Understanding_the_RSA_algorithm
Understanding_the_RSA_algorithm
style introduction to the RSA algorithm, in which we assume that readers will only have a basic background in mathematics
and cybersecurity. Started from three essential goals of public-key cryptosystems, we explained step-by-step how the RSA
algorithm achieved these goals. We also used a toy example to further help readers to understand the algorithm from a
practical perspective.
CCS Concepts: • Security and privacy → Public key encryption.
ACM Reference Format:
Zhengping Jay Luo, Ruowen Liu, and Aarav Mehta. 2023. Understanding the RSA algorithm. 1, 1 (August 2023), 7 pages.
https://doi.org/10.1145/nnnnnnn.nnnnnnn
1 INTRODUCTION
The three most widely accepted security goals of cybersecurity are shorted as “CIA triad”, which stands for
Confidentiality, Integrity and Availability. Cryptographic algorithms play an essential role in achieving confiden-
tiality through private-key and public-key cryptographic algorithms. Public-key cryptographic algorithms, such
as the RSA algorithm, also play an important role in achieving another common security goal, non-repudiation,
which is required in many application scenarios such as electronic mails, through digital signatures. In fact, the
RSA algorithm was originally designed to achieve both confidentiality and non-repudiation goals in electronic
mails [5].
The RSA algorithm is one of the pioneering implementations of the public-key cryptosystem that was invented
by Diffie and Hellman [2] in 1976. It was designed by Ron Rivest, Adi Shamir, and Leonard Adleman from
Massachusetts Institute of Technology (MIT). As a public-key cryptographic algorithm, it has two keys: a private
key and a public key. Let’s assume that we have two communication parties: Alice and Bob, and they want to
exchange a message secretly. With the RSA algorithm, Alice first uses Bob’s public key to encrypt the message 𝑀
into ciphertext 𝐶 and send it to Bob. Bob then decrypt 𝐶 with its private key to recover the plaintext 𝑀. The
process seems straightforward, but generating the public and private keys used in this process is not as simple
Authors’ addresses: Zhengping Jay Luo, Rider University, Lawrenceville, New Jersey, USA, 08648, [email protected]; Ruowen Liu, Rider
University, Lawrenceville, New Jersey, USA, 08648, [email protected]; Aarav Mehta, Rider University, Lawrenceville, New Jersey, USA, 08648,
[email protected].
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that
copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first
page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy
otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from
[email protected].
© 2023 Association for Computing Machinery.
XXXX-XXXX/2023/8-ART $15.00
https://doi.org/10.1145/nnnnnnn.nnnnnnn
Fig. 1. The information flow when Alice sends a message to Bob using symmetric and public key cryptography.
as it may seem. To understand the logic behind requires knowledge from topics like number theory, modular
arithmetic, etc., which are often lacked by many beginners in cybersecurity or undergraduate students.
In this work, we provide an intuitive and accessible way to understand the RSA algorithm from a beginner’s
perspective. Started from three goals the RSA algorithm wants to achieve, we adopt an onion-peeling style to
explain how the system is designed step by step to reach the goal, which is lacked by other similar tutorials [3].
We assume readers have minimum background knowledge in number theory, modular arithmetic, etc. However,
we acknowledge that our goal is to provide an approachable way for a broader range of readers that do not have
much background in mathematics to understand this algorithm, thus some rigor of mathematics might inevitably
be simplified. At the end, we provide a toy example of the RSA algorithm from a practical perspective to help
readers better understand the algorithm.
The paper is organized as follows: the necessary foundational information of the RSA algorithm is provided
in Section 2. Then the detailed onion-peeling style introduction of the algorithm is elaborated in Section 3. In
Section 4 we employed an specific toy example to illustrate how to encrypt and decrypt the message in RSA from
a practical perspective. We concluded the paper in Section 5.
In 1976, Diffie and Hellman [2] proposed the second strategy named as public-key cryptosystems to tackle
the above challenge. The basic idea is that both Alice and Bob still share the same cryptograhic algorithm, but
they no longer need to share the same secret key. Instead, each of them will maintain two keys: a private key
and a public key. The private key is only known to the owner while the public key can be accessed by anyone
who wants to communicate with the owner. Every time Alice wants to send a message to Bob, Alice will use
Bob’s public key 𝐾 (𝐵𝑜𝑏,𝑝𝑢𝑏𝑙𝑖𝑐 ) to encrypt the message 𝑀. On Bob’s side, the ciphertext 𝐶 can be decrypted using
Bob’s private key 𝐾 (𝐵𝑜𝑏,𝑝𝑟𝑖𝑣𝑎𝑡𝑒 ) . Since only Bob has 𝐾 (𝐵𝑜𝑏,𝑝𝑟𝑖𝑣𝑎𝑡𝑒 ) , thus no one else could recover 𝑀. The process
of Alice using the public-key cryptosystem to send a message to Bob is shown in Fig. 1(b).
The public-key cryptosystem is similar with our self-service drop box mechanism used in the shipping industry.
Anyone can put an envelope or a package into a public drop box provided by the shipping company to get
it shipped (anyone could use the receiver’s public key to encrypt the message in public-key cryptosystems).
However, only authorized personnel from the shipping company that has the key (similar with the private key
used in public-key cryptosystems) could open the drop box to get the mails/packages been delivered.
