Naïve RSA decryption in PythonIs my Encryption Module Secure?Encoding and decoding small strings of textC# AES + RSA Encryption ImplementationEncryption in C#My images have secrets A.K.A. the making of aesthetic passwords V.2ISO mode encryption/decryption with BouncyCastleEncryption/decryption by matrix multiplication in CC++ RSA ImplementationGenerate two random primes and find their totientPython RSA/DSA File Cryptography, Key Generation, Key Protection

Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?

How can "mimic phobia" be cured or prevented?

How does a computer interpret real numbers?

Multiplicative persistence

What are the advantages of simplicial model categories over non-simplicial ones?

Strong empirical falsification of quantum mechanics based on vacuum energy density

Mimic lecturing on blackboard, facing audience

Moving brute-force search to FPGA

Picking the different solutions to the time independent Schrodinger eqaution

What does chmod -u do?

Plot of a tornado-shaped surface

Why did the EU agree to delay the Brexit deadline?

How could a planet have erratic days?

Hero deduces identity of a killer

Does Doodling or Improvising on the Piano Have Any Benefits?

A social experiment. What is the worst that can happen?

Temporarily disable WLAN internet access for children, but allow it for adults

Store Credit Card Information in Password Manager?

On a tidally locked planet, would time be quantized?

What is the highest possible scrabble score for placing a single tile

I'm the sea and the sun

Can a Canadian Travel to the USA twice, less than 180 days each time?

How to cover method return statement in Apex Class?

How much character growth crosses the line into breaking the character



Naïve RSA decryption in Python


Is my Encryption Module Secure?Encoding and decoding small strings of textC# AES + RSA Encryption ImplementationEncryption in C#My images have secrets A.K.A. the making of aesthetic passwords V.2ISO mode encryption/decryption with BouncyCastleEncryption/decryption by matrix multiplication in CC++ RSA ImplementationGenerate two random primes and find their totientPython RSA/DSA File Cryptography, Key Generation, Key Protection













3












$begingroup$


I am making a code with basic RSA encryption/decryption. My professor wants me to speed up this function but it is already so simple and I am lost. Any ideas?



def decrypt(kenc,d,n): 
 kdec=(kenc**d)%n
 return kdec





python performance homework cryptography







share|improve this question











$endgroup$







  • 1




    $begingroup$
    You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
    $endgroup$
    – Konrad Rudolph
    Mar 19 at 9:55
















3












$begingroup$


I am making a code with basic RSA encryption/decryption. My professor wants me to speed up this function but it is already so simple and I am lost. Any ideas?



def decrypt(kenc,d,n): 
 kdec=(kenc**d)%n
 return kdec





python performance homework cryptography







share|improve this question











$endgroup$







  • 1




    $begingroup$
    You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
    $endgroup$
    – Konrad Rudolph
    Mar 19 at 9:55














3












3








3





$begingroup$


I am making a code with basic RSA encryption/decryption. My professor wants me to speed up this function but it is already so simple and I am lost. Any ideas?



def decrypt(kenc,d,n): 
 kdec=(kenc**d)%n
 return kdec





python performance homework cryptography







share|improve this question











$endgroup$




I am making a code with basic RSA encryption/decryption. My professor wants me to speed up this function but it is already so simple and I am lost. Any ideas?



def decrypt(kenc,d,n): 
 kdec=(kenc**d)%n
 return kdec





python performance homework cryptography




python performance homework cryptography






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 19 at 4:09









200_success

130k17155419




130k17155419










asked Mar 18 at 23:55









Chad TChad T

311




311







  • 1




    $begingroup$
    You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
    $endgroup$
    – Konrad Rudolph
    Mar 19 at 9:55













  • 1




    $begingroup$
    You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
    $endgroup$
    – Konrad Rudolph
    Mar 19 at 9:55








1




1




$begingroup$
You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
$endgroup$
– Konrad Rudolph
Mar 19 at 9:55





$begingroup$
You can trivially make the code simpler/shorter and also (minimally) more efficient by removing the unnecessary variable assignment. But of course this isn’t what your professor meant.
$endgroup$
– Konrad Rudolph
Mar 19 at 9:55











1 Answer
1






active

oldest

votes


















12












$begingroup$

Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.



