Naïve RSA decryption in PythonIs my Encryption Module Secure?Encoding and decoding small strings of textC# AES + RSA Encryption ImplementationEncryption in C#My images have secrets A.K.A. the making of aesthetic passwords V.2ISO mode encryption/decryption with BouncyCastleEncryption/decryption by matrix multiplication in CC++ RSA ImplementationGenerate two random primes and find their totientPython RSA/DSA File Cryptography, Key Generation, Key Protection
C++ lambda syntax
Friend wants my recommendation but I don't want to give it to him
Has the laser at Magurele, Romania reached the tenth of the Sun power?
Asserting that Atheism and Theism are both faith based positions
Do people actually use the word "kaputt" in conversation?
Is this saw blade faulty?
Mac Mini (2018) 10Gb Port Compatibility
How do you justify more code being written by following clean code practices?
Did I make a mistake by ccing email to boss to others?
Magnifying glass in hyperbolic space
What is it called when someone votes for an option that's not their first choice?
Error in master's thesis, I do not know what to do
How to preserve electronics (computers, ipads, phones) for hundreds of years?
Extract substring according to regexp with sed or grep
Why is indicated airspeed rather than ground speed used during the takeoff roll?
How do I lift the insulation blower into the attic?
I keep switching characters, how do I stop?
Checking @@ROWCOUNT failing
Started in 1987 vs. Starting in 1987
Put the phone down / Put down the phone
Why is participating in the European Parliamentary elections used as a threat?
Reason why a kingside attack is not justified
Capacitor electron flow
Reasons for having MCU pin-states default to pull-up/down out of reset
Naïve RSA decryption in Python
Is my Encryption Module Secure?Encoding and decoding small strings of textC# AES + RSA Encryption ImplementationEncryption in C#My images have secrets A.K.A. the making of aesthetic passwords V.2ISO mode encryption/decryption with BouncyCastleEncryption/decryption by matrix multiplication in CC++ RSA ImplementationGenerate two random primes and find their totientPython RSA/DSA File Cryptography, Key Generation, Key Protection
$begingroup$
I am making a code with basic RSA encryption/decryption. My professor wants me to speed up this function but it is already so simple and I am lost. Any ideas?
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
python performance homework cryptography
$endgroup$
add a comment |
$begingroup$
I am making a code with basic RSA encryption/decryption. My professor wants me to speed up this function but it is already so simple and I am lost. Any ideas?
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
python performance homework cryptography
$endgroup$
1
$begingroup$
You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
$endgroup$
– Konrad Rudolph
15 hours ago
add a comment |
$begingroup$
I am making a code with basic RSA encryption/decryption. My professor wants me to speed up this function but it is already so simple and I am lost. Any ideas?
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
python performance homework cryptography
$endgroup$
I am making a code with basic RSA encryption/decryption. My professor wants me to speed up this function but it is already so simple and I am lost. Any ideas?
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
python performance homework cryptography
python performance homework cryptography
edited 20 hours ago
200_success
130k17154419
130k17154419
asked yesterday
Chad TChad T
311
311
1
$begingroup$
You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
$endgroup$
– Konrad Rudolph
15 hours ago
add a comment |
1
$begingroup$
You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
$endgroup$
– Konrad Rudolph
15 hours ago
1
1
$begingroup$
You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
$endgroup$
– Konrad Rudolph
15 hours ago
$begingroup$
You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
$endgroup$
– Konrad Rudolph
15 hours ago
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.
There is a serious problem with this implementation: it computes kenc**d
.
kenc**d
is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n
. For example, trying it out with 1024bit RSA (the lowest setting!):
import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))
This does not finish in a reasonable time. Estimating the size of kenc**d
, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc
and d
are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.
There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n
as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)
So decrypt
can be written as:
def decrypt(kenc, d, n):
return pow(kenc, d, n)
With that change, the code above decodes the message quickly.
Further improvements are possible, but more complicated, and won't be drop-in replacements.
$endgroup$
1
$begingroup$
And of course, it's even faster not to havedecrypt
at all when all it does is callpow
.
$endgroup$
– MSalters
14 hours ago
$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to callpow
.
$endgroup$
– Oscar Smith
8 hours ago
$begingroup$
Also note thatpow
probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
$endgroup$
– SEJPM
4 hours ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
);
);
, "mathjax-editing");
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215712%2fna%25c3%25afve-rsa-decryption-in-python%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.
