DISCRETE MATHEMATICS ASSIGNMENT

TOPIC: RSA Algorithm

Group:
Srishti Saxena 2014AAPS298H
Akriti Trivedi 2014A3PS829H
S V Padmanabhan 2015A3PS222H
Sankalp Mittal 2015AAPS242H
Lalit Kishan Sisodiya 2015AAPS585H
 History
RSA (Rivest- Shamir- Adleman) was first described in 1977 by Ron Rivest, Adi
Shamir and Leonard Adleman of the Massachusetts Institute of Technology.
RSA is one of the first practical public-key cryptosystems and is widely used for
secure data transmission. In such a cryptosystem, the encryption key is public and
different from the decryption key, which is kept secret (private). In RSA, this
asymmetry is based on the practical difficulty of factoring the product of two
large prime numbers, the factoring problem.
The idea of an asymmetric public-private key cryptosystem is attributed
to Whitfield Diffie and Martin Hellman, who published the concept in 1976. They
also introduced digital signatures and attempted to apply number theory; their
formulation used a shared secret key created from exponentiation of some number,
modulo a prime number. However, they left open the problem of realizing a one-
way function, possibly, because the difficulty of factoring was not well studied at
the time.
Ron Rivest, Adi Shamir, and Leonard Adleman (R.S.A.) at MIT made several
attempts over the course of a year to create a one-way function that is hard to
invert. Rivest and Shamir, as computer scientists, proposed many potential
functions while Adleman, as a mathematician, was responsible for finding their
weaknesses. They tried many approaches including "knapsack-based" and
"permutation polynomials". For a time, they thought it was impossible for what
they wanted to achieve due to contradictory requirements. In April 1977, they
spent Passover at the house of a student and drank a good deal
of Manischewitz wine before returning to their home at around midnight.[5]Rivest,
unable to sleep, lay on the couch with a math textbook and started thinking about
their one-way function. He spent the rest of the night formalizing his idea and had
much of the paper ready by daybreak. The algorithm is now known as RSA the
initials of their surnames in same order as their paper.
Clifford Cocks, an English mathematician working for the UK intelligence
agency GCHQ, described an equivalent system in an internal document in
1973. However, given the relatively expensive computers needed to implement it
at the time, it was mostly considered a curiosity and, as far as is publicly known,
was never deployed. His discovery, however, was not revealed until 1997 due to its
secret classification.
 Introduction
Before the introduction of public-key cryptography by Diffie and Hellman [3], if
two people wanted to communicate in private by encrypting messages sent
between them, they would first need meet to agree upon methods for encoding and
decoding the messages. The advent of the public-key cryptosystem made these
kinds of meetings unnecessary because it allowed both parties to make their
encryption procedures publicly available without compromising the privacy of
their communication. A public-key
Cryptosystem is one in which each user places an encryption procedure E into a
public file. Each user has a corresponding decryption procedure D, the details of
which the user does not reveal to anyone else. The key to ensuring the security of a
public-key cryptosystem is for it to be extremely difficult to derive the decryption
key from the publicly available encryption key. In order to qualify as a public-key
cryptosystem, the encryption and decryption procedures must have the following
properties:

1. Applying the decryption procedure to a message encrypted by the corresponding

encryption procedure yields the original message. This can be expressed formally
as, D(E(M)) = M.
2. Both the encryption procedures and the decryption procedures are easy to
compute.
3. Publicly revealing the encryption method E does not reveal any easy way to
compute the corresponding decryption procedure D.
4. If a message M is first deciphered using the decryption procedure D and then the
result is encrypted using the corresponding encryption procedure E, the result gives
the original message. Formally we write this as, E (D(M)) = M.

Typically, an encryption (or decryption) procedure E consist of an encryption key

and a general method for enciphering a message M using the key. The enciphered
message is called the cipher text C. In a public-key cryptosystem, everyone can use
the same method for enciphering the message because the security of any given
encryption procedure relies on the security of the decryption key. An encryption
function, which satisfies the first three properties given above, is called a trap-door
one-way function. Diffie and Hellman, who first introduced the concept, define a
trap-door one-way function as function whose inverse, though it exists, is
computationally infeasible to compute when given only the original function.
Though Diffie and Hellman were the first to introduce the idea of public-key
cryptography and of trap-door one-way functions, the true emergence of public-
key cryptography did not come until the introduction of the RSA algorithm.

