Why is a semiprime used as the modulus in RSA?

Question

Technically we can use other composite numbers and as long as we can compute $\varphi(M)$ there is no problem. But then why we restrict modulo to be a semiprime number than any composite number?

Answer 1

Technically you can use other squarefree numbers, not other general composites. See Remark 4.3 and the top of page 10 of https://kconrad.math.uconn.edu/blurbs/ugradnumthy/RSAnotes.pdf.

Answer 2

https://en.m.wikipedia.org/wiki/Discrete_logarithm , probably plays a role. Some small factors can affect how quickly this could be done for a number. if I know the modulus has a small factor I can limit the exponent given enough information. For example( however crappy):

$$23547985639486761^x\equiv 5978745931 \bmod 447689046210$$

modulus here is purposedly divisible by 210 . base is 5 mod 7, 0 mod 3, 1 mod 5 and 1 mod 2 making it 201 mod 210. remainder is 4 mod 7, 1 mod 3, 1 mod 2, 1 mod 5 so 151 mod 210. Still a bad choice by me even after fixing my remainder errors it. cycle length was 6. so had it hit it would have me check at most every 6 x values.

Another factor in choosing semiprimes is additional factors, especially smaller than a given size destroy: $$\varphi(n)=n\prod_{p\mid n,p\in \mathbb{P}} (1-{1\over p})$$ because 2 wipes out half the number, 3 a further sixth if combined, 5 a further two 30ths, 7 a further eight 210ths, so all told they wipe out 162 out of 210, leaving just 48 out of every 210 left. even the cube root of n will only take out a number two-thirds the length of n.