Table of costs of operations in elliptic curves

From formulasearchengine
Revision as of 11:13, 29 December 2013 by en>Bender235
Jump to navigation Jump to search

Template:Multiple issues

Intuitive Proof

The algorithm is based on a Fermat's little theorem

a(p1)1(modp)

p prime, a & p coprime.

So, if we choose d such that

ed1(modp1)

i.e.

ed1=k(p1)

Then for a message m

medmedm(ed1)m1mk(p1)m1kmm(modp)

So a message that is encrypted by raising m to e can be decrypted by raising the result to d.

In order to provide security, RSA actually calculates

n=pq

(p, q prime) and then d such that

ed1(mod(p1)(q1))

so

ed1=k(p1)(q1)

We can then continue to calculate

medmedm(ed1)mmk(p1)(q1)m1k(q1)mm(modp)

And likewise for q

medmedm(ed1)mmk(p1)(q1)m1k(p1)mm(modq)

Now if ab(modp) and ab(modq) then ab(modpq), p, q coprime.

so

medm(modpq)

An attacker would need to factor n into p and q in order to determine d, and this is a hard problem.

Note that while an attacker could easily calculate f as

ef1(modn1)

that

mefmk(n1)mm(modn)

because n is not prime.