RSA Signing

Tags:   数论
Time Limit:  3 s      Memory Limit:   32 MB
Submission:5     AC:1     Score:99.94


In cryptography, RSA is an algorithm for public-key cryptography. It was the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.

RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way:

  1. Choose two distinct large random prime numbers p and q
  2. Compute n = p * q
  3. Compute the totient: φ(n) = (p-1) * (q-1)
  4. Choose an integer e such that 1 < e < φ(n), and e and φ(n) share no factors other than 1
  5. Compute d to satisfy the congruence relation d * e ≡ 1 mod (φ(n))

The public key consists of the modulus n, and the public (or encryption) exponent e. The private key consists of the modulus n, and the private (or decryption) exponent d, which must be kept secret.

Encrypting messages:
Alice transmits her public key (n,e), to Bob and keeps the private key secret. Bob then wishes to send message M to Alice. He first turns M into a number m < n. Then computes the ciphertext c, corresponding to:

c = m^e mod n

This can be done quickly using the method of exponentiation by squaring. Bob then transmits c, to Alice.

Decrypting messages:
Alice can recover m from c, by using her private key exponent d, by the following computation:

m = c^d mod n

Given m, she can recover the original message M.

Suppose Alice uses Bob's public key to send him an encrypted message. In the message, she can claim to be Alice but Bob has no way of verifying that the message was actually from Alice since anyone can use Bob's public key to send him encrypted messages. So, in order to verify the origin of a message, RSA can also be used to sign a message. Suppose Alice wishes to send a signed message to Bob. She can use her own private key to do so. She produces a hash value of the message m, raises it to the power of d mod n (as she does when decrypting a message), and attaches it as a "signature" to the message. When Bob receives the signed message, he uses the same hash algorithm in conjunction with Alice's public key. He raises the signature to the power of e mod n (as he does when encrypting a message), and compares the resulting hash value with the message's actual hash value. If the two agree, he knows that the author of the message was in possession of Alice's secret key, and that the message has not been tampered with since.

Now you got Alice's public key, and you want to pretend to be Alice in order to send a message to Bob, how can you fake her signature if her key is weak?


The first line in the input is one integer T, indicates the number of test cases. Each test case contains three positive integers n, e, m (0 < m < n, 0 < e < n, 0 < n < 2^60).


For each test case, The Output should contains the signature for message m in a single line.


1 55 7 15