1

I understand that if $e\in{\mathbf{Z^*_{\phi(N)}}}$ then $\gcd(e,\phi(N))=1$ and if $e\not\in{\mathbf{Z^*_{\phi(N)}}}$ than $\gcd(e,\phi(N))\neq{}1$.

But I couldn't figure out why this implies bijection of $f(x)=x^e$.

I also tried to see examples but that didn't help me to explain the phenomenon.

A. Maman
  • 113
  • 5
  • 1
    Could you also post your failed examples? Also, a dupe question Proving RSA is a permutation. – kelalaka Jun 16 '20 at 08:55
  • 1
    Note that, learning from your errors (LWE) is more valuable for development. That is why I've asked your failed ways. – kelalaka Jun 16 '20 at 09:28
  • 1
    Actually, it's not true. Counterexample, $\mathbf{N}=8$, $e=3$... – poncho Jun 16 '20 at 10:22
  • @poncho The OP tagged RSA. $8$ doesn't form RSA or multi-prime RSA. – kelalaka Jun 16 '20 at 10:35
  • If the linked answer satisfies you we can close this question and before that make sure that $N$ is RSA modulus. If you are not talking only RSA then poncho's hint also valid for you. – kelalaka Jun 16 '20 at 13:09
  • In the question it must be meant $f(x)=x^e\bmod N$, not $f(x)=x^e$, which in general is not a bijection. This or this proves that if $e\in\Bbb Z_{\phi(N)}^$ and $N$ is square-free, then $f$ is a bijection on $\Bbb Z_N$. That also works for a bijection on $\Bbb Z_N^$ and the proof is simpler. For a (less usual) proof in the other direction, see this. If you don't want the square-free hypothesis, well, go ahead! – fgrieu Jun 16 '20 at 22:42
  • As an illustration that important characteristics include square-freeness of $N$, and the set on which we consider the bijection, consider: $N=9$, $e=5$. We have $e\in\Bbb Z_{\phi(N)}^$, yet $f(3)=f(6)$ for $f(x)=x^e\bmod N$, where $3,6\in\Bbb Z_N$ and $3,6\not\in\Bbb Z_N^$. – fgrieu Jun 17 '20 at 04:38

1 Answers1

1

The correct form is: The integer $a \mod Z_n$ has multiplicative inverse iff $gcd(n,a)=1$

Here, you are working on exponents, so you must consider the modulo as $\phi(n)$ not $n$.

Therefore, here you can find the inverse of $e$ iff $gcd(e, \phi(e))=1$. This guarantees that you be able to find the inverse of $e$ using extended Euclidean algorithm.

m123
  • 283
  • 3
  • 9