RSA when N=pq and p = q

cryptography

I was curious what's to happen when $p = q$ for $N=pq$ in RSA scheme.

First I realize that one can easily find out $p$ and $q$ by taking a square root of $n$.

However, it appears to me that under $\pmod{N}$ where $p = q$, one cannot reliably retrieve the original message via $m^d$ where $m$ denotes an encrypted message and $d$ denotes the decryption key. Can someone explain why?

Thank you.


Solution 1:

There is Euler's theorem, and then RSA's recommended way of using it for encryption. I think your confusion arises from not realising the distinction. For any positive integers $k$ and $n$ and any $b$ relatively prime to $n$ we have, by Euler's theorem, $$b^{k\varphi(n)+1}\equiv b\pmod{ n}\qquad(*) $$ It does not matter whether $n$ is product hundred primes are a square or a cube. Now if we can factorize $k\varphi(n)+1 = d\times e$ we can rewrite the above equations as $$ (b^e)^d\equiv b\pmod n$$ And so $e$ can be used for encryption sending $b$ to $b^e\pmod n$, and $d$ can be used for decryption, these are inverse operations follows from the Eqn.$(*)$.

RSA recommends us to choose $n$ as product of two large primes. The only reasons for that is all $b<p$ (assuming $p<q$) are guaranteed to be coprime to $n$ and more importantly calculating $d$ with the knowledge of the public key $e$ and $n$ will be difficult, as it rests on the known difficult problem of factorizing $n$. If a number is a product of many numbers factorization attempts have better chances of succeeding.

You may ask why not choose $n$ as a prime then without factorizing one can calculate $d$ from $e$ and $n$ ($=p$), using Extended Euclidean Algorithm.

Related

Strong Induction Requires No Base Case?
How to solve these recurrence relations by using generating function [closed]
How is the degree of the minimal polynomial related to the degree of a field extension?
An identity which applies to all of the natural numbers
Solve $ 1 + \frac{\sqrt{x+3}}{1+\sqrt{1-x}} = x + \frac{\sqrt{2x+2}}{1+\sqrt{2-2x}} $
Simplify recurrence $\frac{d}{dx} f_{n-1}(x)= f_n(x)- f_{n-1}(x) f_1(x)$
Show the direct sum of noetherian R-modules is noetherian.
Polyak-Lojasiewicz (PL) inequality proof
Prove by induction for $n\geq1, n \in \mathbb{N}$ $, 2^{2n+1}\equiv 9n^2-3n + 2\pmod{54}$.
Prove Harish-Chandra's theorem on central characters with algebraic-geometrical observation and the linkage relations among weights
Proving that $\sup_{s \in [a,b)}f(s)=\sup_{s \in [a,b)\cap \mathbb{Q}}f(s)$ for right continuous function.
Theorem 9.34 Rudin