3

I'm trying to have a simple RSA encryption/decryption, using BigInteger. It works fine for smaller numbers, but not for bigger numbers:

BigInteger messageToInt = 111098; 
BigInteger enc = BigInteger.ModPow(messageToInt, publicKey, n);
BigInteger dec = BigInteger.ModPow(enc, privateKey, n); // should be same as messageToInt
Console.WriteLine(dec);

Keys are from Wiki example - privateKey = 413, publicKey = 17, n = 3233.

  • for messageToInt = 1500: dec = 1500 (which is fine).
  • for messageToInt = 15000: dec = 2068. (what?!).
janw
  • 8,758
  • 11
  • 40
  • 62
Liad Sagi
  • 63
  • 9
  • RSA is not used for encryption. Even used you need a good padding as PKCS#1.5 or OAEP. RSA can be used for siganture, this time you need RSA-PSS signature scheme. Also you can use RSA for key exchange as RSA-KEM. Encryption is the least used among them. See this nice [answer](https://stackoverflow.com/a/57513954/1820553) – kelalaka Aug 31 '19 at 19:46

1 Answers1

4

Actually, it worked perfectly:

15000 mod 3233 = 2068.

Since RSA relies on modular arithmetic, you are restricted to plain texts that are smaller than n. There is no way to distinguish whether the plain text was 2068, 2068 + n, 2068 + 2n, and so on.

The solution is here to either split the plain text into parts that are smaller than n, or increase n until the plain text fits in there.

janw
  • 8,758
  • 11
  • 40
  • 62
  • Oh ,Interesting.. never seen this fact mentioned before. How does it work ?Why messages that are longer then n wont work? edit - I see why when you only talk about mod. How does the power comes to play? – Liad Sagi Aug 30 '19 at 18:31
  • The modular exponentation (`ModPow`) performs repeated multiplication and modular reduction (e.g. _square and multiply_). In the end the result is reduced to the smallest possible number modulo `n`. This immediately means that you _cannot_ get a number that is equal or larger than `n`, since it `n` would be repeatedly subtracted until a number smaller than `n` is reached. – janw Aug 30 '19 at 18:38
  • Thanks! I know that rsa mostly used to encrypt smaller stuff or symmetric keys, and also most RSA implementations are dividing the message to blocks. But would it be safe to say that another advantage of using larger and larger keys is the ability to encrypt larger blocks of data? edit - for the reasons above – Liad Sagi Aug 30 '19 at 21:17
  • The main point of increasing the block size is to make it harder to break the cipher (e.g. by factoring `n`). While in theory it is true, that increasing key size allows larger blocks, this is not relevant in practice, as you already said: An AES key has 128 to 256 bits, so the remaining >1000 bits are primarily used for padding (e.g. OAEP). Also note that doubling the key size has a massive impact on performance: https://webmasters.stackexchange.com/a/102372 So e.g. doing RSA-2048 twice is much cheaper than doing RSA-4096 once. – janw Aug 30 '19 at 21:26
  • @JanWichelmann: "Massive" is perhaps overstating it. Doing RSA-2048 twice is probably a little less than twice as fast as doing RSA-4096 once. – President James K. Polk Aug 31 '19 at 00:57