Cryptology Proof

Question

Given prime $p, 0 < m < p$ and $ed \equiv 1 \pmod{p-1}$, prove $ m^{ed} \equiv m \pmod{p}$.

I get that this is hinting at a proof very similar to that of RSA, and that I have to consider when $\gcd(m,p)=1$ and when it doesn't. I also know that I need to use Euler's theorem and CRT. I just can't get past the $p-1$ passing itself into the mod from Euler's theorem. How should this proof look?

Your question will be better recieved if you write down your proof or at least parts of it and ask specific questions about it. — Vinyl_cape_jawa, Feb 23 '19 at 23:00
Euler’s Theorem tells you that $x^{\varphi(n)}\equiv 1\pmod{n}$ when $\gcd(x,n)=1$. If $\gcd(x,n)=1$, and $r\equiv 1\pmod{\varphi(n)}$, then $r=1+k\varphi{n}$ for some integer $k$, so $x^{r} = x^{1+k\varphi(n)} = x^1x^{k\varphi(n)} = x(x^{\varphi(n)})^k$. What does this equal modulo $n$? And what is $\varphi(n)$ when $n$ is a prime? — Arturo Magidin, Feb 23 '19 at 23:05
First question : m mod n as the proof requests. But don't I have r = 1 mod (p-1)? And idk when n is prime. @ArturoMagidin — Christheyankee, Feb 23 '19 at 23:11
I do not understand anything of what you wrote. You say “first question”, but what follows is not a question, it’s a sentence fragment. Don’t confuse the letters I wrote with the letters in your original problem. I’m using $n$ and $x$ as arbitrary letters, not related to your problem statement. Did you understand what I wrote? And do you really don’t know the value of Euler’s phi function when the input is a prime? If that is the case, then sorry, but you are too far behind to tackle this problem. You need to go way back and actually learn the stuff first. — Arturo Magidin, Feb 23 '19 at 23:13
@ArturoMagidin okay I meant the phi function of p when p is prime is p-1. But idk where to go with that. You did the proof for when gcd(x,n) = 1 but Idk what to do when it isn't/ — Christheyankee, Feb 23 '19 at 23:18
Look at your problem. $p$ is a prime. $m$ is a positive integer smaller than the prime. What is the gcd of $m$ with $p$? — Arturo Magidin, Feb 23 '19 at 23:19
Telling because factors of a prime are one and itself and if the number is less than the prime in order for the gcd not to be one the number would have to be a factor of the prime which it cant be by the definition of a prime. — Christheyankee, Feb 23 '19 at 23:26
So, presumably, you’ve got your hints and hnnow how to solve the problem. Great. May I suggest posting your final solution as an answer? That way the question won’t go “unanswered”, and other people can help and point out any gaps or errors. — Arturo Magidin, Feb 23 '19 at 23:27

Christheyankee · Answer 1 · 2019-02-24T00:48:49.490

1

First consider gcd(m,p). p is prime and p > m.

Conclude gcd(m,p) = 1.

By Euler's Theorem $ m^{\phi(p)} \equiv 1 \mod p, ed \equiv 1 \mod \phi(p), ed \equiv 1 +k\phi(p),k$ is a constant integer and then $(m^{e})^d = m^{ed} \equiv m^{1+k\phi(p)}\\ \\ m^{ed} \equiv m *m^{k\phi(p)}\\m^{ed} \equiv m *1\mod p\\m^{ed} \equiv m \mod p$

edited Feb 24 '19 at 00:48

answered Feb 23 '19 at 23:42

Christheyankee

83

Use \pmod to get the proper notation and spacing, not \mod.Look at the edits I did to your question to see the sytax and formatting. – Arturo Magidin Feb 23 '19 at 23:49
Your first paragraph is wrong. You do need to consider it; it’s just that it is equal to 1. And therefore, you do not suppose that $\gcd(m,p)=1$. You conclude that it is one because $p$ is prime and $m$ is positive and strictly smaller. You never say what $k$ is (not any constant will make this work, it has to be a specific constant). Your second line is wrong (where did that addition symbol come from?) – Arturo Magidin Feb 23 '19 at 23:51
Thanks, better? @ArturoMagidin – Christheyankee Feb 23 '19 at 23:55
$P$ and $p$ will be understood to mean different things, so you shouldn’t use them interchangeably. (If that was your interface automatically changing it to an upper case because if tollows a period, ignore that comment). You still never say what $k$ is or why it matters, and you still have a plus sign that doesn’t make any sense in your second equation. – Arturo Magidin Feb 24 '19 at 00:00
Yeah p was automatically capitalized sorry about that. Fixed the plus sign, not sure what k is missing. – Christheyankee Feb 24 '19 at 00:07
In line 3 you say, “$k$ is a constant integer”. But you never defined $k$ as something specific, so right now it’s just an arbitrary integer. But if it is an arbitrary integer, then why do you claim that $m^{ed}\equiv m^{1+k\phi(p)}$? Since you did not specify the integer $k$, you are asserting that this holds for any positive integer $k$. So if I plug in $k=3$, it’s true; if I plug in $k=73$ it’s true. If I plug in $k=4128973126321236$, it’s true. Or at least, that’s what you are claiming happens. Does it? (And, congruent modulo what?) – Arturo Magidin Feb 24 '19 at 00:11
I think they want you to say that the existence of a k is implied by the previous modulus (and moreover that it doesn't work for just any k). – Boots Feb 24 '19 at 00:13
I know you have to work mod phi (p) in the exponent but beyond that I'm not sure. K >= 1? @ArturoMagidin – Christheyankee Feb 24 '19 at 00:23
@Christheyankee: Re-read my original comment and try to follow the substance; don’t just try to emulate the form. In particular, there was a $k$ I used, but it wasn’t just any $k$; it was a $k$ whose existence and properties were implied by another assumption I had. – Arturo Magidin Feb 24 '19 at 00:43
1

Did I add the assumption correctly? @ArturoMagidin – Christheyankee Feb 24 '19 at 00:53
You might want to say that $ ed \equiv 1 \pmod{\phi(p)}$ implies the existence of an integer k such that $ed = 1 + k \phi(n)$ – Boots Feb 24 '19 at 01:09
@Christheyankee: You did not add any assumption, so.. no. Look at Boots comment. Look at my original comment. Where did $k$ come from, and what properties did it have? They are key. You are just ignoring them. – Arturo Magidin Feb 24 '19 at 01:19

Bill Dubuque · Answer 2 · 2019-02-24T14:28:54.200

It's a special case of this mod exponent reduction law (crucial to master for problems like this)

Lemma $\ \bmod n\!:\,\ \color{#c00}{a^{\large k}\equiv 1}\,\Rightarrow\,a^{\large j}\equiv a^{\large j\bmod\color{#c00} k}$

Proof $\ $ Dividing $\ j\div k\,\Rightarrow\, j = r + k\,q\ $ for $\ r = j\bmod k = $ remainder, and $\,q = $ quotient,

hence $\bmod n\!:\,\ a^{\large j}\equiv a^{\large r+kq}\equiv a^{\large r}(\color{#c00}{a^{\large k}})^{\large q}\equiv a^{\large r}\color{#c00}1^{\large q}\equiv a^{\large r}$

Thus $\bmod p\!:\,\ \color{#c00}{m^{\large p-1}\equiv 1}\,\Rightarrow\, m^{\large ed}\equiv m^{\large ed\bmod\color{#c00}{p-1}}\equiv m^{\large 1}$

Cryptology Proof

2 Answers2