Department of Electronics

Cryptography
Spring 2016
The RSA Algorithm
March 14th/29th 2016

RSA setup
Alice and Bob, no previous contact
Transmit secure message
No time for courier service, etc
All information obtained by potential evil observer, Eve
Is it possible to send message so that Bob can read it but Eve can
not?
Alice needs to send a key by some mechanism, which is not possible
by this method

Public Key Crypto System

Exchanging key can be achieved by many methods
Factorization of integers into their prime factors is hard (basic of RSA)
Available to public in early 70s
Encryption exponent e same as modulus n

RSA Algorithm
Bob chooses two distinct large primes p and q and multiplies them
together
n=pq
He also chooses and encryption exponent e
gcd(e, (p 1)(q 1)) = 1.
He sends the pair (n, e) to Alice but keeps the values of p and q secret
Alice never needs to know p and q to send her message to Bob securely
Alice writes her message as a number m
If m is larger than n, she breaks the message into block, each of which is
less than n
(lets assume for the moment that m < n)

RSA Algorithm, Continued..

Alice computes
c= me

(mod n)

and sends c to Bob

Since Bob knows p and q, he can compute (p-1) (q-1)
Therefore, can find the decryption exponent d with
de = 1 (mod (p-1)(g-1))
The message is

m = cd
so Bob can read the message

(mod n)

RSA Algorithm, Summary

1. Bob chooses secret primes p and q and computes n = pq.
2. Bob chooses e with gcd (e, (p-1)(q-1)) = 1.
3. Bob computes d with de = 1 (mod (p-1)(q-1)).
4. Bob makes n and e public, and keeps p, q, d secret.
5. Alice encrypts m as c= me (mod n) and sends c to Bob.
6. Bob decrypts by computing m = cd (mod n).

RSA Example

Bob chooses: p = 885320963, q = 238855417

Then, n=p.q=211463707796206571
Let the encryption exponent be e = 9007
The values of n and e are sent to Alice
Assume that Alices message is cat
Let a=01 and continue through z=26
The message is therefore
m=30120
Alice computes
c = me = 301209007 = 113535859035722866 (mod n)
She sends c to Bob

RSA Example, Continued

Since Bob knows p and q, he knows (p-1)(q-1)
Extended Euclidean algorithm (explained later)
de=1 (mod (p-1)(q-1))
d = 116402471153538991
Bob computes
cd = 113535859035722866 116402471153538991 = 30120 (mod n)

Bob obtains the original message

RSA explanation

There are several aspects that need to be explained

why m = cd (mod n)
Euler's theorem:
If gcd(a, n) = 1, then aphi(n)=1 (mod n)
phi(n) = phi(pq) =(p-1)(q-1)
Suppose gcd(m,n) = 1
Since p and q are large, m probably has neither as a factor
Since de = 1 (mod phi(n)), we can write de = 1 + k(phi(n)) for some integer
k.
Therefore
cd =(me)d= m 1+k (phi(n)) = m (m(phi(n)))k = m.1k = m (mod n)