Is this proof of RSA's correctness sufficient?

Question

In a lecture at my university, the following proof of correctness of RSA is given (the lecture is not mainly on cryptography or even computer science):

$m^{ed} \equiv m^{ee^{-1}} \equiv m^{1} \equiv m \ \textrm{mod} \ N$

The given reasoning is: $d$ is chosen as the multiplicative inverse of $e$ in the modulo ring $\mathbb{Z}_{\phi(N)}$, therefore this holds.

Surely, this cannot be a proof, considering that $e$ is only an inverse of $d$ in the modulo ring $\mathbb{Z}_{\phi(N)}$ and not in the integers or even $\mathbb{Z}_N$, right?

Am I mistaken or is this proof insufficient? The given proofs on wikipedia and other lectures are significantly longer and involve either Fermat's, Euler's or the Chinese Remainder Theorem.

kodlu · Accepted Answer · 2023-07-29T05:04:05.037

3

You're right it is not sufficient, see this question and answer here for a considerably more complicated argument.

In practice $m$ for typical parameters with very large primes $m$ lies in the multiplicative group with overwhelming probability so the issue does not come up. But this is irrelevant to the correctness of the argument.

edited Jul 29 '23 at 05:04

answered Jul 28 '23 at 23:20

kodlu

25,146
2
30
63

Is this proof of RSA's correctness sufficient?

1 Answers1