Suppose Alice wishes to send Bob a valuable diamond, but the jewel will be stolen
if sent unsecured. Both Alice and Bob have a variety of padlocks, but they don't
own the same ones, meaning that their keys cannot open the other's locks.

How did Alice send the diamond to Bob?

Solution:

1. Bob first sends Alice an unlocked padlock. Note that Bob would
give anyone an unlocked padlock, as the only use for one is to send Bob
something.
2. Alice adds Bob's lock and sends the package to Bob, and
3. Bob removes his lock and opens the package.
This example demonstrates the ideas behind public-key cryptography, though the
concept is actually slightly different. In public-key cryptography. Alice encrypts
her message using Bob's public key, which can only be decoded by Bob's private
key.

In RSA, the public key is generated by multiplying two large prime

numbers and together, and the private key is generated through a different process.
A user can then distribute his public key, and anyone wishing to send the user a
message would encrypt their message using the public key. For all practical
purposes, even computers cannot factor large numbers into the product of two
primes, in the same way that factoring a number like 414863 by hand is virtually
impossible. However, multiplying two numbers is much less difficult, so a
potential factorization can be verified quickly.
In public-key cryptography, if Alice wants to send a message to Bill a message,
she first looks up Bills public encryption procedure to encode the message, sends
Bill the resulting cipher text, and Bill is then able to decode the message using his
private decryption procedure.
To encrypt a message using the RSA algorithm, given a public encryption
key (e, n), the general method of the encryption procedure is as follows: The first
step is to represent the message as an integer between 0 and n 1, M, using any
standard representation. Then, to encrypt the message, raise M to the eth power
modulo n. The ciphertext C is thus given by, C E(M) Me (mod n).
To decrypt the message, we raise it to a different power, d, part of the private
decryption key (d, n), modulo n. We can represent the decryption procedure as
D(C) Cd (mod n).
In the RSA algorithm, the encryption key is the pair of positive integers (e, n) and
the decryption key is the pair of positive numbers (d, n). Each user makes the
encryption key public, keeping the corresponding decryption key private. To
choose the encryption and decryption keys for the RSA algorithm, we first
compute n as the product of two very large, random primes p and q. We then
choose d to be a large integer that is relatively prime to (p 1)(q 1). That is,
choose d such that it satisfies gcd (d, (p 1) (q 1)) = 1.
Finally, we choose the value of e such that it satisfies the equation e d 1 (mod
(p 1) (q 1)). In addition to allowing secure encryption of messages, the RSA
method of encryption also allows messages to be signed by the person sending
the message so that the recipient has proof that the message came from the sender
and not simply from someone claiming to be the sender. This is done as follows:
If Alice would like to send a message M to Bob, she first uses her own private
decryption procedure DA on the message to obtain a value for DA(M). Then, using
Bobs publicly available encryption procedure, she encrypts the result of the
previous step to obtain the ciphertext C = EB(DA(M)). Then, when Bob receives
the message he can decipher it by first using his private decryption procedure and
then applying Alices publicly available encryption procedure to obtain the original
message. Formally, this can be expressed as
First, Bob applies his own decryption procedure, DB(C) = DB(EB(DA(M))) =
DA(M).
Then Bob applies Alices encryption procedure, to get EA(DA(M)) = M. This
ability to easily represent signatures made RSA cryptography particularly well-
suited for use with
e-mail.

Security of the RSA

The security of the RSA algorithm and messages encrypted using the algorithm
relies on the difficulty of factoring the value of n. If n could be easily factored into
the corresponding values of p and q, then one could easily find the value of d. d is
the decryption key.
The security of the RSA algorithm can be described by the RSA problem and the
RSA assumption.

