RSA ALGORITHM

(Rivest-Shamir-Adleman)
CCF3252

PRESENTED BY;
FARHIYA ALI CT206/111622/22
DAVID WAWERU CT206/202346/22
SILVIA MUNENE CT206/109336/22
JOSEPH MAARA CT206/109461/22
JOY KIRIMI CT206/109474/22

1
 RSA

Basic idea:
 Alice wants to send a message M to Bob that she doesn’t want
anyone else to read
 In a public key system, Bob will send Alice (or anyone!) his
public key and Alice will use it to encrypt the message M as a
cipher C
 When Bob receives the message, he decrypts it using his
private key
 Anyone in the world could intercept the public key and use it
to encrypt message…
 … but nobody could decrypt messages without Bob’s private
key 2
Implementation
 We want to create a one-way function F that, given a message M
and publicKey, encrypts M as C = F(M, publicKey)
 The function F is called “one-way” because

 Given M and publicKey, it is easy to compute C = F(m,

publicKey)
to encrypt M
 But if someone intercepts C and publicKey, it is extremely
difficult to
invert F and compute M = F-1(C, publicKey)
 If it’s so hard to invert F, how is it that Bob can do it?

 Using the privateKey, Bob has a function G that will allow him
to compute
3
M = G(C, privateKey) quickly
  So our scheme should give us function F and G such that
 F is easy to compute (using publicKey) but very difficult to invert,
unless…
 … you know privateKey, then G is easy to compute and inverts F

RSA uses a huge number n that is the product of two huge primes, p and q (~200
digits)
 Encryption:
 The public key is a pair of numbers (e, n)
 Each message M is assumed to be a number between 0 and n-1
 We encrypt a message by computing C = M e mod n
 … which we can do quickly with fast modular exponentiation
 Decryption:
 The private key is another pair of numbers (d, n) that relies on knowing
p and q 4

 d
Example: Let’s take the message M = 1098 and encrypt it using the key e = 13
and
n = 17947 = 131 · 137

We compute: C= M e mod 17947= 109813 mod 17947

5
If an unintended recipient sees the encoded message C and the public key (e, n), it
would be extremely difficult for them to find M

 So far we have identified the function F: F(M, (e,n)) = M e mod n

Now the idea is to find a private key (d, n) that decrypts the message via:
C d mod n = M

 This is our inversion function G: G(C, (d,n)) = C d mod n

 To do this, we need to find e and d that satisfy: C d mod n = (M e)d mod

n = M

 Which means we need e and d such that: M ed mod n = M

 And we need to figure out how to find such a pair (e, d), where it’s hard to
discover d if you know (e, n)...
6
  Let’s make some assumptions about our keys (public and private),
and see how they can lead to an unbreakable cryptosystem (at least
by today’s standards)

Assumptions:
1. n = pq , where p and q are very large primes (~200+ digits)
2. e is a number that is relatively prime to (p-1)(q-1)
3. d is the inverse of e (mod (p-1)(q-1)) (which must exist from #2,
above)

Let’s see why these assumptions are helpful.

 First, notice that since de ≡ 1 (mod (p-1)(q-1))
there exists an integer k such that
de = 1 + k (p-1)(q-1)
7
Now this means that for some integer k, we have that

C d ≡ (M e)d ≡ M de ≡ M 1+k(p-1)(q-1) ≡ M · ((M (p-1))(q-1)) k (mod n)

In order to get our decryption function G, we need to show that this implies that

C d ≡ M (mod n)

This is valid except

Assume that gcd(M, p) = 1 and gcd(M, q) = 1. when your message M
is a multiple of p or q,
Then Fermat’s Little Theorem tells us that which is very rare.

M p-1 ≡ 1 (mod p) and M q-1 ≡ 1 (mod q)

Which gives (modulo p):

C d ≡ M · ((M (p-1))(q-1)) k ≡ M · 1(q-1) k ≡ M (mod p)

8
Which gives (modulo p):
C d ≡ M · ((M (p-1))(q-1)) k ≡ M · 1(q-1) k ≡ M (mod p)

And similarly (modulo q):

C d ≡ M · ((M (q-1))(p-1)) k ≡ M · 1(p-1) k ≡ M (mod q)

So we have:
C d ≡ M (mod p) x≡ M
(mod p)
C d ≡ M (mod q) ⇒ (which looks awfully familiar) ⇒ x ≡ M
(mod q)
where x = C d is a solution to a system of congruences.
Since p and q are relatively prime (actually, both are prime), the Chinese
Remainder Theorem tells us that it is a unique solution modulo pq = n.
Thus:
9
C d ≡ M (mod n)
Getting back to practical application: What does Bob need to do?