Using public-key cryptosystems, two end users will no longer be required to share a secret key in advance
when they need to exchange information. All the sender needs to know is the public key of the receiver and
the cryptographic algorithm the receiver used, both of which are public information. The RSA algorithm is an
implementation of the public-key cryptosystem concept.
efficient way to perform prime factorization on quantum computers has already been found [7]. The problem is
that a workable quantum computer is still estimated to be at least decades away [1]. Therefore, we can safely say
the RSA algorithm is secure at least for the time being.
𝑀 ′ = 𝑀 in the plaintext recovery goal. The detailed encryption and decryption process of the RSA algorithm is
shown as follows:
We now need to understand what conditions must be satisfied and how this process could achieve the three
goals mentioned above. We will explain each goal with the associated conditions as follows.
4 A TOY EXAMPLE
In this section, let’s go through the whole process using a toy example. The detailed implementation specifications
of the RSA algorithm in real world can be found in [4]. Suppose Alice wants to send a message “Tue 7PM” to Bob
secretly using the RSA algorithm. First, Bob needs to decide his private key (𝑑, 𝑛) and public key (𝑒, 𝑛) for the
communication. Bob will choose two large random prime numbers 𝑝 and 𝑞. Let’s assume 𝑝 = 1721 and 𝑞 = 1801.
In real world, these two numbers should be much larger such that it is unrealistic for modern computers to obtain
the prime factors 𝑝 and 𝑞 from 𝑛. 𝑛 can be computed as 𝑛 = 𝑝 · 𝑞 = 3099521. We can also obtain Euler’s totient
function of 𝑛 as 𝜙 (𝑛) = (𝑝 − 1) (𝑞 − 1) = 3096000.
The next step for Bob is to choose a private key 𝑑, which is a number relatively prime to 𝜙 (𝑛). In real world,
𝑑 should also be a large number to prevent it from being guessed easily. Here in our toy example we choose
𝑑 = 997. Now Bob needs to compute the public key 𝑒. Based on the equation 𝑒𝑑 ≡ 1 (mod 𝜙 (𝑛)), we could get the
inverse of 𝑑 modulo 𝜙 (𝑛) as 𝑒 = 1012333 using the Extended Euclidean Algorithm. After 𝑒 and 𝑑 are determined,
𝑝 and 𝑞 can be destroyed or hidden for the sake of security. Bob can release his public key (𝑒, 𝑛) to the public
while keep 𝑑 private.
From Alice’s perspective, Alice needs to first obtain Bob’s public key (𝑒, 𝑛), then she could convert the message
she wants to send into its numerical representations. Here we use ASCII (American Standard Code for Information
Interchange) to convert “Tue 7PM” into numerical representation as: 084 117 101 032 055 080 077.
If the message is too long, Alice could divide the message into smaller blocks, then encode each block separately.
Here we divide the message into blocks that has 3 digits in each of them. There are seven blocks in the message
including the space. With the public key (𝑒, 𝑛) = (1012333, 3099521), Alice could obtain the ciphertext through
𝑀 𝑒 (mod 𝑛) to get 0841012333 ≡ 469428(mod 3099521), 1171012333 ≡ 547387(mod 3099521), . . . . . . . The complete
ciphertext 𝐶 is shown as "0469428 0547387 2687822 1878793 0330764 1501041 1232817".
When Bob receives the ciphertext, he will decrypt the ciphertext using his own private key (𝑑, 𝑛) = (997, 3099521)
to get 0469428997 ≡ 84(mod 3099521), 0547387997 ≡ 117(mod 3099521), . . . , 1232817997 ≡ 77(mod 3099521). Fi-
nally he recovers the original message by looking up the ASCII table to get the plaintext message “Tue 7PM”.
5 CONCLUSION
As the importance of cybersecurity increased rapidly in various aspects of our society, understanding the
fundamental logic of widely used security mechanisms is not only necessary for cybersecurity students, but will
also benefit a much wider community. In this work, we provided a self-contained and accessible interpretation
of the RSA algorithm. We introduced the algorithm from a beginners’ perspective in an onion-peeling style.
Mathematical background and cybersecurity knowledge requirements are minimized. Started with the goals
of public-key cryptosystems, we explained step-by-step how each of the goals is satisfied and implemented by
the RSA algorithm. We hope this will offer readers a new while much easier channel to understand the RSA
algorithm.
REFERENCES
[1] Daniel J Bernstein and Tanja Lange. 2017. Post-quantum cryptography. Nature 549, 7671 (2017), 188–194.
[2] Whitfield Diffie and Martin E Hellman. 2022. New directions in cryptography. In Democratizing Cryptography: The Work of Whitfield
Diffie and Martin Hellman. 365–390.
[3] Evgeny Milanov. 2009. The RSA algorithm. RSA laboratories (2009), 1–11.
[4] Kathleen Moriarty, Burt Kaliski, Jakob Jonsson, and Andreas Rusch. 2016. PKCS# 1: RSA cryptography specifications version 2.2. Technical
Report.
[5] Ronald L Rivest, Adi Shamir, and Leonard Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems.
Commun. ACM 21, 2 (1978), 120–126.
[6] Kenneth H Rosen. 2019. Discrete mathematics and its applications. The McGraw Hill Companies,.
[7] Peter W Shor. 1994. Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on
foundations of computer science. Ieee, 124–134.