There is a serious problem with this implementation: it computes kenc**d
.
kenc**d
is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n
. For example, trying it out with 1024bit RSA (the lowest setting!):
import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))
This does not finish in a reasonable time. Estimating the size of kenc**d
, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc
and d
are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.
There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n
as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)
So decrypt
can be written as:
def decrypt(kenc, d, n):
return pow(kenc, d, n)
With that change, the code above decodes the message quickly.
Further improvements are possible, but more complicated, and won't be drop-in replacements.
$endgroup$
1
$begingroup$
And of course, it's even faster not to havedecrypt
at all when all it does is callpow
.
$endgroup$
– MSalters
14 hours ago
$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to callpow
.
$endgroup$
– Oscar Smith
8 hours ago
$begingroup$
Also note thatpow
probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
$endgroup$
– SEJPM
4 hours ago
add a comment |
$begingroup$
Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.
There is a serious problem with this implementation: it computes kenc**d
.
kenc**d
is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n
. For example, trying it out with 1024bit RSA (the lowest setting!):
import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))
This does not finish in a reasonable time. Estimating the size of kenc**d
, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc
and d
are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.
There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n
as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)
So decrypt
can be written as:
def decrypt(kenc, d, n):
return pow(kenc, d, n)
With that change, the code above decodes the message quickly.
Further improvements are possible, but more complicated, and won't be drop-in replacements.
$endgroup$
1
$begingroup$
And of course, it's even faster not to havedecrypt
at all when all it does is callpow
.
$endgroup$
– MSalters
14 hours ago
$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to callpow
.
$endgroup$
– Oscar Smith
8 hours ago
$begingroup$
Also note thatpow
probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
$endgroup$
– SEJPM
4 hours ago
add a comment |
$begingroup$
Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.
There is a serious problem with this implementation: it computes kenc**d
.
kenc**d
is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n
. For example, trying it out with 1024bit RSA (the lowest setting!):
import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))
This does not finish in a reasonable time. Estimating the size of kenc**d
, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc
and d
are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.
There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n
as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)
So decrypt
can be written as:
def decrypt(kenc, d, n):
return pow(kenc, d, n)
With that change, the code above decodes the message quickly.
Further improvements are possible, but more complicated, and won't be drop-in replacements.
$endgroup$
Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.
There is a serious problem with this implementation: it computes kenc**d
.
kenc**d
is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n
. For example, trying it out with 1024bit RSA (the lowest setting!):
import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
def decrypt(kenc,d,n):
kdec=(kenc**d)%n
return kdec
(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))
This does not finish in a reasonable time. Estimating the size of kenc**d
, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc
and d
are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.
There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n
as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)
So decrypt
can be written as:
def decrypt(kenc, d, n):
return pow(kenc, d, n)
With that change, the code above decodes the message quickly.
Further improvements are possible, but more complicated, and won't be drop-in replacements.
answered 22 hours ago
haroldharold
1,39868
1,39868
1
$begingroup$
And of course, it's even faster not to havedecrypt
at all when all it does is callpow
.
$endgroup$
– MSalters
14 hours ago
$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to callpow
.
$endgroup$
– Oscar Smith
8 hours ago
$begingroup$
Also note thatpow
probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
$endgroup$
– SEJPM
4 hours ago
add a comment |
1
$begingroup$
And of course, it's even faster not to havedecrypt
at all when all it does is callpow
.
$endgroup$
– MSalters
14 hours ago
$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to callpow
.
$endgroup$
– Oscar Smith
8 hours ago
$begingroup$
Also note thatpow
probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
$endgroup$
– SEJPM
4 hours ago
1
1
$begingroup$
And of course, it's even faster not to have
decrypt
at all when all it does is call pow
.$endgroup$
– MSalters
14 hours ago
$begingroup$
And of course, it's even faster not to have
decrypt
at all when all it does is call pow
.$endgroup$
– MSalters
14 hours ago
$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call
pow
.$endgroup$
– Oscar Smith
8 hours ago
$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call
pow
.$endgroup$
– Oscar Smith
8 hours ago
$begingroup$
Also note that
pow
probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.$endgroup$
– SEJPM
4 hours ago
$begingroup$
Also note that
pow
probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.$endgroup$
– SEJPM
4 hours ago
add a comment |
Thanks for contributing an answer to Code Review Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215712%2fna%25c3%25afve-rsa-decryption-in-python%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
$begingroup$
You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
$endgroup$
– Konrad Rudolph
15 hours ago