There is a serious problem with this implementation: it computes kenc**d.



kenc**d is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n. For example, trying it out with 1024bit RSA (the lowest setting!):



import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random

random_generator = Random.new().read
key = RSA.generate(1024, random_generator)

def decrypt(kenc,d,n):
 kdec=(kenc**d)%n
 return kdec

(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))


This does not finish in a reasonable time. Estimating the size of kenc**d, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc and d are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.



There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)



So decrypt can be written as:



def decrypt(kenc, d, n):
 return pow(kenc, d, n)


With that change, the code above decodes the message quickly.



Further improvements are possible, but more complicated, and won't be drop-in replacements.






share|improve this answer









$endgroup$








  • 1




    $begingroup$
    And of course, it's even faster not to have decrypt at all when all it does is call pow.
    $endgroup$
    – MSalters
    Mar 19 at 10:41










  • $begingroup$
    Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call pow.
    $endgroup$
    – Oscar Smith
    Mar 19 at 16:50






  • 1




    $begingroup$
    Also note that pow probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
    $endgroup$
    – SEJPM
    Mar 19 at 20:16










Your Answer





StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
);
);
, "mathjax-editing");

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215712%2fna%25c3%25afve-rsa-decryption-in-python%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









12












$begingroup$

Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.



There is a serious problem with this implementation: it computes kenc**d.



kenc**d is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n. For example, trying it out with 1024bit RSA (the lowest setting!):



import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random

random_generator = Random.new().read
key = RSA.generate(1024, random_generator)

def decrypt(kenc,d,n):
 kdec=(kenc**d)%n
 return kdec

(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))


This does not finish in a reasonable time. Estimating the size of kenc**d, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc and d are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.



There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)



So decrypt can be written as:



def decrypt(kenc, d, n):
 return pow(kenc, d, n)


With that change, the code above decodes the message quickly.



Further improvements are possible, but more complicated, and won't be drop-in replacements.






share|improve this answer









$endgroup$








  • 1




    $begingroup$
    And of course, it's even faster not to have decrypt at all when all it does is call pow.
    $endgroup$
    – MSalters
    Mar 19 at 10:41










  • $begingroup$
    Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call pow.
    $endgroup$
    – Oscar Smith
    Mar 19 at 16:50






  • 1




    $begingroup$
    Also note that pow probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
    $endgroup$
    – SEJPM
    Mar 19 at 20:16















12












$begingroup$

Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.



There is a serious problem with this implementation: it computes kenc**d.



kenc**d is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n. For example, trying it out with 1024bit RSA (the lowest setting!):



import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random

random_generator = Random.new().read
key = RSA.generate(1024, random_generator)

def decrypt(kenc,d,n):
 kdec=(kenc**d)%n
 return kdec

(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))


This does not finish in a reasonable time. Estimating the size of kenc**d, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc and d are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.



There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)



So decrypt can be written as:



def decrypt(kenc, d, n):
 return pow(kenc, d, n)


With that change, the code above decodes the message quickly.



Further improvements are possible, but more complicated, and won't be drop-in replacements.






share|improve this answer









$endgroup$








  • 1




    $begingroup$
    And of course, it's even faster not to have decrypt at all when all it does is call pow.
    $endgroup$
    – MSalters
    Mar 19 at 10:41










  • $begingroup$
    Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call pow.
    $endgroup$
    – Oscar Smith
    Mar 19 at 16:50






  • 1




    $begingroup$
    Also note that pow probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
    $endgroup$
    – SEJPM
    Mar 19 at 20:16













12












12








12





$begingroup$

Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.



There is a serious problem with this implementation: it computes kenc**d.



kenc**d is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n. For example, trying it out with 1024bit RSA (the lowest setting!):



import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random

random_generator = Random.new().read
key = RSA.generate(1024, random_generator)

def decrypt(kenc,d,n):
 kdec=(kenc**d)%n
 return kdec

(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))


This does not finish in a reasonable time. Estimating the size of kenc**d, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc and d are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.



