Ticket #8469: trac_8469-review-rebased.patch

File trac_8469-review-rebased.patch, 3.8 KB (added by mvngu, 11 years ago)
  • doc/en/thematic_tutorials/numtheory_rsa.rst

    # HG changeset patch
    # User Pablo Angulo <pablo.angulo@uam.es>
    # Date 1273678442 -7200
    # Node ID db5b2c71951f485dd64489a167d0297921bbf258
    # Parent  2f09678738ba26f8c142aac81d86ba02a907f9c2
    #8469: a missing space caused wrong latex output; compute \varphi(n) the fast way; minor formatting issues
    
    diff --git a/doc/en/thematic_tutorials/numtheory_rsa.rst b/doc/en/thematic_tutorials/numtheory_rsa.rst
    a b  
    6060    sage: gcd(18, 27)
    6161    9
    6262
    63 If `\gcd(a,b) = 1`, we say that `a`is *coprime* (or relatively
     63If `\gcd(a,b) = 1`, we say that `a` is *coprime* (or relatively
    6464prime) to `b`.  In particular, `\gcd(3, 59) = 1` so 3 is coprime to 59
    6565and vice versa.
    6666
     
    242242   `de \equiv 1 \pmod{\varphi(n)}`.
    243243#. Our public key is the pair `(n, e)` and our private key is the
    244244   triple `(p,q,d)`.
    245 #. For any non-zero integer `m < n`, encrypt $m$ using
     245#. For any non-zero integer `m < n`, encrypt `m` using
    246246   `c \equiv m^e \pmod{n}`.
    247247#. Decrypt `c` using `m \equiv c^d \pmod{n}`.
    248248
     
    293293integers can be accessed via the ``ZZ.*`` family of functions.
    294294For instance, the command ``ZZ.random_element(n)`` returns a
    295295pseudo-random integer uniformly distributed within the closed interval
    296 `[0, n-1]`.  Using a simple programming loop, we can compute the
     296`[0, n-1]`. 
     297
     298We can compute the value `\varphi(n)` by calling the sage function
     299``euler_phi(n)``, but for arbitrarily large prime numbers `p` and `q`,
     300this can take an enormous amount of time. Indeed, the private key
     301can be quickly deduced from the public key once you know `\varphi(n)`,
     302so it is an important part of the security of the RSA cryptosystem that
     303`\varphi(n)` cannot be computed in a short time, if only `n` is known.
     304On the other hand, if the private key is available, we can compute
     305`\varphi(n)=(p-1)(q-1)` in a very short time.
     306
     307Using a simple programming loop, we can compute the
    297308required value of `e` as follows::
    298309
    299     sage: n = 4951760154835678088235319297
    300     sage: e = ZZ.random_element(euler_phi(n))
    301     sage: while gcd(e, euler_phi(n)) != 1:
    302     ...       e = ZZ.random_element(euler_phi(n))
     310    sage: p = (2^31) - 1
     311    sage: q = (2^61) - 1
     312    sage: n = p * q
     313    sage: phi = (p - 1)*(q - 1); phi
     314    4951760152529835076874141700
     315    sage: e = ZZ.random_element(phi)
     316    sage: while gcd(e, phi) != 1:
     317    ...       e = ZZ.random_element(phi)
    303318    ...
    304319    sage: e  # random
    305320    1850567623300615966303954877
     
    307322    True
    308323
    309324As ``e`` is a pseudo-random integer, its numeric value changes
    310 after each execution of ``e = ZZ.random_element(euler_phi(n))``.
     325after each execution of ``e = ZZ.random_element(phi)``.
    311326
    312327To calculate a value for ``d`` in step 3 of the RSA algorithm, we use
    313328the extended Euclidean algorithm.  By definition of congruence,
     
    324339``xgcd(x, y)`` returns a 3-tuple ``(g, s, t)`` that satisfies
    325340the Bézout identity `g = \gcd(x,y) = sx + ty`.  Having computed a
    326341value for ``d``, we then use the command
    327 ``mod(d*e, euler_phi(n))`` to check that ``d*e`` is indeed congruent
    328 to 1 modulo ``euler_phi(n)``. ::
     342``mod(d*e, phi)`` to check that ``d*e`` is indeed congruent
     343to 1 modulo ``phi``. ::
    329344
    330345    sage: n = 4951760154835678088235319297
    331346    sage: e = 1850567623300615966303954877
    332     sage: bezout = xgcd(e, euler_phi(n)); bezout  # random
     347    sage: phi = 4951760152529835076874141700
     348    sage: bezout = xgcd(e, phi); bezout  # random
    333349    (1, 4460824882019967172592779313, -1667095708515377925087033035)
    334     sage: d = Integer(mod(bezout[1], euler_phi(n))) ; d  # random
     350    sage: d = Integer(mod(bezout[1], phi)) ; d  # random
    335351    4460824882019967172592779313
    336     sage: mod(d * e, euler_phi(n))
     352    sage: mod(d * e, phi)
    337353    1
    338354
    339355Thus, our RSA public key is