An effective algorithm to private-key in the RSA cryptosystem Текст научной статьи по специальности «Математика»

Вестник Сыктывкарского университета. Сер Л. Вып. 16.2012

УДК 513.88

AN EFFECTIVE ALGORITHM ТО PRIVATE-KEY IN THE

RSA CRYPTOSYSTEM

A, Grytczuk

111 tlllS paper we give an effective algorithm for determinaion in explicit form of the inverse element in private-key in the RSA cryptosystem under the condition when we known the value of the Euler's totient function .Moreover, we present some estimates for the function ip (n) for the case when the natural number n is the product of two primes p1 q, so n = pq and this result can be applied in RSA cryptosvstem. The main theoretical idea is contained in our papers [1]-

2000AMS Subject Classification: 11В50Д1Т71.

Ключевые слова: криптография,, криптосистемы RSA, последовательности.

1, Description of the classical algorithm.

We remember that Rivest, Shamir and Adleman in the paper [5] give a very important cryptosystem called as RSA cryptosystem. In the first steep in this cryptosystem we select two different primes p, q.Let n—p-q, then we have (р (n) = (p — 1) * (q — 1), where (p is the well-known Euler's function. Next, we select a дишЬсг such tlic^t 1 < k < ip (n) .and gcd (k, <p> (n)) = 1, where gcd (x, y) denotes the grand common divisor of the integer numbers x, y. Then the pair {k, n) is called as public-key of the RSA cryptosystem. The inverse element with respect to k in the multiplicative group Z*r where m — '-p (n), wre denote by I. Then the pair {I, n) is called as private-key of thо RS-A-- Thс clctcrш111citioix of the clc111сrit I in private-key cryptosystem by known classical technique has the following procedure. In the first steep we use cle.ssice.1 ]Е)и,1бг s t h с о г с n i»

(1.1) If (k, m) = 1 then = 1 ( mod m),

(c) Grytczuk A. A., 2012.

Relation a = b( mod rn) is equivalent to divisibility relation m\a —b, so denote that there is integer q such, tlicit a — b = rriq,hence a = mq + b. On the other hand wo known that the element l is inverse to k iix the ^roup Z^^ hence

(1.2) I • k = 1 ( mod m).

By (1.1), (1.2) and well-known properties of the congruence relation ( mod m) it follows that

(1.3) I = k^-1 ( mod m).

From (1.3) we obtain that the element \ is the residue of the divisilibity the number ^ by m.

2, Algorithm based on continued simple finite fractions.

Let rn > 2 be fixed integer and let Z be the ring of all integers. Moreover,

let

(2.1) Z^ — {x G Z-71 < x < m, (x, rn) — 1} ,

and let x, y e '/■'„,, and " o " be the following operation in the set (2.1):

(2.2) xoy = r = {x-y)m.

Element r is the residue which we obtain dividing the product x ■ y by

rn.

In our papers [1] have been proved that the set Z*m defined by (2.1) with the operation (2.2) is a commutative group with effective and explicit form of the iii\ erse elements.

Now, we give short method for deterin 1 na11 oix such. inverse element *

Let k <^Z*m and let x be an inverse element to k. Then by (2.2) it follows that there is an integer y such that k > x = m • y + 1, hence,

(2.3) m'y — k'X = —l.

Since m, k are given integers then we can expanded the rational number j- on the simple finite continued fraction:

(2.4) f = [qQ;qi,q2,-,qs]-

Let Rj = be j — th convergent of the fraction (2.4), then m = Ps,k =

^^ y ciritL

(2.5) Pj-1.Q3--PrQj-1 = {- l)j; 2 <j<s.

For j = s by (2.5) it follows that

(2.6) i-Qs-Ps , -MT

From (2.6) and (2.3) immediately follows that if s — 2t then

(2.7) x = l>, i = I:,2t i-

If s — 2t + 1 then we obtain

(2.8) x = m- Ps-1 = m - P2t.