There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)



So decrypt can be written as:



def decrypt(kenc, d, n):
 return pow(kenc, d, n)


With that change, the code above decodes the message quickly.



Further improvements are possible, but more complicated, and won't be drop-in replacements.






share|improve this answer









$endgroup$



Simple does not mean fast, so you cannot judge performance based on how simple the implementation looks. Usually the most efficient way to perform a non-trivial task is not also the simplest way to do it. In this case though, there is a much more efficient solution that is about equally simple, and is probably sufficient.



There is a serious problem with this implementation: it computes kenc**d.



kenc**d is in general a very big number that takes a long time to compute, and then it takes a long time again to reduce it modulo n. For example, trying it out with 1024bit RSA (the lowest setting!):



import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random

random_generator = Random.new().read
key = RSA.generate(1024, random_generator)

def decrypt(kenc,d,n):
 kdec=(kenc**d)%n
 return kdec

(ciphertext,) = key.encrypt(42, 0)
print(decrypt(ciphertext, key.d, key.n))


This does not finish in a reasonable time. Estimating the size of kenc**d, it is expected to be up to (and usually close to) 1024*1024 = 1048576 bits (both kenc and d are 1024 bit numbers), that will certainly fit on a computer these days, but that's still a very big number and calculations on such large numbers take a lot of time, especially multiplication and remainder.



There is a simple remedy: use modular exponentiation, which keeps the size of the numbers that it is working with low throughout the whole calculation by reducing modulo n as it goes along. You could implement it yourself, but Python handily provides a built-in function for this: pow(x, e, n)



So decrypt can be written as:



def decrypt(kenc, d, n):
 return pow(kenc, d, n)


With that change, the code above decodes the message quickly.



Further improvements are possible, but more complicated, and won't be drop-in replacements.







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 19 at 2:13









haroldharold

1,40868




1,40868







  • 1




    $begingroup$
    And of course, it's even faster not to have decrypt at all when all it does is call pow.
    $endgroup$
    – MSalters
    Mar 19 at 10:41










  • $begingroup$
    Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call pow.
    $endgroup$
    – Oscar Smith
    Mar 19 at 16:50






  • 1




    $begingroup$
    Also note that pow probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
    $endgroup$
    – SEJPM
    Mar 19 at 20:16












  • 1




    $begingroup$
    And of course, it's even faster not to have decrypt at all when all it does is call pow.
    $endgroup$
    – MSalters
    Mar 19 at 10:41










  • $begingroup$
    Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call pow.
    $endgroup$
    – Oscar Smith
    Mar 19 at 16:50






  • 1




    $begingroup$
    Also note that pow probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
    $endgroup$
    – SEJPM
    Mar 19 at 20:16







1




1




$begingroup$
And of course, it's even faster not to have decrypt at all when all it does is call pow.
$endgroup$
– MSalters
Mar 19 at 10:41




$begingroup$
And of course, it's even faster not to have decrypt at all when all it does is call pow.
$endgroup$
– MSalters
Mar 19 at 10:41












$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call pow.
$endgroup$
– Oscar Smith
Mar 19 at 16:50




$begingroup$
Keeping decrypt would be a good idea. If you were actually implementing RSA, you would also want PKCS or something there, and the performance penalty of a func call will be small compared to the time to call pow.
$endgroup$
– Oscar Smith
Mar 19 at 16:50




1




1




$begingroup$
Also note that pow probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
$endgroup$
– SEJPM
Mar 19 at 20:16




