RSA

The algorithm was publicly described in

1977 by Ron Rivest, Adi Shamir, and
Leonard Adleman at MIT
Partly used for PGP (Pretty Good Privacy)
to encrypt session keys

RSA Step 1
Choose two distinct large random prime
numbers p and q,
e.g. p = 17 and q = 11
Let n = p*q, e.g. n=17*11=187
Choose e such that
and e and
are coprime

is Eulers totient

Eulers Totient
the totient (n) of a positive integer n is
defined to be the number of positive
integers less than or equal to n that are
coprime to n.
(9)=6 because the six numbers 1, 2, 4, 5,
7 and 8 are coprime to 9

RSA Step 2
e.g. e = 7 thus 7 and (17-1)*(11-1) = 160
are coprime
e can be published as the public-key
exponent
n is the modulus

This is all that is needed to encrypt

RSA - Encryption
A cyphertext C can be created from a
message M using the formula
C = Me(mod n)
Example: Message M is X
in ASCII 1011000 or 88 in decimal
C = 887(mod 187) = 11

887(mod 187) = [884(mod 187)* 882(mod 187)*881(mod 187)]

881 = 88 = 88(mod 187)
882 = 7,744 = 77(mod 187)
884 = 59,969,536 = 132(mod 187)
887 = 881 *882 * 884 = 88*77*132 = 894,432 = 11(mod 187)

RSA - Decryption
Modulus operation is a one way function
Given only the public-key (7,187) the only
way to decrypt is through brute-force i.e.
try all possible keys
This problem is simplified because you
know how the private-key is created.

RSA- Private-key
The decryption key d is created with the
following formula
e*d = 1(mod(p-1)*(q-1))
e.g 7*d=1(mod(16*10))
7d = 1 (mod 160)
d = 23 using Euclids algorithm

Extended Euclids Algorithm

e * d (mod (n) ) = 1
In other words, there is another number
also relatively prime to (n) that is its
reciprocal.
ax + by = gcd(a,b)
The extended Euclidean algorithm is
particularly useful when a and b are
coprime, since x is the modular
multiplicative inverse of a modulo b

Extended Euclids Algorithm

function extended_gcd(a, b)
if a mod b = 0 return {0, 1}
else {x, y} := extended_gcd(b, a mod b) return {y, x-y*(a div b)}
Example:
extended_gcd(160, 7 ) := (-1,1+1*22)
extended_gcd(7, 160(mod 7) ) := (1,0-1*1)
extended_gcd(6, 7(mod 6) ) := (0,1)
X = -1 Y=23
23 is the multiplicative inverse of e

RSA - Decryption
Now we have our private-key (d,n) e.g.
(23,187)
M = Cd (mod n)
M = 1123 (mod 187)
M = [111 (mod 187)*112 (mod 187)*114 (mod
187)*1116 (mod 187)](mod 187)
M = 11*121*55*154 (mod 187)
M = 88 = X

RSA - Cryptanalysis

The security of RSA is based on two

problems:

The problem of factoring large numbers

The RSA problem

Factoring Large Numbers

RSA-200 is largest number factored so far. It has

200 decimal digits which corresponds to 663 bits
The sieving effort is estimated to have taken the
equivalent of 55 years on a single 2.2 GHz
Opteron CPU.
The matrix step reportedly took about 3 months
on a cluster of 80 2.2 GHz Opterons. The
sieving began in late 2003 and the matrix step
was completed in May 2005.

RSA Problem

The RSA problem is the task of finding eth roots

modulo a composite number N whose factors
are not known
In other words to find integer P such that Pe C
(mod N), given integers N, e and C such that N
is the product of two large primes, 2 < e < N is
coprime to (N), and 0 <= C < N. C is chosen
randomly within that range
the most efficient means known to solve the
RSA problem is to factor the modulus N and thus
discover the private key