Abstract
When the public key e and the composite number n=pq are disclosed but not the private key d in an asymmetric-key RSA, message decryption is carried out by obtaining ${\phi}(n)=(p-1)(q-1)=n+1-(p+q)$ and subsequently computing $d=e^{-1}(mod{\phi}(n))$. The most commonly used decryption algorithm is integer factorization of n/p=q or $a^2{\equiv}b^2$(mod n), a=(p+q)/2, b=(q-p)/2. But many of the RSA numbers remain unfactorable. This paper therefore applies baby-step giant-step discrete logarithm and $2^k$-ary modular exponentiation to directly obtain ${\phi}(n)$. The proposed algorithm performs a reverse baby-step and $2^k$-ary adult-step. As a results, it reduces the execution time of basic adult-step to $1/2^k$ times and the memory $m={\lceil}\sqrt{n}{\rceil}$ to l, $a^l$ > n, hence obtaining ${\phi}(n)$ by executing within l times.
λΉλμΉν€ RSAμ 곡κ°ν€ eμ ν©μ±μ n=pqμ μκ³ μκ³ κ°μΈν€ dλ₯Ό λͺ¨λ₯Ό λ, ${\phi}(n)=(p-1)(q-1)=n+1-(p+q)$μ ꡬνμ¬ $d=e^{-1}(mod{\phi}(n))$μΌλ‘ κ°μΈν€ dλ₯Ό ν΄λ
νλ€. μνΈν΄λ
μ μΌλ°μ μΌλ‘ n/p=q λλ $a^2{\equiv}b^2$(mod n), a=(p+q)/2,b=(q-p)/2λ₯Ό ꡬνλ μμΈμ λΆν΄λ²μ΄ λ리 μ μ©λκ³ μλ€. κ·Έλ¬λ μμ§κΉμ§λ λ§μ RSA μλ€μ΄ ν΄λ
λμ§ μκ³ μλ€. λ³Έ λ
Όλ¬Έμ ${\phi}(n)$μ μ§μ ꡬνλ μκ³ λ¦¬μ¦μ μ μνμλ€. μ μλ μκ³ λ¦¬μ¦μ μ΄μ°λμμ μκΈ°κ±Έμ-κ±°μΈκ±Έμλ²κ³Ό λͺ¨λλ¬ μ§μμ°μ°μ $2^k$-aryλ²μ μ μ©νμλ€. μ΄ μκ³ λ¦¬μ¦μ μ-μκΈ°κ±Έμκ³Ό $2^k$-ary μ±μΈκ±Έμλ²μ μ μ©νμ¬ κΈ°λ³Έμ μΈ μ±μΈκ±Έμλ² μννμλ₯Ό $1/2^k$λ‘ μ€μ΄κ³ , $m={\lfloor}\sqrt{n}{\rfloor}$μ μ μ₯ λ©λͺ¨λ¦¬ μ©λλ l, $a^l$ > nλ‘ κ°μμμΌ ${\phi}(n)$μ lν μ΄λ΄λ‘ ꡬνμλ€.