By (2.7) and (2.8) it follows that the inverse 01C xxx o nt kC xs deterxxxxixed m explicit form.B

3. Application to RSA cryptosystem.

For application of this algorithm to determination of the element I in private-key of RSA cryptosystem it suffices to consider the case when m — (p{n). Consider the following example:

Example Let p = 13, q = 31. Then we have n = p-q = 13-31 = 403 and consequently cp (n) — if (p - q) — (p — 1) • (q — 1) — 12 • 30 — 360. Now, we select in public-key the number k — 157,which satisfied the condition 1 < 157 < 360 and gcd (157,360) — 1. Then by application to numbers 360 and 157 of the Euclide's algorithm we obtain:

(3.1) 360 — 157 -2 + 46; q0 = 2 157 = 46-3 + 19; qt = 3 46 = 19 - 2 + 8; q2 = 2 19 — 8-2 + 3; qs = 2 8 = 3-2 + 2; qi = 2 3 = 2-1 + 1; q5 = l

2 = 1-2; = 2.

From (3.1) we have the following form of simple finite continued fraction for rational number ►

(3.2) fff = [2; 3,2, 2, 2,1,2].

p.

Using the following formulas for the reducts Rj = 0 < j < s, from the theory of simple finite continued fractions:

(3.3) P0 = qo,Qo = l : Pi = qo-qi +1, Qi = qi,

(3.4) Pj = q-j ' Pj-i + Pj-2, Qj = qj ' Qj-i + Qj-2, for all j, such that 2 <j<s-;

by (3.1),(3.3) and (3.4) we obtain

(3.5) P0 = 2, Pl = 2 - 3 + 1 = 7, P2 = 2 • 7 + 2 = 16, Ps = 2 -16 + 7 = 39, Pi = 2-39+16 = 94, PT> = 1-94+39 = 133, P6 = 2-133+94 = 360 = <p (n)

(3.6) Q,t - I.O, - -2-311- 7.(1, -2-713- 17.Q, -

2 -17 + 7 = 41, Q5 = 1 - 41 + 17 = 58, Q& = 2 • 58 + 41 = 157 = k.

Since s — 6 = 2 - 3, is even , then by (2.7) and (3.5) it follows that I = Ps—i = P5 = 133. ■

Example 2, Let p = 13, q = 31 be the same prime numbers as in the Example 1, but we select in public-key the number k = 257. Then applying similar procedure as in the Example 1 we obtain

(3.7) |f = [1; 2, 2, 51], q0 = 1, qL = 2, q2 = 2, & = 51.

By (3.7), (3.3) and (3.4) it follows that

(3.8) Po = l,P1 = 3,P2 = 7,P3 = 360

(3.9) Qo = l,Qi = 2, Q2 = 5, = 257.

Since 5 = 3 = 2-1 + 1, is odd, then from (3.8) and (2.8) we have that / = m - P i = v? (n) - P2 = 360 - 7 = 353.«

Example 3» Now we can compare the classical and our algorithm. In Example 1 we have m = <p{n) = 360,hence (p (m) = ip (360) = ip (23 - 32 • 5) = <p (23) - ip (32) - (5) = 4-6-4 = 96. By (1.3) we have

84

(¡ryiczuk А. А.

(3.10) I = 15795 ( mod 360),

so denote that for deter in 1 n a 11 о n in. explicit form of the element I in private - key of RSA cryptosystem we must calculate of the value power 15795 and next dividing by 360 wo obtain the number I — 133»

In the Example 2 we have

(3.11) I = 25 795 ( mod 360).

Therefore dividing the number 25795 by 360 we must obtain the number I = 353 which has been determined in Example 2,

Now, we give general procedure based on algoritm described in part 2.

We name of this algorithm in short form as:algorithm of CSFF

4. Determination of the element I in. private-key of the RSA cryptosystem based on algorithm of CSFF

Let n — p-q and ip (n) — (p — 1) • (q — 1), Moreover, let 1 < к < </? (n),

gcd (k, Lp (n)) — 1. Then public-key is given by the pair (к, n ^»Wc determine the inverse element in private-key by the following process:

1°, The rational number we expande on simple finite continued fraction by application well-knowm Euclide's algorithm,

(4.1) ^ = [(/0; ?i, ft,...,?.].

2°, By applications of the formulas (3.3) and (3.4) we determinate — i»

3°. If = 2/ then the inverse element I is given by the formula I = P2t-i-If* = 2/ ■ 1 then I = p(n)~ P2t.

5. Remark 1. The algorithm based on simple finite continued fraction described in part 4 give explicit form of the inverse element I in private-key {I, n) of the RSA cryptosystem but under the condition when we knowm the value of the Euler function tp (n), Therefore in next part of this paper we give an estimate for the function (p (n), which can be used in practice cryptography.