The RSA Problem and RSA Assumption:

The RSA problem is, given an RSA public key (e, n) and a ciphertext C =
Me (mod n), to compute the original message, M [8]. The RSA Assumption is that
the RSA Problem is hard to solve when n is sufficiently large and randomly
generated and the value of M (and by extension the value of C) is a random integer
between 0 and n1. The RSA assumption can be thought of as the assumption that
the RSA function given the choice of n and M is, in fact, a trap-door one-way
function.
One variant on the RSA assumption that was first by Baric and Pfitzmann in 1997
is the strong RSA assumption. The assumption here is similar to the RSA
assumption except that Marvin can select the public exponent e. That is, Marvins
task becomes given a value for n and a ciphertext C, to compute any value of M
and e such that C Me (mod n). This task may be easier than the original RSA
problem, because Marvin is allowed to determine the value of e as well. Thus, the
assumption that the task is hard to solve is a stronger one than the original RSA
assumption. When we say hard to solve, we mean that there is no efficient,
polynomial-time algorithm for solving the problem.
 The Math Behind the RSA Algorithm

The mathematics behind the RSA algorithm are simple, yet elegant. The algorithm
works by exploiting concepts from number theory, including the properties of
modular arithmetic and

Fermats Little Theorem.

The proof of the correctness of the RSA algorithm uses number theory to conclude
that indeed, M D(E(M)) (mod n) and M E(D(M)) (mod n),
where M is the message being encrypted, E is the public encryption procedure
(which includes a public key (e, n) and an encryption methodin this case E(M)
Me (mod n), and D is the decryption procedure (which includes the private
decryption key (d, n) and the decryption procedure, here: D(M) Cd(mod n)
where C is the cyphertext encryption of some message. Since n is computed as a
product of two large primes, p and q, and d is determined to be a large integer
relatively prime to (p 1) (q 1), it is extremely difficult, given the difficultly of
factoring large numbers, to compute d from e.
We define _(n) to be the Euler phi function or the totient function, which is defined
as the
number of positive integers not exceeding n, which are relatively prime to n [7].
For any prime number p, _(p) = p 1. Further, if m and n are relatively prime, then
_(m)_(n) = _(mn).
To prove that the RSA algorithm is correct, we begin by proving Fermats Little
Theorem and then using the theorem to establish the desired result.
Fermats Little Theorem
Statement: Let p be a prime number and an integer. Then
ap a (mod p).6
Furthermore, if a is not divisible by p (that is, gcd (a, p) = 1), then
ap1 1 (mod p).
Proof: We can list the first p 1 positive multiples of the integer a as
a, 2a, 3a, . . ., (p 1)a.
Suppose that ra sa (mod p). This implies that r s (mod p) However, since we
chose distinct values for the coefficients above and r and s are both less than p, it
cannot be the case that r s (mod p). Thus we know that all of the p 1 multiples
of a listed above are distinct and nonzero.
Further, they must be equivalent (mod p) to 1, 2, 3, ..., (p 1) in some order. Then
if we multiply the congruences, we get a 2a 3a . . . (p 1)a 1 2 3 . . . (p
1) (mod p)
ap1(p 1)! (p 1)! (mod p).
Finally, if we divide both sides by (p 1)!, we arrive at the desired result [4].
_
Proof of the Correctness of RSA
The RSA Algorithm: If we represent a message as an integer M between 1 and n
where n is the product of two prime numbers p and q, and E(M) Me (mod n) and
D(M) Md (mod n) where d is chosen such that gcd(d, (p 1)(q 1)) = 1 and e
d 1 (mod (p 1)(q 1)), then:
D(E(M)) M (mod n) (1)
E(D(M)) M (mod n) (2)

Proof: The left-hand sides of equations (1) and (2) can both be expressed as (Me)d
= Med = (Md)e. Thus, to prove the correctness of the algorithm, it suffices to show
[7] that
Med M (mod n) Letting _(n) represent the totient of n, we know that e d 1
(mod _(n)). This implies that for
some value of k, Med Mk_(n)+1 (mod n).
Further, by Fermats Little Theorem, we know that if M is not divisible by p,
Mp1 1 (mod p).
Therefore, since (p 1) does divide _(n),
Mk__(n) 1 (mod p) which implies that
Mk_(n)+1 M (mod p)
An analogous argument for q gives us that
Mk_(n)+1 M (mod q).
Since both p and q divide n, these last two equations together imply
Mk_(n)+1 M (mod n) which, in turn, gives us the desired result that
Med M (mod n).
_
 The Significance of the Algorithm
Prior to the advent of the Internet, encryption was in many ways considered an
issue only for government agencies. The RSA algorithm was introduced at a time
when the potential popularity of the Internet was first becoming clear. With this
popularity came a high demand for safely and securely being able to transmit
information. The RSA algorithm, perceived as a nearly unbreakable, public-key
cryptosystem, quickly became the method of choice for Internet cryptography
including e-mail encryption among other uses. Today, RSA continues to be
employed for enciphering e-mail messages as well as for the Secure
Socket Layer (SSL) protocol used in the majority of internet data exchanges. Thus,
the RSA algorithm is something that most of us rely on each and every day, though
very few of us give a second thought to the security of the e-mails we send.

