Mixing
Understanding an excerpt of notes on RSA using the Chinese Remainder theorem
$begingroup$
I have a description in my cryptography notes of a way to make RSA more efficient using the Chinese Remainder Theorem. Let $p,q$ be large primes, $N=pq$ , $e$ be the public encryption exponent, $d$ the private encryption exponent. I will only ask about the excerpt I don't understand for brevity. Let $C$ be the ciphertext and $M equiv C^d mod N$
- Compute $d_p equiv d mod (p-1)$, $d_q equiv d mod (q-1)$
- Compute $C_p equiv C (mod p)$, $C_q equiv C (mod q)$,
- Compute $M_p equiv C_p^{d_p} (mod p)$, $M_q equiv C_q^{d_q} (mod q)$
- Compute the unique $M_1$ such that $M equiv M_p (mod p)$ and $M equiv M_q (mod q)$ using the Chinese remainder theorem
Then the author states without proof that:
** $M equiv C^d equiv C_p^{d_p} equiv M_1 (mod p)$
referring to "an earlier result about groups" as the reason for this claim and that $p-1$ divides $d-d_p$.
Why is (**) this true?
cryptography
asked Jan 26 at 19:34
IntegrateThisIntegrateThis
1,9441818
$endgroup$
add a comment |
$begingroup$
I have a description in my cryptography notes of a way to make RSA more efficient using the Chinese Remainder Theorem. Let $p,q$ be large primes, $N=pq$ , $e$ be the public encryption exponent, $d$ the private encryption exponent. I will only ask about the excerpt I don't understand for brevity. Let $C$ be the ciphertext and $M equiv C^d mod N$
- Compute $d_p equiv d mod (p-1)$, $d_q equiv d mod (q-1)$
- Compute $C_p equiv C (mod p)$, $C_q equiv C (mod q)$,
- Compute $M_p equiv C_p^{d_p} (mod p)$, $M_q equiv C_q^{d_q} (mod q)$
- Compute the unique $M_1$ such that $M equiv M_p (mod p)$ and $M equiv M_q (mod q)$ using the Chinese remainder theorem
Then the author states without proof that:
** $M equiv C^d equiv C_p^{d_p} equiv M_1 (mod p)$
referring to "an earlier result about groups" as the reason for this claim and that $p-1$ divides $d-d_p$.
Why is (**) this true?
cryptography
asked Jan 26 at 19:34
IntegrateThisIntegrateThis
1,9441818
$endgroup$
$begingroup$
** is true, because $C_pequiv C bmod p$ and $C^pequiv Cbmod p$ by little Fermat.
$endgroup$
– Dietrich Burde
Jan 26 at 20:01
$begingroup$
@DietrichBurde where does $p$ come from we are raising $C$ to $d_p$.
$endgroup$
– IntegrateThis
Jan 26 at 20:06
$begingroup$
@DietrichBurde I think I understand, see my answer.
$endgroup$
– IntegrateThis
Jan 26 at 21:53
add a comment |
$begingroup$
I have a description in my cryptography notes of a way to make RSA more efficient using the Chinese Remainder Theorem. Let $p,q$ be large primes, $N=pq$ , $e$ be the public encryption exponent, $d$ the private encryption exponent. I will only ask about the excerpt I don't understand for brevity. Let $C$ be the ciphertext and $M equiv C^d mod N$
- Compute $d_p equiv d mod (p-1)$, $d_q equiv d mod (q-1)$
- Compute $C_p equiv C (mod p)$, $C_q equiv C (mod q)$,
- Compute $M_p equiv C_p^{d_p} (mod p)$, $M_q equiv C_q^{d_q} (mod q)$
- Compute the unique $M_1$ such that $M equiv M_p (mod p)$ and $M equiv M_q (mod q)$ using the Chinese remainder theorem
Then the author states without proof that:
** $M equiv C^d equiv C_p^{d_p} equiv M_1 (mod p)$
referring to "an earlier result about groups" as the reason for this claim and that $p-1$ divides $d-d_p$.
Why is (**) this true?
cryptography
asked Jan 26 at 19:34
IntegrateThisIntegrateThis
1,9441818
$endgroup$
I have a description in my cryptography notes of a way to make RSA more efficient using the Chinese Remainder Theorem. Let $p,q$ be large primes, $N=pq$ , $e$ be the public encryption exponent, $d$ the private encryption exponent. I will only ask about the excerpt I don't understand for brevity. Let $C$ be the ciphertext and $M equiv C^d mod N$
- Compute $d_p equiv d mod (p-1)$, $d_q equiv d mod (q-1)$
- Compute $C_p equiv C (mod p)$, $C_q equiv C (mod q)$,
- Compute $M_p equiv C_p^{d_p} (mod p)$, $M_q equiv C_q^{d_q} (mod q)$
- Compute the unique $M_1$ such that $M equiv M_p (mod p)$ and $M equiv M_q (mod q)$ using the Chinese remainder theorem
Then the author states without proof that:
** $M equiv C^d equiv C_p^{d_p} equiv M_1 (mod p)$
referring to "an earlier result about groups" as the reason for this claim and that $p-1$ divides $d-d_p$.
Why is (**) this true?
cryptography
cryptography
asked Jan 26 at 19:34
IntegrateThisIntegrateThis
1,9441818
asked Jan 26 at 19:34
IntegrateThisIntegrateThis
1,9441818
edited Jan 26 at 19:54
IntegrateThis
asked Jan 26 at 19:34
IntegrateThisIntegrateThis
1,9441818
asked Jan 26 at 19:34
IntegrateThisIntegrateThis
1,9441818
asked Jan 26 at 19:34
IntegrateThisIntegrateThis
1,9441818
1,9441818
$begingroup$
** is true, because $C_pequiv C bmod p$ and $C^pequiv Cbmod p$ by little Fermat.
$endgroup$
– Dietrich Burde
Jan 26 at 20:01
$begingroup$
@DietrichBurde where does $p$ come from we are raising $C$ to $d_p$.
