Digital Media Concepts/RSA (cryptosystem)

Because the encrypted data ${\displaystyle c}$ is calculated as:

${\displaystyle c=m^{e}{\bmod {n}}}$

When decrypting the encrypted data ${\displaystyle c}$, the result is:

${\displaystyle r=c^{d}{\bmod {n}}=(m^{e}{\bmod {n}})^{d}{\bmod {n}}=m^{e\cdot d}{\bmod {n}}}$

If ${\displaystyle m^{e\cdot d}{\bmod {n}}}$ equals to the original unencrypted data ${\displaystyle m}$, then this algorithm is correct.

To prove ${\displaystyle m^{e\cdot d}{\bmod {n}}=m}$, Chinese remainder theorem is needed.

It says when ${\displaystyle a}$ and ${\displaystyle b}$ are coprime (${\displaystyle gcd(a,b)=1}$), if both of these statements are true:

${\displaystyle x\equiv y{\pmod {a}}}$

${\displaystyle x\equiv y{\pmod {b}}}$

Then this is also true:

${\displaystyle x\equiv y{\pmod {a\cdot b}}}$

As ${\displaystyle p}$ and ${\displaystyle q}$ are both prime numbers, they are obviously coprime. So if both of these statements could be proved to be true:

${\displaystyle m^{e\cdot d}\equiv m{\pmod {p}}}$

${\displaystyle m^{e\cdot d}\equiv m{\pmod {q}}}$

Then this is also true:

${\displaystyle m^{e\cdot d}\equiv m{\pmod {n}}}$

Then the correctness of RSA algorithm could be proved:

${\displaystyle r=m^{e\cdot d}{\bmod {n}}=m{\bmod {n}}=m}$

Because ${\displaystyle p}$ and ${\displaystyle q}$ are identical, only one of ${\displaystyle m^{e\cdot d}\equiv m{\pmod {p}}}$ and ${\displaystyle m^{e\cdot d}\equiv m{\pmod {q}}}$ need to be proved. The same works with the other one.

Prove the correctness of ${\displaystyle m^{e\cdot d}\equiv m{\pmod {p}}}$:

To accomplish this, Fermat's little theorem is necessary.

It says, if ${\displaystyle y}$ is a prime, and ${\displaystyle x}$ is not a multiple of ${\displaystyle y}$ (${\displaystyle y\nmid x}$), then this statement is true:

${\displaystyle x^{y-1}\equiv 1{\pmod {y}}}$

As the relationship between ${\displaystyle m}$ and ${\displaystyle p}$ is unknown, the problem need to be divided into two cases.

Case 1: ${\displaystyle m}$ and ${\displaystyle p}$ are not coprime, which means ${\displaystyle m}$ is a multiple of ${\displaystyle p}$ (${\displaystyle p\mid m}$). Obviously,

${\displaystyle m^{e\cdot d}\equiv 0\equiv m{\pmod {p}}}$

Case 2: ${\displaystyle m}$ and ${\displaystyle p}$ are coprime. In this case, Fermat's little theorem could be used. So ${\displaystyle m^{p-1}\equiv 1{\pmod {p}}}$

Because:

${\displaystyle e\cdot d\equiv 1{\pmod {\phi }}}$

As ${\displaystyle \phi }$ is a multiple of both ${\displaystyle p-1}$ and ${\displaystyle q-1}$, both of these statements are true:

${\displaystyle e\cdot d\equiv 1{\pmod {p-1}}}$

${\displaystyle e\cdot d\equiv 1{\pmod {q-1}}}$

So ${\displaystyle e\cdot d}$ can be expressed as:

${\displaystyle e\cdot d=1+k\cdot (p-1)}$

Therefore:

${\displaystyle m^{e\cdot d}\equiv m^{1+k\cdot (p-1)}\equiv m\cdot (m^{p-1})^{k}\equiv m\cdot 1^{k}\equiv m{\pmod {p}}}$

Q.E.D.