(Cross-listed on math stackexchange, received no replies)
For context, this is a homework question from an assignment already turned in. I am looking for better understanding of the concepts involved, mainly complexity theory since I have not seen it before outside this class (and prior knowledge was assumed).
I am asked to evaluate the complexity of RSA decryption with and without using CRT, without using asymptotic complexity. Instead use $c_1$ as the constant for modular multiplication, $c_2$ for modular exponentiation, and $c_3$ for finding a multiplicative inverse.
My attempt: Let $s_1$ be the length of $p$, $s_2$ be the length of $q$, $s$ the length of $n$, and $x$ the length of $d$. Consider the following complexities:
computation |
complexity |
$m_1=c^d\mod p$ |
$c_2s_1^2x$ |
$m_2=c^d\mod q$ |
$c_2s_2^2x$ |
$q^{-1}\mod p$ |
$c_3s_1$ |
$p^{-1}\mod q$ |
$c_3s_2$ |
So the complexity of using the CRT to compute $m=m_1(q^{-1}\mod p)q+m_2(p^{-1}\mod q)p\mod n$ is $c_1^2c_2c_3s_1^3x+c_1^2c_2c_3s_2^3x=c_1^2c_2c_3x(s_1^3+s_2^3)$.
Meanwhile, the complexity to compute $m=c^d\mod n$ is $c_2s^2x$, so the difference is $c_2x(s^2-c_1^2c_3(s_1^3+s_2^3))$.
I believe this is wrong since I don't think it is true in general that $s^2\geq s_1^3+s_2^3$ (CRT should make decryption faster), and I don't know if we can make any assumptions about the constants.