Digital Media Concepts/RSA (cryptosystem)

Because the encrypted data ${\displaystyle c}$  is calculated as:

${\displaystyle c=m^{e}{\bmod {n}}}$ 

When decrypting the encrypted data ${\displaystyle c}$ , the result is:

${\displaystyle r=c^{d}{\bmod {n}}=(m^{e}{\bmod {n}})^{d}{\bmod {n}}=m^{e\cdot d}{\bmod {n}}}$ 

If ${\displaystyle m^{e\cdot d}{\bmod {n}}}$  equals to the original unencrypted data ${\displaystyle m}$ , then this algorithm is correct.

To prove ${\displaystyle m^{e\cdot d}{\bmod {n}}=m}$ , Chinese remainder theorem is needed.

It says when ${\displaystyle a}$  and ${\displaystyle b}$  are coprime (${\displaystyle gcd(a,b)=1}$ ), if both of these statements are true:

${\displaystyle x\equiv y{\pmod {a}}}$ 

${\displaystyle x\equiv y{\pmod {b}}}$ 

Then this is also true:

${\displaystyle x\equiv y{\pmod {a\cdot b}}}$ 

As ${\displaystyle p}$  and ${\displaystyle q}$  are both prime numbers, they are obviously coprime. So if both of these statements could be proved to be true:

${\displaystyle m^{e\cdot d}\equiv m{\pmod {p}}}$ 

${\displaystyle m^{e\cdot d}\equiv m{\pmod {q}}}$ 

Then this is also true:

${\displaystyle m^{e\cdot d}\equiv m{\pmod {n}}}$ 

Then the correctness of RSA algorithm could be proved:

${\displaystyle r=m^{e\cdot d}{\bmod {n}}=m{\bmod {n}}=m}$ 

Because ${\displaystyle p}$  and ${\displaystyle q}$  are identical, only one of ${\displaystyle m^{e\cdot d}\equiv m{\pmod {p}}}$  and ${\displaystyle m^{e\cdot d}\equiv m{\pmod {q}}}$  need to be proved. The same works with the other one.

Prove the correctness of ${\displaystyle m^{e\cdot d}\equiv m{\pmod {p}}}$ :

To accomplish this, Fermat's little theorem is necessary.

It says, if ${\displaystyle y}$  is a prime, and ${\displaystyle x}$  is not a multiple of ${\displaystyle y}$  (${\displaystyle y\nmid x}$ ), then this statement is true:

${\displaystyle x^{y-1}\equiv 1{\pmod {y}}}$ 

As the relationship between ${\displaystyle m}$  and ${\displaystyle p}$  is unknown, the problem need to be divided into two cases.

Case 1: ${\displaystyle m}$  and ${\displaystyle p}$  are not coprime, which means ${\displaystyle m}$  is a multiple of ${\displaystyle p}$  (${\displaystyle p\mid m}$ ). Obviously,

${\displaystyle m^{e\cdot d}\equiv 0\equiv m{\pmod {p}}}$ 

Case 2: ${\displaystyle m}$  and ${\displaystyle p}$  are coprime. In this case, Fermat's little theorem could be used. So ${\displaystyle m^{p-1}\equiv 1{\pmod {p}}}$ 

Because:

${\displaystyle e\cdot d\equiv 1{\pmod {\phi }}}$ 

As ${\displaystyle \phi }$  is a multiple of both ${\displaystyle p-1}$  and ${\displaystyle q-1}$ , both of these statements are true:

${\displaystyle e\cdot d\equiv 1{\pmod {p-1}}}$ 

${\displaystyle e\cdot d\equiv 1{\pmod {q-1}}}$ 

So ${\displaystyle e\cdot d}$  can be expressed as:

${\displaystyle e\cdot d=1+k\cdot (p-1)}$ 

Therefore:

${\displaystyle m^{e\cdot d}\equiv m^{1+k\cdot (p-1)}\equiv m\cdot (m^{p-1})^{k}\equiv m\cdot 1^{k}\equiv m{\pmod {p}}}$ 

Q.E.D.