Professional Documents
Culture Documents
Abstract. This is our proof of the RSA algorithm. There are probably
more elegant and succinct ways of doing this. We have tried to explain
every step in terms of elementary number theory and avoid the ‘clearly
it follows. . . ’ technique favoured by many text books.
1. The Problem
3. The Solution
To get to our end result, we use the fact that the modulus, n, is the product
of two numbers which—because they are primes and not equal—are coprime
to each other. We split the relationship in equation (3) using property §13
into separate congruences modulo p and q, manipulate these congruences,
make use of Fermat’s Little Theorem (§14), and then use property §10 to
join them up again.
Now consider the case of any integer m raised to the power of ed modulo p.
We can say that
med ≡ med−1+1 (mod p), or
med ≡ (med−1 ).m (mod p)
and substituting equation (16) for ed − 1 this becomes
(17) med ≡ (mk(p−1) ).m (mod p).
Because p and q are coprime by definition, we can use §10 to combine equa-
tions (19) and (20)
med ≡ m (mod pq) ≡ m (mod n)
or, by symmetry (§9e),
(21) m ≡ med (mod n).
Combining equations (8) and (9) with (22), we have, for 0 ≤ m < n,
RsaPrivate(RsaPublic(m)) = m, and
RsaPublic(RsaPrivate(m)) = m.
Remarks.
• The gcd requirement in equation (2) is to make sure the modular
inverse d in equation (3) exists.
• The inverse transformations in (4) and (5) only work when 0 ≤ m <
n, i.e. you only have a cryptosystem when m is in the range [0, n−1].
Last updated: 5 May 2007. This LaTex version first published: 2 October 2006.
Written by David Ireland.
To comment on or criticise this please contact us at http://www.di-mgt.com.au.
Copyright
2002-7
c D.I. Management Services Pty Ltd, abn 78 083 210 584, Sydney,
Australia. All rights reserved. Provided “as is” with no warranties. Use at your own
risk.