$endgroup$
– IntegrateThis
Jan 26 at 20:06
$begingroup$
@DietrichBurde I think I understand, see my answer.
$endgroup$
– IntegrateThis
Jan 26 at 21:53
add a comment |
$begingroup$
** is true, because $C_pequiv C bmod p$ and $C^pequiv Cbmod p$ by little Fermat.
$endgroup$
– Dietrich Burde
Jan 26 at 20:01
$begingroup$
@DietrichBurde where does $p$ come from we are raising $C$ to $d_p$.
$endgroup$
– IntegrateThis
Jan 26 at 20:06
$begingroup$
@DietrichBurde I think I understand, see my answer.
$endgroup$
– IntegrateThis
Jan 26 at 21:53
$begingroup$
** is true, because $C_pequiv C bmod p$ and $C^pequiv Cbmod p$ by little Fermat.
$endgroup$
– Dietrich Burde
Jan 26 at 20:01
$begingroup$
** is true, because $C_pequiv C bmod p$ and $C^pequiv Cbmod p$ by little Fermat.
$endgroup$
– Dietrich Burde
Jan 26 at 20:01
$begingroup$
@DietrichBurde where does $p$ come from we are raising $C$ to $d_p$.
$endgroup$
– IntegrateThis
Jan 26 at 20:06
$begingroup$
@DietrichBurde where does $p$ come from we are raising $C$ to $d_p$.
$endgroup$
– IntegrateThis
Jan 26 at 20:06
$begingroup$
@DietrichBurde I think I understand, see my answer.
$endgroup$
– IntegrateThis
Jan 26 at 21:53
$begingroup$
@DietrichBurde I think I understand, see my answer.
$endgroup$
– IntegrateThis
Jan 26 at 21:53
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
Here is what I have deduced (I admit this could be wrong). Since $p-1$ divides $d-d_p$, then for some $k$ we have $k(p-1)=d-d_p$, so that $d_p=d-k(p-1)$ but then by Fermat's little theorem:
$C^{d_p}equiv C^{d-k(p-1)}equiv C^dC^{-k(p-1)} equiv C^d(1)^{-k} = C^d (mod p)$
answered Jan 26 at 21:44
IntegrateThisIntegrateThis
1,9441818
$endgroup$
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "69"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f3088665%2funderstanding-an-excerpt-of-notes-on-rsa-using-the-chinese-remainder-theorem%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
Here is what I have deduced (I admit this could be wrong). Since $p-1$ divides $d-d_p$, then for some $k$ we have $k(p-1)=d-d_p$, so that $d_p=d-k(p-1)$ but then by Fermat's little theorem:
$C^{d_p}equiv C^{d-k(p-1)}equiv C^dC^{-k(p-1)} equiv C^d(1)^{-k} = C^d (mod p)$
answered Jan 26 at 21:44
IntegrateThisIntegrateThis
1,9441818
$endgroup$
add a comment |
$begingroup$
Here is what I have deduced (I admit this could be wrong). Since $p-1$ divides $d-d_p$, then for some $k$ we have $k(p-1)=d-d_p$, so that $d_p=d-k(p-1)$ but then by Fermat's little theorem:
$C^{d_p}equiv C^{d-k(p-1)}equiv C^dC^{-k(p-1)} equiv C^d(1)^{-k} = C^d (mod p)$
answered Jan 26 at 21:44
IntegrateThisIntegrateThis
1,9441818
$endgroup$
add a comment |
$begingroup$
Here is what I have deduced (I admit this could be wrong). Since $p-1$ divides $d-d_p$, then for some $k$ we have $k(p-1)=d-d_p$, so that $d_p=d-k(p-1)$ but then by Fermat's little theorem:
$C^{d_p}equiv C^{d-k(p-1)}equiv C^dC^{-k(p-1)} equiv C^d(1)^{-k} = C^d (mod p)$
answered Jan 26 at 21:44
IntegrateThisIntegrateThis
1,9441818
$endgroup$
Here is what I have deduced (I admit this could be wrong). Since $p-1$ divides $d-d_p$, then for some $k$ we have $k(p-1)=d-d_p$, so that $d_p=d-k(p-1)$ but then by Fermat's little theorem:
$C^{d_p}equiv C^{d-k(p-1)}equiv C^dC^{-k(p-1)} equiv C^d(1)^{-k} = C^d (mod p)$
answered Jan 26 at 21:44
IntegrateThisIntegrateThis
1,9441818
answered Jan 26 at 21:44
IntegrateThisIntegrateThis
1,9441818
answered Jan 26 at 21:44
IntegrateThisIntegrateThis
1,9441818
answered Jan 26 at 21:44
IntegrateThisIntegrateThis
1,9441818
1,9441818
add a comment |
add a comment |
Thanks for contributing an answer to Mathematics Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f3088665%2funderstanding-an-excerpt-of-notes-on-rsa-using-the-chinese-remainder-theorem%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
** is true, because $C_pequiv C bmod p$ and $C^pequiv Cbmod p$ by little Fermat.
$endgroup$
– Dietrich Burde
Jan 26 at 20:01
$begingroup$
@DietrichBurde where does $p$ come from we are raising $C$ to $d_p$.
$endgroup$
– IntegrateThis
Jan 26 at 20:06
$begingroup$
@DietrichBurde I think I understand, see my answer.
$endgroup$
– IntegrateThis
Jan 26 at 21:53