^ K) n-% = (C ^ [Phi] (n-)) = n-%. 1
. 1
Thus,
((C% n-) * (((C ^ K)% n-) ^ T)% n-)% n-
= ((C% n-) * ((. 1 ^ T)% n-))% n-
= ((C% n) *. 1)% n
= c n%
. 1
2
. 3
. 4
as c prime with n, so c% n = c, that is to say:
(((C ^ E) n-%) ^ D) =% n-C
. 1
thus obtained RSA certificate.
Key
according visible proof of the above, the key of the RSA algorithm, is to find a prime number with the plaintext c n, if c is an integer, then it is easy to find with prime numbers, if c is a set of numbers, such as c1 , c2, ..., cx, then how to find a n and c are all prime to it?
The method that primes p and q must be larger than all of c, and the resulting necessarily all n c are relatively prime. the reason is:
If the two numbers among the bigger number is a prime number, the prime both constituting relationship index p and q larger than all of c, so p and q c are all prime;
because only n decomposed into p and q, and c are all of the p and q are relatively prime, so n c are cross with all quality.
RSA Security
in order for n remainder of the time, the numbers will not be confused, RSA algorithm requires that all encrypted number c is less than n.
But the more important reason is to protect large n p and q. Want to hack, you must find d. RSA review the work process (note that n is public), it can be cracked:
To find the hidden p and q
knows p and q, can be calculated K
d * E = T + K *. 1, i.e. to find a e, d * can be divided so that k e-1. d to find.
Break the whole process above, the first step is the most difficult - to find two hidden p and q. If p and q are chosen to be very large, such as 200, can lead to very large n, there are 400. Looking for a 400-digit prime number decomposition, for the current computer is not easy, it needs to do the divisions approximately sqrt (10 ^ 400) / 2 times. ^ Corresponding to 10 199 times the division! Tianhe supercomputer to No. 2 as an example, floating-point operations per second capacity is 10 ^ 16 level. So, find p and q 2 with a No. Tianhe takes about 10 ^ 174 years. This live to please God shot. However, if 10 ^ 174 years later, the Tianhe-2 plaintext as follows (if Tianhe-2 is still the case):
"10 ^ 174 years minus one day, this information void."
1
So, it is estimated that God also dumbfounding.
[1] MOD function and% symbol () represents a modulo operation are to be understood as a remainder, such as 5% 3 = 2
[2] ^ represents the exponentiation symbol, such as 2 ^ 5 = 25
[3] on the n a simple method of selecting only given here. A counter-example is p, q and c is not prime, for example, p = 5, q = 7, c = 70, it is clear that n = 35, and c is not coprime
[4] This data reference "" not to force ah, old wet ! ": RSA encryption and crack", its simplified, and gives details of the RSA algorithm is more in line with the programmer's language proves that the original link is: http: //www.cnblogs.com/vamei/p/3480994. ! html # comments, if the original formula shows abnormalities, you can refer to: http: //blog.jobbole.com/96702/
[5] references "RSA algorithm basic explanation" from: http: //www.cnblogs.com /hykun/p/RSA.html
description link: https: //blog.csdn.net/desert187/article/details/51123269