-6

I better clarify my question. If the problem of RSA is finding the inverse of $e^{-1} = e$ in:

$a^e \mod N$

Why don't we just do:

$ae \mod N$

for encryption, and

$ae^{-1} \mod N$

for decryption?
Since I'm quite sure that the answer is: "because the former formula is attackable", it would be really helpful at least a resource to understand such attack.

Edit: I'm going to answer my own question, thanks to everyone has answered, I apologize if I was a little bit rude in the comments, but you probably didn't get my question either (even if some answers were part of mine below).

My assumption was that multiplicative modular inverses $\mod N$ were the same as the ones $\mod \phi(N)$ but it's clearly wrong. My assumption was to multiply by $e^{-1} \mod \phi(N)$, but the problem is that since the inverses of a number $\mod N$ and $\mod \phi(N)$ are different, this multiplication wouldn't 'produce' $a$. i.e.

$ae^{-1}e \mod N \neq a$

if

$e$ and $e^{-1}$ are inverses $\mod \phi(N)$ and not $\mod N$

Also, if we proceed taking $e, e^{-1} \mod N$, as someone has already replied, would restrict the security of RSA to compute the EEA (Extendend Euclid Algorithm) which is way faster to compute compared to the factorization, hence breaking the security of the protocol.

zhyn
  • 5
  • 2
  • On cryptography SE: https://crypto.stackexchange.com/questions/34938 – Sil Nov 24 '24 at 17:58
  • You might find these algorithms interesting. – J.G. Nov 24 '24 at 18:03
  • @Sil that link don't solve the problem since the answer is the same as the one here below. They say that it's easy to compute the inverse while it's not. – zhyn Nov 24 '24 at 18:15
  • @J.G. you linked the Diffie-Hellman wiki page, definitely not helpful I'm sorry – zhyn Nov 24 '24 at 18:17
  • I didn't say it was helpful, I said it might be interesting. Once you understand why RSA uses exponentiation rather than multiplication, you will know how to answer the analogous DH question. – J.G. Nov 24 '24 at 18:18
  • @J.G. that is the question I wrote up here. If you assume you know the answer why don't you just write it here? – zhyn Nov 24 '24 at 18:20
  • When I wrote my original comment, I didn't know you'd called to understand how the original answer addresses your question. Perhaps the most recent answer will help you more. – J.G. Nov 24 '24 at 18:23
  • See the linked dupes for how and why RSA works, i.e. the (encryption) power map $a\mapsto a^e\bmod N,$ is a trapdoor function, i.e. modular $e$'th powers can be computed quickly, but decrypting = inverting = taking $e$'th roots is hard. But an $e$-scaling map $,a\mapsto e\cdot a\bmod N,$ is easy to invert: the inverse map is $,a\mapsto e^{-1}a\bmod N,$ where $e^{-1}\bmod N$ can be quickly computed, e.g. by ext. euclidean algorithm. $\ \ $ – Bill Dubuque Nov 24 '24 at 19:48

2 Answers2

6

Finding the modular inverse is easy, using the Extended Euclidean algorithm. That is, you solve $ax + N y = 1$, where $a$ and $N$ are coprime, and then $a^{-1} \equiv x \mod N$.

Robert Israel
  • 470,583
  • You literally wrote that breaking RSA is easy. – zhyn Nov 24 '24 at 17:59
  • 2
    @zhyn: No, the modular inverse (easy) is not the same as the inverse logarithm (hard). – TonyK Nov 24 '24 at 18:26
  • @TonyK if we manage to find the inverse of $d$, aka $d^{-1} = e$ we can decrypt messages, what's wrong with you guys ahah. – zhyn Nov 24 '24 at 18:30
  • 1
    @zhyn you know the modulus $pq$. The "inverse of $e$" that you need is modulo $\phi(pq)$, which is hard to find if you don't know the factors $p$ and $q$. – Arturo Magidin Nov 24 '24 at 18:31
  • @zhyn I'm sure you have it all fully understood and a bunch of 5-figure rep mathematics here are the ones who are confused... – 2'5 9'2 Nov 24 '24 at 18:36
  • @2'59'2 give a complete answer – zhyn Nov 24 '24 at 18:44
  • 2
    @zhyn I'm afraid your question can't be directly answered. It starts out "If the problem of RSA is X .." and that's just not the problem of RSA. Your question opens with a false premise so it's impossible to answer directly. I tried in my answer to help you see this. Good luck, and you'll understand it at some point. Maybe take a break from it for a bit. – 2'5 9'2 Nov 24 '24 at 18:50
6

You have a misunderstanding of RSA. In this subject there is arithmetic mod $N$, and to do that you need an inverse mod $\varphi(N)$. Finding that inverse is easy as in @RobertIsrael's answer. But finding what $\varphi(N)$ is without knowing the factorization of $N$ is the hard part.

2'5 9'2
  • 56,991