Cryptography - Sage

Exercise 8.5 Use SAGE to find a large prime p and to compute inverse exponentiationpairs e and d. The following functions are of use:random prime, gcd, xgcd, and inverse mod.The RSA cryptosystem is based on the fact that for primes p and q and any integer e withno common factors with p − 1 and q − 1, it is possible to find an d 1 such thated 1 ≡ 1 mod (p − 1),ed 2 ≡ 1 mod (q − 1).Using the Chinese remainder theorem, it is possible to then find the unique d such thatd = d 1 mod (p − 1) and d = d 2 mod (q − 1)in the range 1 ≤ d < (p − 1)(q − 1). This d has the property thata ed ≡ a mod n.The send a message securely, the public key (e, n) is used. First we encoding the message asan integer a mod n, then form the ciphertext a e mod n. The recipient recovers the messageusing the secret exponent d.Solution. The function call random prime(2 100 ) returns a random prime of up to 100bits. Suppose that the primesp = 1172991670841347272989353064539,q = 300997517969507552061104346547,are found with this function, and set e = 5. We want to build the inverse exponent d suchthat ed ≡ 1 mod (p − 1) and ed ≡ 1 mod (q − 1). Note first that gcd(e, p − 1) = 1 andgcd(e, q − 1) = 1, so that such a d must exist. We first compute each of d mod (p − 1) andd mod (q − 1).sage: p = 1172991670841347272989353064539sage: q = 300997517969507552061104346547sage: e = 5sage: d1 = inverse_mod(e,p-1)sage: d1703795002504808363793611838723sage: d2 = inverse_mod(e,q-1)sage: d2240798014375606041648883477237The value of d can now be computed modulo the value lcm(p − 1, q − 1) — this is sufficientto determine the inverse, rather than the larger value of the product (p − 1)(q − 1).124 Appendix C. Solutions to Exercises