13down

vote

accepted

The extended Euclidean algorithm is essentially the Euclidean

algorithm (for GCD's) ran backwards.
Your goal is to find d such that ed1(mod(n)).
Recall the EED calculates x and y such that ax+by=gcd(a,b).
Now let a=e, b=(n), and thus gcd(e,(n))=1 by definition
(they need to be coprime for the inverse to exist). Then you have:

ex+(n)y=1
Take this modulo (n), and you get:

ex1(mod(n))
And it's easy to see that in this case, x=d. The value of y does not
actually matter, since it will get eliminated modulo (n) regardless of
its value. The EED will give you that value, but you can safely discard
it.

Now, we have e=17 and (n)=40. Write our main equation:

17x+40y=1
We need to solve this for x. So apply the ordinary Euclidean
algorithm:

40=217+6
17=26+5
6=15+1
Write that last one as:

615=1
Now substitute the second equation into 5:

61(1726)=1
Now substitute the first equation into 6:

(40217)1(172(40217))=1
Note this is a linear combination of 17 and 40, after simplifying you
get:

(7)17+340=1
We conclude d=7, which is in
fact 33 modulo 40 (since 7+40=33).
As you can see, the basic idea is to use the successive remainders of
the GCD calculation to substitute the initial integers back into the final

equation (the one which equals 1) which gives the desired linear
combination.
http://crypto.stackexchange.com/questions/5889/calculating-rsa-privateexponent-when-given-public-exponent-and-the-modulus-fact 2013