如何解决当我使用JavaScript更改消息时,为什么RSA加密解密是错误的?
RSA是一种基于分解大整数的加密算法。在RSA中,将生成两个大质数和一个补充值作为公钥。任何人都可以使用公共密钥对消息进行加密,但是只有具有主要因素的人才能对消息进行解码。此过程分为三个阶段:
- 密钥生成-生成公钥和私钥。按键的构造方法 生成的内容应该是秘密的。
- 加密-可以通过公用密钥对邮件进行加密
- 解密-仅私钥可用于解密 消息
加密过程如下所示:
m - message:
m^e % n = c
c - encrypted message
解密过程如下所示:
c^d % n = m
这是计算 d 的实现:
function modInverse(e,phi) {
var m0 = phi,t,q;
var x0 = 0,x1 = 1;
if (phi == 1)
return 0;
while (e > 1) {
// q is quotient
q = Math.floor(e / phi);
t = phi;
// phi is remainder now,process same as
// Euclid's algo
phi = e % phi,e = t;
t = x0;
x0 = x1 - q * x0;
x1 = t;
}
// Make x1 positive
if (x1 < 0)
x1 += m0;
return x1;
}
modInverse(7,40) // 23
还需要生成公共密钥和私有密钥的密钥对。让我们选择 5 和 11 作为素数:
function modInverse(e,phi) {
var m0 = phi,q;
var x0 = 0,x1 = 1;
if (phi == 1)
return 0;
while (e > 1) {
// q is quotient
q = Math.floor(e / phi);
t = phi;
// phi is remainder now,process same as
// Euclid's algo
phi = e % phi,e = t;
t = x0;
x0 = x1 - q * x0;
x1 = t;
}
// Make x1 positive
if (x1 < 0)
x1 += m0;
return x1;
}
function isPrime(n){
var prime_numbers=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97]
for(let i of prime_numbers){
if(n===i){
return true
}
}
}
function RSAKeyPair(p,q) {
// Need to check that they are primes
if (!(isPrime(p) && isPrime(q)))
return;
// Need to check that they're not the same
if (p == q)
return;
var n = p * q,phi = (p - 1) * (q - 1),e = 3,d = modInverse(e,phi);
// Public key: [e,n],Private key: [d,n]
return [[e,[d,n]]
}
RSAKeyPair(5,11)//公钥:[3,55],私钥:[27,55]
完成:加密和解密
function modInverse(e,phi) {
var m0 = phi,q;
var x0 = 0,x1 = 1;
if (phi == 1) {
return 0;
}
while (e > 1) {
// q is quotient
q = Math.floor(e / phi);
t = phi;
// phi is remainder now,process same as
// Euclid's algo
phi = e % phi // 3 % 40
e = t; // e = 40
t = x0; // t = 0
x0 = x1 - q * x0; // 1-0|13|3 x 0
x1 = t; // 0
}
// Make x1 positive
if (x1 < 0) {
x1 += m0;
}
return x1;
}
function isPrime(n){
var prime_numbers=[2,97]
for(let i of prime_numbers){
if(n===i){
return true
}
}
}
function RSAKeyPair(p,q) {
// Need to check that they are primes
if (!(isPrime(p) && isPrime(q))) {
return;
}
// Need to check that they're not the same
if (p==q) {
return;
}
var n = p * q,phi = (p-1)*(q-1),phi);
// Public key: [e,n]
return [[e,n]]
}
RSAKeyPair(5,11)
for (let i in RSAKeyPair(5,11)){
var encrypted_message;
const encryption=c=>{
var m = 2,e = c[0],n = c[1],Encrypted_Message = m ** e % n
console.log("Encryption: " + Encrypted_Message)
encrypted_message=Encrypted_Message
}
const decryption=c=>{
var d = c[0],Decrypted_Message = encrypted_message ** d % n
console.log("Decryption: " + Decrypted_Message)
}
i=="0"?encryption(RSAKeyPair(5,11)[0]) : i == "1" ? decryption(RSAKeyPair(5,11)[1]) : false
}
运行它:
function modInverse(e,x1 = 1;
if (phi == 1) {
return 0;
}
while (e > 1) {
// q is quotient
