0

I understand that the public key in RSA encryption may be computed using Euler's totient function or Carmichael's totient function.

I'm now trying to figure out how the choice of totient function affects the security of the public key, if any. Are there any ways in which a chosen totient function may make it easier or harder to compute the private key from the public key?

Edit for clarification: Are there any direct ways in which the choice of totient functions may affect the 'backtracking' process of figuring out the private key (d) from the public key (e)?

hello101
  • 3
  • 2
  • Neither totient function is used directly. Public key is simply calculated as the product of 2 primes, and the private exponent $d$ is just the multiplicative inverse of public exponent $e \mod{ (p-1) \cdot (q-1) }$. – DannyNiu Aug 06 '19 at 08:51

1 Answers1

2

I'm now trying to figure out how the choice of totient function affects the security of the public key, if any.

Not at all. The totient function used has absolutely no affect on the public key. When you generate the public/private key pair, you usually select $p, q$ and $e$ (in some order), and then compute $d$ (using the totient); because the public key is a function of $p$, $q$ and $e$ (which were all selected before you used the totient), the totient has no impact on the public key.

The only effect it has would be on the $d$ parameter that is contained within the private key - we don't place that into the public key, and so the public key isn't affected. And, even the holder of the private key (would can look at $d$) might not care - if he uses the CRT optimization, he would use the $p, q, dp, dq$ and $qInv$ parameters (which are also not affected by the totient) and typically ignore $d$.

poncho
  • 147,019
  • 11
  • 229
  • 360