-1

I've looked in many places including here and can't get quite the answer... So I thought I'd post a question.

I can't grasp how $d$ is calculated. Obviously the problem is that knowing $e$ and $n$ should not allow determination of $d$ as this would render the whole thing useless.

So I'm assuming there is some efficient method that relies on knowing $p$ and $q$ to derive $d$. Or something similar.

I have followed the extended Euclidian algorithm for doing the calculation but still, it doesn't make reference to any secret values as an efficient method. Unless I've missed something.

Would appreciate some help on this.

yyyyyyy
  • 11,835
  • 4
  • 45
  • 66
r.l.
  • 1
  • 1
  • 2
    I am not sure if you use the Euclidean algorithm to do the right thing: You are supposed to run it on the inputs $e$ and $\varphi(n)=(p-1)(q-1)$ in order to compute an inverse of $e$ modulo $\varphi(n)$. The value $\varphi(n)$ cannot (efficiently, as far as we know) be computed from $n$ alone and must be kept secret. – yyyyyyy Jul 10 '16 at 10:34
  • Related: [Calculating RSA private exponent when given public exponent and the modulus factors using extended euclid](http://crypto.stackexchange.com/questions/5889/calculating-rsa-private-exponent-when-given-public-exponent-and-the-modulus-fact?rq=1) (Not sure… is this a duplicate?) – e-sushi Jul 10 '16 at 11:56
  • The question has no context. It can be computed as suggested in the answer, and in the linked answer in the above comment, by the authorised entity who knows $p,q.$ This makes the question a duplicate. An attacker can't compute $d$ from $e$ unless some weakness exists. – kodlu Jul 10 '16 at 20:49

1 Answers1

3

Since $e$ and $(p-1)(q-1)$ are relatively prime, the extended Euclidean algorithm gives you integers $u$ and $v$ such that $$ eu + (p-1)(q-1)v = 1, $$ from which it is easy to deduce an integer $d$ such that $ed \equiv 1 \pmod{(p-1)(q-1)}$.

fkraiem
  • 7,982
  • 2
  • 24
  • 36
  • Just to be precise, $eu+(p−1)(q−1)v=1$ is the [Bezout Identity](https://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity). – Biv Jul 10 '16 at 18:24