q = Math.floor(e / phi);
t = phi;
// phi is remainder now,process same as
// Euclid's algo
phi = e % phi // 3 % 40
e = t; // e = 40
t = x0; // t = 0
x0 = x1 - q * x0; // 1-0|13|3 x 0
x1 = t; // 0
}
// Make x1 positive
if (x1 < 0) {
x1 += m0;
}
return x1;
}
function isPrime(n){
var prime_numbers=[2,11)){
var encrypted_message;
const encryption=c=>{
var m=2,e=c[0],n=c[1],Encrypted_Message=m**e%n
console.log("Encryption: "+Encrypted_Message)
encrypted_message=Encrypted_Message
}
const decryption=c=>{
var d=c[0],Decrypted_Message=encrypted_message**d % n
console.log("Decryption: "+Decrypted_Message)
}
i=="0"?encryption(RSAKeyPair(5,11)[0]):i=="1"?decryption(RSAKeyPair(5,11)[1]):false
}
这将加密消息2,接收者可以将其解密回2。但是,当我将消息2更改为3时:
function modInverse(e,process same as
// Euclid's algo
phi = e % phi // 3 % 40
e = t; // e = 40
t = x0; // t = 0
x0 = x1 - q * x0; // 1-0|13|3 x 0
x1 = t; // 0
}
// Make x1 positive
if (x1 < 0) {
x1 += m0;
}
return x1;
}
function isPrime(n) {
var prime_numbers = [2,97]
for (let i of prime_numbers) {
if (n === i) {
return true
}
}
}
function RSAKeyPair(p,q) {
// Need to check that they are primes
if (!(isPrime(p) && isPrime(q))) {
return;
}
// Need to check that they're not the same
if (p == q) {
return;
}
var n = p * q,phi);
// Public key: [e,n]
return [[e,11)) {
var encrypted_message;
const encryption = c => {
var m = 3,Encrypted_Message = m ** e % n
console.log("Encryption: " + Encrypted_Message)
encrypted_message = Encrypted_Message
}
const decryption = c => {
var d = c[0],Decrypted_Message = encrypted_message ** d % n
console.log("Decryption: " + Decrypted_Message)
}
i == "0" ? encryption(RSAKeyPair(5,11)[1]) : false
}它给出不同的结果。我希望答案应该是3,这是怎么回事?
解决方法
发布的示例使用p = 5和q = 11并确定模数N = 55,公共指数e = 3和私有指数d = 27(由RSAKeyPair(5,11)返回)。这对应于有效的密钥对。
尽管使用了较小的值,但中间结果可能会很大。
在明文m = 3的情况下,密文c = m e mod 55 = 27的加密结果。值3 3 = 27显然不重要。
但是,对于解密,解密后的数据为m = c d mod 55 = 27 27 mod55。值27 27 (大约4.4 * 10 38 )非常重要,因为它高于JavaScript Number.MAX_SAFE_INTEGER = 2 53 -1 = 9,007,199,254,740,991的最大(安全)整数。通常,这会在解密过程中产生错误的纯文本。
对于较大的数字,可以使用BigInt来解决此问题:
var e = 3;
var d = 27;
var N = 55;
// Encryption
var m = 3; // getRandomInt(N) // For arbitrary plaintexts uncomment getRandomInt(N)
var c = m ** e % N;
console.log("Plaintext : " + m);
console.log("Ciphertext : " + c);
// Decryption without BigInt
var dec = c ** d % N;
console.log("Result without BigInt: " + dec); // Wrong
// Decryption with BigInt
var dec = BigInt(c) ** BigInt(d) % BigInt(N);
console.log("Result with BigInt : " + dec); // Correct
function getRandomInt(max) {
return Math.floor(Math.random() * Math.floor(max));
}
当然,这通常适用于,只要值(包括中间结果)相应变大,不仅适用于加密和解密,还适用于密钥生成。
编辑:如评论中所述,模块化幂运算的实现比直接幂运算更有效(=求幂,然后取结果取模)。为此,还可以使用现有的库,例如bigint-mod-arith,该方法将right-to-left binary方法应用于模幂。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。