In the previous post, we learned how to decrypt RSA by getting the factors of the big number N and computing for the inverse of e (the encoding number) modulo N. There is also another way to decrypt an RSA encrypted message. This is when you are able to get the period of the ciphertext. If c is the ciphertext, the **period** r is the smallest integer that satisfies:

Once we get the period, we compute for $d^\prime $, the inverse of e modulo r:

\[ed^\prime \equiv 1 \mod r\]The inverse can then be used to decrypt the ciphertext:

\[m=c^{d^\prime}\]In our previous example, we encrypted the message

THIS IS A SECRET MESSAGE

using public key p=53, q=59, N=pq=3127 and e=7 and private key d=431. The “plain text” is

1907 0818 2608 1826 0026 1804 0217 0419 2612 0418 1800 0604

and the ciphertext is:

0794 1832 1403 2474 1231 1453 0268 2223 0678 0540 0773 1095

Let’s compute the period of the first block of our ciphertext:

\[0794^r \equiv 1 \mod 3127\]Using the python script below, we can compute the period

[code language=”python”] for r in range(1,100): p=pow(794,r,N) if p == 1: print “%d %d” % (r,p) [/code]

The result of running the above program gives r=58. We can then compute $d^\prime $ using the following equation:

\[ed^\prime = m\times r + 1\]The above equation is satisfied when m=3 and $d^\prime = 25 $. Using this value of $d^\prime $, we can compute for

\[\begin{array}{rl} m&=0794^{25} \mod 3127 \\ &= 1907 \end{array}\]which gives us the original message!

However, unlike using the private key, you need to compute the period r and $d^\prime $ for every block of the ciphertext (unless the ciphertext is composed of only one block). However, that should not stop a cracker from deciphering all the blocks.

Image Credit: “R-O-B/Structural Oscillations” by NYCDOT is marked with CC BY-NC-ND 2.0. To view the terms, visit https://creativecommons.org/licenses/by-nd-nc/2.0/jp/?ref=openverse