$begingroup$
Also note that pow probably doesn't exhibit timing independent of base and exponent ("constant-time") allowing for timing side-channel attacks which one may want / need to defend against.
$endgroup$
– SEJPM
Mar 19 at 20:16

















draft saved

draft discarded
















































Thanks for contributing an answer to Code Review Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215712%2fna%25c3%25afve-rsa-decryption-in-python%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Adding axes to figuresAdding axes labels to LaTeX figuresLaTeX equivalent of ConTeXt buffersRotate a node but not its content: the case of the ellipse decorationHow to define the default vertical distance between nodes?TikZ scaling graphic and adjust node position and keep font sizeNumerical conditional within tikz keys?adding axes to shapesAlign axes across subfiguresAdding figures with a certain orderLine up nested tikz enviroments or how to get rid of themAdding axes labels to LaTeX figures

Image
Fear of getting stuck on one programming language / technology that is not used in my country Is there a single word describing earning money through any means? Why do we read the Megillah by night and by day? Pre-mixing cryogenic fuels and using only one fuel tank Is the U.S. Code copyrighted by the Government? Should I outline or discovery write my stories? What is this called? Old film camera viewer? Does the expansion of the universe explain why the universe doesn't collapse? Removing files under particular conditions (number of files, file age) Argument list too long when zipping large list of certain files in a folder When a Cleric spontaneously casts a Cure Light Wounds spell, will a Pearl of Power recover the original spell or Cure Light Wounds? Non-trope happy ending? Is it better practice to read straight from sheet music rather than memorize it? Do Legal Documents Require Signing In Standard Pen Colors? Does an advisor owe his/her student anyt...
Read more

Tähtien Talli Jäsenet | Lähteet | NavigointivalikkoSuomen Hippos – Tähtien Talli

Image
RaviurheiluUrheilun kunniagalleriat Suomen HippoksenravihevostenLämminverisiäsuomenhevosiaSuomen raviurheilunBrad de Veluwe Tähtien Talli on vuonna 1995 perustettu Suomen Hippoksen ylläpitämä suomalaisten ravihevosten kunniagalleria. Tähtien Tallissa on toistaiseksi yhteensä 20 hevosta. Lämminverisiä galleriassa on kymmenen ja suomenhevosia kymmenen. Ulkomailla syntyneitä hevosia on mukana kolme. Vaikka Suomen raviurheilun perinteet ulottuvat jo 1800-luvun puolelle, painottuvat Tähtien Tallien valinnat viimeisten 20-30 vuoden aikana kilpailleisiin hevosiin. Viimeisin kunnianosoituksen saanut hevonen on Brad de Veluwe joka liitettiin Tähtien Talliin vuoden 2015 Ravigaalassa. Jäsenet | Reipas vuoden 1958 Kuninkuusraveissa Lahdessa. Passionate Kemp lämminveristen Suomen mestaruuden voittoloimi yllään. Hevonen Kilpailuvuodet Kasvattaja Valinta- vuosi Charme Asserdal 1975–1981 Erik Andersson 1995...
Read more

Do these cracks on my tires look bad? The Next CEO of Stack OverflowDry rot tire should I replace?Having to replace tiresFishtailed so easily? Bad tires? ABS?Filling the tires with something other than air, to avoid puncture hassles?Used Michelin tires safe to install?Do these tyre cracks necessitate replacement?Rumbling noise: tires or mechanicalIs it possible to fix noisy feathered tires?Are bad winter tires still better than summer tires in winter?Torque converter failure - Related to replacing only 2 tires?Why use snow tires on all 4 wheels on 2-wheel-drive cars?

Image
Small nick on power cord from an electric alarm clock, and copper wiring exposed but intact Why do we say “un seul M” and not “une seule M” even though M is a “consonne”? Read/write a pipe-delimited file line by line with some simple text manipulation Free fall ellipse or parabola? Why did the Drakh emissary look so blurred in S04:E11 "Lines of Communication"? A hang glider, sudden unexpected lift to 25,000 feet altitude, what could do this? Planeswalker Ability and Death Timing Which acid/base does a strong base/acid react when added to a buffer solution? Is the 21st century's idea of "freedom of speech" based on precedent? Shortening a title without changing its meaning Man transported from Alternate World into ours by a Neutrino Detector Is it reasonable to ask other researchers to send me their previous grant applications? Find a path from s to t using as few red nodes as possible What difference does it make matching a w...
Read more