1

Sorry, I know there are several threads about RSA encryption and how to calculate $d$. But there is a thing I still don't understand. So you calculate $d$ by using the following expression (see here): $$ e \cdot d\equiv 1(mod\ \varphi(N)) $$ The the usual way to proove this (based on $e^{\varphi(N)}\equiv1 (mod\ N)$) is:

$$ m \equiv m^{k\cdot\varphi(N)+1} \equiv (m^{\varphi(N)})^k\cdot m \equiv 1^k\cdot m (mod\ N) $$

There are serveral things I don't understand:

  • The Euler theorem only applies, if $m$ and $\varphi(N)$ are coprime (which is not the case here)
  • $m^{\varphi(N)} (mod\ N)$ is defnitly not $1$
  • Nonetheless: For a defined $k$ the equation $m^{k\cdot \varphi(N)} \equiv 1 (mod\ N)$ seems to be correct. But why is that? And why can you just write $(m^{\varphi(N)})^k \equiv 1 (mod\ N)$, if $k$ can't be an arbitrary number?
j0hn
  • 13

1 Answers1

1

Assume $N=pq$ and with the Chinese Remainder Theorem we have:

$m^{ed}\equiv m \pmod N \quad \Longleftrightarrow \quad m^{ed} \equiv m \pmod p \quad \text{and} \quad m^{ed}\equiv m \pmod q$

If $\gcd(m,N)\ne 1$ then $\gcd(m,N)=p\;$ or $\;\gcd(m,N)=q$.

WLOG assume $\gcd(m,N)=p,\;$ i.e. $m \equiv 0 \pmod p,\;$ then $\gcd(m,q)=1$ and with Fermat $m^{q-1}\equiv 1 \pmod q.$ Finally

$$m^{ed} \equiv m^{(p-1)(q-1)k +1} \equiv m^{(p-1)(q-1)k}m \equiv 1^{(p-1)k}m \equiv m \pmod q $$

gammatester
  • 19,147