RSA 作爲世界上使用最爲流行的公鑰密碼算法,被廣泛應用在數據加密和數字簽名上。
爲了提高加密和簽名驗證的效率,一般會將RSA的加密指數(一般是公鑰位數)設置的較小,一般爲 65537 ,而解密或簽名效率卻不能夠簡單的通過減小私鑰的長度來實現,因爲過短的私鑰將直接導致安全問題。
於是乎,基於中國剩餘定理(Chinese Remainder Theorem,簡稱 CRT)的 RSA 加速方案被提出。以RSA加解密爲例,本文將首先講解 RSA 基本原理,再介紹中國剩餘理論和費馬小定理,最後介紹 RSA-CRT算法。
RSA算法
RSA 包括密鑰生成算法、加密算法和簽名算法。
密鑰生成
加解密
簽名與驗籤
CRT
Garner's formulax
(x1, x2)
(參考:H. Garner. The Residue Number System. IRE Transactions on Electronic Computers, EC-8 (6), pp. 140 – 147, June 1959.),對於\(x_1 = x(mod p)\)和\(x_2=x(mod q)\):\(x=x_2 + h.q\)
\(h=(x_1-x_2)(q^{-1}mod p) mod p\)
歐拉定理和費馬小定理
RSA-CRT
- \(d = d(mod p-1)+k(p-1)\),這個如何實現?
- 求出\(m_q\)和\(m_p\)後,就可以基於CRT求出\(m\)。
舉例
## RSA加解密
p = 137, q = 131, n = 137.131 = 17947, e = 3, d = 11787.
私鑰(n,d),公鑰(n,e)
m = 513
加密:c = 5133 mod n = 8363
解密:m'=c^d mod n = 513
## RSA-CRT加解密
dP = d mod (p-1) = 11787 mod 136 = 91
dQ = d mod (q-1) = 11787 mod 130 = 87
qInv = q^{-1} mod p = 131-1 mod 137 = 114
m1 = cdP mod p = 836391 mod 137 = 102
m2 = cdQ mod q = 836387 mod 131 = 120
h = qInv.(m1 - m2) mod p = 114.(102-120+137) mod 137 = 3
m = m2 + h.q = 120 + 3.131 = 513.
程序
import time
def chinese_remainder_theorem(c, d, p, q):
dp = d % (p - 1)
dq = d % (q - 1)
q_inv = modinv(q, p) # calculates the inverse
m1 = pow(c % p, dp, p)
m2 = pow(c % q, dq, q)
h = q_inv * (m1 - m2) % p
m = m2 + h * q
return m
def modinv(e, phi): # function used to calculate modular inverse
d = 0
x1 = 0
x2 = 1
y1 = 1
temp_phi = phi
while e > 0: # extended euclidean algorithm
temp1 = temp_phi // e
temp2 = temp_phi - temp1 * e
temp_phi = e
e = temp2
x = x2 - temp1 * x1
y = d - temp1 * y1
x2 = x1
x1 = x
d = y1
y1 = y
if temp_phi == 1:
return d + phi
def gcd(a, h): # function used to calculate the GCD
temp = 0
while (1):
temp = a % h
if (temp == 0):
return h
a = h
h = temp
start_time = time.time()
# p and q are 1024 bit primes. Tested using Miller Rabbin algorithm from Question 2
p = 137
q = 131
n = p*q
e = 3
phi = (p-1)*(q-1)
d = modinv(e, phi)
msg = 513
print("Message data = ", msg)
c = pow(msg, e, n) # encryption c = (msg ^ e) % n
print("Encrypted data = ", c)
# decryption using chinese remainder theorem
decrypted_msg = chinese_remainder_theorem(c, d, p, q)
print("Original Message Sent = ", decrypted_msg)
end_time = time.time()
elapsed_time = end_time - start_time
print("Time taken for RSA with CRT: {:.6f} seconds".format(elapsed_time))