RSA（Python）中的解密問題

Question

我剛剛編寫了一個使用 RSA 加密和解密的小型 python 程序。 這只是為了好玩。 我的問題是它從未完成解密，女巫顯然不是故意的。 d 漿果很大，我不確定它是否能夠解密。 有沒有邏輯錯誤？ 我錯過了什么？ generatePrimes 函數生成位長為 512 的素數。

from generatePrime import generatePrime


from math import gcd as bltin_gcd

def coprime(a, b):
    return bltin_gcd(a, b) == 1

def encript(msg,e,N):
    print("encripting :")
    return msg**e % N

#THIS HERE IS THE PROBLEM!
def decript(en,d,N):
    print("decripting :")
    pow(en, d, N) #Like this?


def RSA():
    print("generating P     ")
    P = generatePrime()
    print("generating Q ")
    Q = generatePrime()
    print("calculating N ")
    N = P* Q
    print("calculating phi ")
    phi = (Q-1)*(P-1)
    e = 65537
    if not coprime(e,P) and not coprime(e,Q):
        RSA()
    d = int((1+ phi)/e)
    #print(d)

    encripted = encript(16468,e,N)
    print(encripted)
    decripted = decript(encripted,d,N)
    print(decripted)
    print("sucsess!")

RSA()
print("Done!")

d 很大，但它必須是，不是嗎？ 我沒有任何線索。

這是 generatePrime Funktion（我偷的女巫）

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import re
import random
import math


def fermat_primality_test(p, s=5):
    """
    a^(p-1) ≡ 1 mod p
    Input: prime candidate p and security paramter s
    Output: either p is a composite (always trues), or
            p is a prime (with probability)
    """
    if p == 2:
        return True
    if not p & 1: # if p is even, number cant be a prime
        return False

    for i in range(s):
        a = random.randrange(2, p-2)
        x = pow(a, p-1, p) # a**(p-1) % p
        if x != 1:
            return False
    return True

def square_and_multiply(x, k, p=None):
    """
    Square and Multiply Algorithm
    Parameters: positive integer x and integer exponent k,
                optional modulus p
    Returns: x**k or x**k mod p when p is given
    """
    b = bin(k).lstrip('0b')
    r = 1
    for i in b:
        r = r**2
        if i == '1':
            r = r * x
        if p:
            r %= p
    return r

def miller_rabin_primality_test(p, s=5):
    if p == 2: # 2 is the only prime that is even
        return True
    if not (p & 1): # n is a even number and can't be prime
        return False

    p1 = p - 1
    u = 0
    r = p1  # p-1 = 2**u * r

    while r % 2 == 0:
        r >>= 1
        u += 1

    # at this stage p-1 = 2**u * r  holds
    assert p-1 == 2**u * r

    def witness(a):
        """
        Returns: True, if there is a witness that p is not prime.
                False, when p might be prime
        """
        z = square_and_multiply(a, r, p)
        if z == 1:
            return False

        for i in range(u):
            z = square_and_multiply(a, 2**i * r, p)
            if z == p1:
                return False
        return True

    for j in range(s):
        a = random.randrange(2, p-2)
        if witness(a):
            return False

    return True

def generatePrime(n=512, k=1):
    """
    Generates prime numbers with bitlength n.
    Stops after the generation of k prime numbers.
    Caution: The numbers tested for primality start at
    a random place, but the tests are drawn with the integers
    following from the random start.
    """
    assert k > 0
    assert n > 0 and n < 4096

    # follows from the prime number theorem
    necessary_steps = math.floor( math.log(2**n) / 2 )
    # get n random bits as our first number to test for primality
    x = random.getrandbits(n)

    primes = []

    while k>0:
        if miller_rabin_primality_test(x, s=7):
            primes.append(x)
            k = k-1
        x = x+1

    return primes[0]

我確實嘗試過：

from Crypto.Util import number
def generatePrime(len=512):
    return number.getPrime(len)

但這並沒有解決問題。

Answer 1

過了一段時間，我開始工作了。 這是我的最終代碼：

om RSAresources import *

class RSA:

    def __init__(self,msg,e=65537,P=generatePrime(),Q = generatePrime()):

        self.e = e
        self.P = P
        self.Q = Q
        self.msg = msg

        while not coprime(e,P) and not coprime(e,Q):
            self.P = generatePrime()
            self.Q = generatePrime()

        self.N = P * Q
        self.phi = (Q-1)*(P-1)
        self.d = mod_inverse(self.e,self.phi)

    def encript(self):
        return pow(self.msg,self.e, self.N)

    def decript(self):
        return pow(self.msg,self.d,self.N)

這是 RSAresources.py：

from Crypto.Util import number

def generatePrime(leng=1024):
    return number.getPrime(leng)

def mod_inverse(x,y):

    def eea(a,b):
        if b==0:return (1,0)
        (q,r) = (a//b,a%b)
        (s,t) = eea(b,r)
        return (t, s-(q*t) )

    inv = eea(x,y)[0]
    if inv < 1: inv += y
    return inv


from math import gcd as bltin_gcd

def coprime(a, b):
    return bltin_gcd(a, b) == 1