POJ - 2447 RSA
RSA is the best-known public key encryption algorithm. In this algorithm each participant has a private key that is shared with no one else and a public key which is published so everyone knows it. To send a secure message to this participant, you encrypt the message using the widely known public key; the participant then decrypts the messages using his or her private key. Here is the procedure of RSA:
First, choose two different large prime numbers P and Q, and multiply them to get N (= P * Q).
Second, select a positive integer E (0 < E < N) as the encryption key such that E and T= (P - 1) * (Q - 1) are relatively prime.
Third, compute the decryption key D such that 0 <= D < T and (E * D) mod T = 1. Here D is a multiplicative inverse of E, modulo T.
Now the public key is constructed by the pair {E, N}, and the private key is {D, N}. P and Q can be discarded.
Encryption is defined by C = (M ^ E) mod N, and decryption is defined by M = (C ^ D) mod N, here M, which is a non-negative integer and smaller than N, is the plaintext message and C is the resulting ciphertext.
To illustrate this idea, let’s see the following example:
We choose P = 37, Q = 23, So N = P * Q = 851, and T = 792. If we choose E = 5, D will be 317 ((5 * 317) mod 792 = 1). So the public key is {5, 851}, and the private key is {317, 851}. For a given plaintext M = 7, we can get the ciphertext C = (7 ^ 5) mod 851 = 638.
As we have known,for properly choosen very large P and Q, it will take thousands of years to break a key, but for small ones, it is another matter.
Now you are given the ciphertext C and public key {E, N}, can you find the plaintext M?
Input
The input will contain several test cases. Each test case contains three positive integers C, E, N (0 < C < N, 0 < E < N, 0 < N < 2 ^ 62).
Output
Output the plaintext M in a single line.
Sample Input
638 5 851
Sample Output
7
题意:
破解RSA体系密码
分析:
终于碰到了,太激动了,之前看数论书的时候看到了这一章,专门讲解了RSA公钥密码体制,感觉很有意思,但是就是感觉对比赛没啥用,因为也从没做到过题目,这次终于碰到了,中间设计到很多数论知识的运用,加密的核心其实就是快速幂取模,反之,解密的核心当然就是求k次根了
因此这道题就是求模N的k次根,就可以破解密码
下面是求解过程(有些数论的知识点这里就不赘述了,以后会详细说明,如果不懂的可以搜一搜)
计算同余式xk≡b (mod m) x k ≡ b ( m o d m )
1.计算ϕ(m) ϕ ( m )
2.求满足ku−ϕ(m)v=1 k u − ϕ ( m ) v = 1 的正整数u与v(扩展欧几里得)
3.快速幂取模计算bu (mod m) b u ( m o d m ) 得到的结果就是我们要求的x x
题目给定了三个变量C,E,N
实际是给定了同余式
ME≡C (mod N)ME≡C (mod N)
因此我们要求M找上面的步骤求解即可
我们发现23步好说
对于第一步因为题目告诉了N是两个素数的乘积,什么用呢,当然是用来求欧拉函数ϕ ϕ
因为对于质数p,ϕ(p)=p−1 ϕ ( p ) = p − 1
而欧拉函数是积性函数所有
对于质数p,q
欧拉函数ϕ(pq)=(p−1)×(q−1) ϕ ( p q ) = ( p − 1 ) × ( q − 1 )
因此我们的目标就是分解质因子(很明显N只有两个质因子)
因为数N比较大所以我们只能利用PollarRho大整数的因数分解,同样中间也使用了Miller_Rabin大素数测试
因此我们便可以知道现在题目给定的仅仅是最大1018 10 18 左右的数,我们可以利用PollarRho大整数的因数分解以及Miller_Rabin大素数测试分解出质数,但是当我们选择两个足够大的两个素数乘积构成N的时候,什么方法都将失效,要想破解使用最先进的算法和技术都可能需要很多年,因此RSA密码体系是当前比较安全的体系,也是广为使用的加密系统,但是以后有了量子计算机情况就不一样了……
code:
#include <iostream>
#include <cstdio>
#include <cstring>
#include <stdlib.h>
#include <time.h>
using namespace std;
typedef long long ll;
const int S = 8;
ll mul_mod(ll a,ll b,ll c){
a %= c;
b %= c;
ll ret = 0;
ll tmp = a;
while(b){
if(b & 1){
ret += tmp;
if(ret > c) ret -= c;
}
tmp <<= 1;
if(tmp > c) tmp -= c;
b >>= 1;
}
return ret;
}
ll q_pow(ll a,ll b,ll mod){
ll ret = 1;
ll tmp = a % mod;
while(b){
if(b & 1) ret = mul_mod(ret,tmp,mod);
tmp = mul_mod(tmp,tmp,mod);
b >>= 1;
}
return ret;
}
bool check(ll a,ll n,ll x,ll t){
ll ret = q_pow(a,x,n);
ll last = ret;
for(int i = 1; i <= t; i++){
ret = mul_mod(ret,ret,n);
if(ret == 1 && last != 1 && last != n - 1) return true;
last = ret;
}
if(ret != 1) return true;
return false;
}
bool Miller_Rabin(ll n){
if(n < 2) return false;
if(n == 2) return true;
if((n & 1) == 0) return false;
ll x = n - 1;
ll t = 0;
while((x & 1) == 0){
x >>= 1;
t++;
}
for(int i = 0; i < S; i++){
ll a = rand() % (n - 1) + 1;
if(check(a,n,x,t))
return false;
}
return true;
}
ll factor[100];
int tot;
ll gcd(ll a,ll b){
ll t;
while(b){
t = a;
a = b;
b = t % b;
}
if(a >= 0) return a;
else return -a;
}
ll pollard_rho(ll x,ll c){
ll i = 1, k = 2;
ll x0 = rand() % (x - 1) + 1;
ll y = x0;
while(1){
i++;
x0 = (mul_mod(x0,x0,x) + c) % x;
ll d = gcd(y-x0,x);
if(d != 1 && d != x) return d;
if(y == x0) return x;
if(i == k){
y = x0;
k += k;
}
}
}
void findfac(ll n,int k){
if(n == 1) return;
if(Miller_Rabin(n)){
factor[tot++] = n;
return;
}
ll p = n;
int c = k;
while(p >= n){
p = pollard_rho(p,c--);
}
findfac(p,k);
findfac(n/p,k);
}
ll ex_gcd(ll a,ll b,ll &x,ll &y){
if(!b){
x = 1;
y = 0;
return a;
}
ll d = ex_gcd(b,a%b,y,x);
y -= a / b * x;
return d;
}
ll getinv(ll a,ll b){
ll x,y;
ll g = ex_gcd(a,b,x,y);
x = (x % b + b) % b;
return x;
}
int main(){
ll C,E,N;
while(~scanf("%lld%lld%lld",&C,&E,&N)){
tot = 0;
findfac(N,107);
ll phiN = (factor[0] - 1) * (factor[1] - 1);
ll u = getinv(E,phiN);
ll ans = q_pow(C,u,N);
printf("%lld\n",ans);
}
return 0;
}