6. Estimate for the function <p(n). Since n = p' q then we have

(6.1) <.p (n) — (p — 1) - (q — 1) — p - q + 1 — (p + q) — n + 1 — (p + q). Now,we remark that if «x* is a real positive number, then we have

(6.2) = [x] + {x}f

where [x] denote the integer part of x and 0 < {a;} < 1. It is well-known classical inequality:

(6.3)

From (6.2), (6.3) and in virtue of n = p • q we obtain

(6.4) p + q> 2\/77 > 2 [\/rn\. By (6.1) and (6.4) it follows that

(6.5) <p(n)<n + 1-2 [v^].

For lower bound estimation we note that if n = p > q then we have: 1). p > \fn and q < \fn or 2). q > y/n and p < \fn. By (6.1) it follows that

pq) P'<i

p-q '

(6.7) I + I< i

\ ' P I Vn 11

From (6.6) and (6.7) we get

(6.8) (n) > n ■ 1 -

j___3_ _i_ I

11 yra n

1 10 n 11

For x = y^ from (6.2) follows that (.6.9) ^=[^ + {-^<[^ + 1. By (6.8) and (6.9) it follows that

86 (¡ryicy.uk A. A.

(6.10) cp(n)>g'n-[y/nl.

From (6.5) and (6.10) we obtain that for every odd primes p, q such that one of p or q is greater than 11 we have the following estimate for function ip (n), when n—p-q:

(*) $-n-[y/r^<<p(n)<n + l-2'[y/n\.

Now, we remark that we can obtained better lower bound than (6.1) using the following consideration. Suppose that we have the case 2). Then we have

(6.11) q > y^ = + {y^}, 0 < {V^} < 1.

By (6.1) it follows that

(6.12) q>[yM-

From (6.12) and the fundamental theorem of arithmetic we have

(6.13) q = [y/n\ ' s + r, where 0 < r < [\/n\ ,s>l.

Since from condition (2) we have that p < y/n — [v^l+iv7"} < [\/™]+l> then by (6.13) wre get

(6.14) p + q<[y/n\ + l + [y/n\'s + [y/n\ = {s + 2)[y/n\ + l.

By (6.14) and (6.1) it follows that

(6.15) <p{n) = n+l-(p + q) > n+l-(s + 2) [y/n\-l - n-(s + 2)[^n\.

From (6.15) and (6.5) for $ — 1 we obtain

(**) n - Z[y/n\ < (p(n) < n + 1 - 2 [<Jn\.

We note that? the lover bound estimation for the function Lp given in (**) is better than (*) for all n > 222,

Example 4. Let p — 13, g — 31 as in Example 1. Then we have n — 403, tp (n) — 360. From (*) we obtain

(i) if - 403 - [■v/403] < ip (n) < 403 + 1 - 2 • [ V403] ,

11611C- c

(ii) 346 < if (n) < 364.

Remark 2. From the classical Rosser-Schonenfeld's inequality [6], (Cf.[4],p.l69 and [2],p.70) it follows that for all n > 39 we have

(R-S) <p(n) > o^itopr-

It is easy to see that the lower bound given by (*) is better for application than (R-S).Upper bound (*) for all composite n in the form: ip (n) < n + 1 — 2' yTi have been given in the paper [3].

References

1. Grytczuk A, Effective description of the group of reduced system of residues // Dydaktyka Matematyki, 4 (2003), 11-22, (in Polish).

2. Grytczuk A. Upper bound for sum of divisors function and the Riemann Hypothesis // Tsukuba J.Math. 31.(2007),67-75.

3. Grytczuk A. and Wojtowicz M. An application of the Minkowski inequality // Int. J.Pure Appl.Math. 11 (2004), 311-ЗЦ.

4. Ribenboim P. The Little Book of Big Primes,Springer-Verlag, 1991 (Polish Edition WNT,1997).

5. Rivest R. L., Shamir A., Adleman L. M. A method for obtaining digital signatures and public-key cryptosystems // Comm.ACM, 21 (1978), 120-126.

6. Rosser J. B. and Schoenfeld L. Aproximate formulas for some functions of prime numbers // Illinois J. Math. 6 (1962), 64-94-

Summary

Grytczuk A. An effective algorithm to private-key in the RSA cryptosystem

Keywords: Sequences (modm),cryptograpphy,cryptosystem RSA. University of Zielona Gora, Poland Поступила 18-12-2012