Ticket #8469: trac_8469_review.patch

File trac_8469_review.patch, 5.2 KB (added by pang, 12 years ago)
  • doc/en/thematic_tutorials/numtheory_rsa.rst

    # HG changeset patch
    # User Pablo Angulo <pablo.angulo@uam.es>
    # Date 1273678442 -7200
    # Node ID b639d66d76a17d6243f4eb15b6f4ab9c5c61d45e
    # Parent  99f0df7569754752699e31acdb88a417c02218ef
    #8469 a missing space caused wrong latex output
    
    diff -r 99f0df756975 -r b639d66d76a1 doc/en/thematic_tutorials/numtheory_rsa.rst
    a b  
    6060    sage: gcd(18, 27)
    6161    9
    6262
    63 If `\gcd(a,b) = 1`, we say that `a`is *coprime* (or relatively
     63If `\gcd(a,b) = 1`, we say that `a` is *coprime* (or relatively
    6464prime) to `b`.  In particular, `\gcd(3, 59) = 1` so 3 is coprime to 59
    6565and vice versa.
    6666
  • doc/en/thematic_tutorials/numtheory_rsa.rst

    # HG changeset patch
    # User Pablo Angulo <pablo.angulo@uam.es>
    # Date 1273961755 -7200
    # Node ID 4dd3de6fc48e7dafce6986ac2c093d1950785a7c
    # Parent  b639d66d76a17d6243f4eb15b6f4ab9c5c61d45e
    #8469 Compute \varphi(n) the fast way
    
    diff -r b639d66d76a1 -r 4dd3de6fc48e doc/en/thematic_tutorials/numtheory_rsa.rst
    a b  
    293293integers can be accessed via the ``ZZ.*`` family of functions.
    294294For instance, the command ``ZZ.random_element(n)`` returns a
    295295pseudo-random integer uniformly distributed within the closed interval
    296 `[0, n-1]`.  Using a simple programming loop, we can compute the
     296`[0, n-1]`. 
     297
     298We can compute the value `\varphi(n)` calling the sage function
     299``euler_phi(n)``, but for arbitrary large prime numbers `p` and `q`,
     300this can take an enormous amount of time. Indeed, the private key
     301can be quickly deducedfrom the public key once you know `\varphi(n)`,
     302so it is an important part of the security of the RSA cryptosystem that
     303`\varphi(n)` should take a long time to compute, if only `n` is known.
     304On the other hand, if the private key is available, we can compute
     305`\varphi(n)=(p-1)(q-1)` in a very short time.
     306
     307Using a simple programming loop, we can compute the
    297308required value of `e` as follows::
    298309
    299310    sage: n = 4951760154835678088235319297
    300     sage: e = ZZ.random_element(euler_phi(n))
    301     sage: while gcd(e, euler_phi(n)) != 1:
    302     ...       e = ZZ.random_element(euler_phi(n))
     311    sage: phi = (p - 1)*(q - 1)
     312    sage: e = ZZ.random_element(phi)
     313    sage: while gcd(e, phi) != 1:
     314    ...       e = ZZ.random_element(phi)
    303315    ...
    304316    sage: e  # random
    305317    1850567623300615966303954877
     
    307319    True
    308320
    309321As ``e`` is a pseudo-random integer, its numeric value changes
    310 after each execution of ``e = ZZ.random_element(euler_phi(n))``.
     322after each execution of ``e = ZZ.random_element(phi)``.
    311323
    312324To calculate a value for ``d`` in step 3 of the RSA algorithm, we use
    313325the extended Euclidean algorithm.  By definition of congruence,
     
    324336``xgcd(x, y)`` returns a 3-tuple ``(g, s, t)`` that satisfies
    325337the Bézout identity `g = \gcd(x,y) = sx + ty`.  Having computed a
    326338value for ``d``, we then use the command
    327 ``mod(d*e, euler_phi(n))`` to check that ``d*e`` is indeed congruent
    328 to 1 modulo ``euler_phi(n)``. ::
     339``mod(d*e, phi)`` to check that ``d*e`` is indeed congruent
     340to 1 modulo ``phi``. ::
    329341
    330342    sage: n = 4951760154835678088235319297
    331343    sage: e = 1850567623300615966303954877
    332     sage: bezout = xgcd(e, euler_phi(n)); bezout  # random
     344    sage: bezout = xgcd(e, phi); bezout  # random
    333345    (1, 4460824882019967172592779313, -1667095708515377925087033035)
    334     sage: d = Integer(mod(bezout[1], euler_phi(n))) ; d  # random
     346    sage: d = Integer(mod(bezout[1], phi)) ; d  # random
    335347    4460824882019967172592779313
    336     sage: mod(d * e, euler_phi(n))
     348    sage: mod(d * e, phi)
    337349    1
    338350
    339351Thus, our RSA public key is
  • doc/en/thematic_tutorials/numtheory_rsa.rst

    # HG changeset patch
    # User Pablo Angulo <pablo.angulo@uam.es>
    # Date 1273963106 -7200
    # Node ID 47cdaa070b2bb6851af86c5914ff7b1f0175a0ef
    # Parent  4dd3de6fc48e7dafce6986ac2c093d1950785a7c
    #8469 minor formatting issues
    
    diff -r 4dd3de6fc48e -r 47cdaa070b2b doc/en/thematic_tutorials/numtheory_rsa.rst
    a b  
    242242   `de \equiv 1 \pmod{\varphi(n)}`.
    243243#. Our public key is the pair `(n, e)` and our private key is the
    244244   triple `(p,q,d)`.
    245 #. For any non-zero integer `m < n`, encrypt $m$ using
     245#. For any non-zero integer `m < n`, encrypt `m` using
    246246   `c \equiv m^e \pmod{n}`.
    247247#. Decrypt `c` using `m \equiv c^d \pmod{n}`.
    248248
     
    298298We can compute the value `\varphi(n)` calling the sage function
    299299``euler_phi(n)``, but for arbitrary large prime numbers `p` and `q`,
    300300this can take an enormous amount of time. Indeed, the private key
    301 can be quickly deducedfrom the public key once you know `\varphi(n)`,
     301can be quickly deduced from the public key once you know `\varphi(n)`,
    302302so it is an important part of the security of the RSA cryptosystem that
    303 `\varphi(n)` should take a long time to compute, if only `n` is known.
     303`\varphi(n)` cannot be computed in a short time, if only `n` is known.
    304304On the other hand, if the private key is available, we can compute
    305305`\varphi(n)=(p-1)(q-1)` in a very short time.
    306306