Algorithm:
1. Two very large prime numbers, normally of equal length, are randomly
chosen, then multiplied
N=AxB
2. T = (A-1) x (B-1)
3. A third number is then chosen randomly as the public key (E) such that it has
no common factors (i.e., is relatively co-prime) with T
4. The private key D is then:
5. D = E 1 mod T
6. Here D is the multiplicative inverse of E in the field ZT . In other words,
DE 1 (mod T)
7. To encrypt a block of plaintext (M) into ciphertext(C): C = ME mod N
8. To decrypt: M = CD mod N
Example:
A = 37
B = 23
N = 37 x 23 = 851
T = (37-1) x (23-1) = 792
E must have no common factors with T (792)
Let, E (public key) = 5
D (private key) = 5-1 mod 792 = 317
To encrypt a message (M) of the character G represent G as 7 (7th letter in the
alphabet)
M = 7 C = 75 mod 851 = 638
To decrypt
M = 638317 mod 851 = 7

Here actually the pair of numbers E and N form the public key, whereas D and T
form the private key.

Applications and vulnerabilities

Hackers try to factorize N and hence crack the code.Therefore length of the key has
to be increased to improve the security.
Currently RSA laboratories recommend key sizes of 768 bits for personal use, 1024
bits for corporate use and 2048 bits for extremely valuable keys (those used by
certifying authorities)
Security can be increased by frequently changing the keys, typically every two years.
It has been estimated that the quickest factoring algorithm known, will use
approximately 1023 computer operations to resolve an integer with 200 digits into
its prime factors.
Assuming that each operation takes 1 nanosecond, the factorization time would be
approximately 3 x 106 years.
However, the time is a lot less if we use networks of computers.
In 1994, a 129 digit number was factorized into its prime factors using 800
computers over a 8 month period. In 1977, the time was estimated to be 40
quadrillion years for this operation. Even without using huge keys, RSA is about
1000 times slower to encrypt/decrypt than DES.
Therefore it is not used as a standalone cryptosystem. It is used in hybrid
cryptosystems like PGP (Pretty Good Privacy).
In hybrid cryptosystems we encrypt the plaintext with a symmetric algorithm
(usually DES or IDEA).The symmetric algorithms key is then encrypted with a
public key algorithm like RSA.

Future of the RSA Algorithm and Public-Key Cryptography

Attacks on the RSA will continue to get stronger as factoring algorithms are
improved and made faster. There are many ideas for improving RSA security. First
and foremost is the hope that simply choosing increasingly longer keys will make
the factorization problem more difficult and help prevent attacks. As few as five
years ago, RSA encryption that used a 512-bit value for n was considered safe.
Now, improvements in technology have made it so that a 512-bit RSA system can
be broken in just a few days [6]. As computers continue to increase their
computing power, increasing key length will continue to be
a good solution against many of the attacks presented here. The main problems that
RSA and other encryption mechanisms must be prepared to deal with include
improved computing speed and capacity and mathematical breakthroughs for
factoring large numbers.

Conclusions
In this paper, we have described the famous RSA algorithm for public-key
cryptography. The algorithm, which was developed in 1977 by Rivest, Shamir, and
Adlemen, has become one of the most widely-used cryptography systems since it
was adopted for enciphering e-mail messages and other tasks involving security on
the Internet. We have seen that RSA is, at its core, a piece of simple mathematics
which makes use of facts and theorems from number theory, including Fermats
Little Theorem. We have looked at several kinds of attacks both on the algorithm
itself and on implementations of the algorithm. Finally,
we recognize that as computing capacity increases, the future of public-key
cryptography will necessarily involve using longer decryption keys to maintain
security.