1. Choose two very large primes p and q, and form n = pq

Note: Large primes p and q can be found quickly with probabilistic guess-and-
checking.

2. Find an e that is relatively prime to (p-1)(q-1)

3. Find d, the inverse of e modulo (p-1)(q-1)

4. Save privateKey (d, n) and send Alice publicKey (e, n)

Note: This only enables Alice to send Bob secure messages! If Bob wants to send
Alice secure messages, then Alice needs to do the same.

10
Example: Encrypt and decrypt the message M = 1819 using a Public Key
Encryption based on
p = 43, q = 59 and e = 13

We have n = 43 · 59 = 2537 and (p-1)(q-1) = 42 · 58 = 2436

Now we need to find the private key, d, which is the inverse of e = 13 modulo
2436

2436 = 13·187 + 51 = 3 - 1·2

13 = 5·2 + 3 = 3 - 1·(5 - 1·3) = 2·3 - 1·5
5 = 3·1 + 2 = 2·(13 - 2·5) - 1·5 = 2·13 - 5·5
3 = 2·1 + 1 = 2·13 - 5·(2436 - 187·13) = 937·13 - 5·2436

So, by Bezout’s Theorem and “climbing back up” the Euclidean algorithm, we
find that the inverse of e = 13 modulo 2436 is d = 937

11
Example: Encrypt and decrypt the message M = 1819 using a Public Key Encryption
based on
p = 43, q = 59 and e = 13

We have n = 43 · 59 = 2537 and (p-1)(q-1) = 42 · 58 = 2436

We now have our public and private keys:

publicKey = (e, n) = (13, 2537)

privateKey = (d, n) = (937, 2537)

Encryption: C = M e mod n = 181913 mod 2537 = (using fast mod. exp.) = 2081

Decryption: M = C d mod n = 2081937 mod 2537 = (using fast mod. exp.) = 1819

12
Getting back to practical application: Okay, so why can’t we break RSA?

 If we know (e, n), couldn’t we do a brute-force attack to determine d ?

 Well, technically yes. But d is the inverse of e modulo (p-1)(q-1)

 Without knowing how n is factored into n = pq, we have no idea that we

have to look for an inverse modulo (p-1)(q-1)

 So we need to factor n first…

 … and it turns out that factoring large products of primes is hard. There’s
only one answer and lots of numbers to sift through.

⇒ There is no known polynomial time solution

13
Cont……… Okay, so why can’t we break RSA?

 The best-known factoring method is estimated to have

complexity ~ 2number of bits in n

 In 2009, researchers successfully factored a 232 decimal digit

product of two primes
 It took two years running in parallel on hundreds of
machines.
 The equivalent of 2000 years running on a single-
core machine.

⇒ Factoring large numbers is difficult!

14
Getting back to practical application: Okay, so why can’t we break RSA?

That being said… A lock is only secure if you actually use it properly

Some company generated keys in a way such that the private

key was practically computable from the public key. Not great.

15
Tidbit: Block ciphers

When we translate our message M into a number, we need

to be careful that the numerical representation of M does not
exceed n

Question: Why?

Answer: If M exceeds n, then we would be unable to

distinguish between M and any other message that is
congruent to M mod n

Typically, we break the message up into blocks (hence,

block cipher), then encode the blocks as digits, and then
encrypt the blocks

16
Example: S’pose we wanted to send the message HELP

First, separate into blocks: HE LP

Second, encode: 0704 1115

← note the padding with 0s

 Blocks of 2 letters works for n ≥ 2525 (first “25” represents

first letter, …)
 Blocks of 3 letters would work with n ≥ 252525
 And so on…

Let’s encrypt HELP using the keys from the previous example (e = 13,
d = 937, n = 2537)

17
Example: Encrypt HELP using the keys from the previous
example (e = 13, d = 937, n = 2537)

Our public key was (e, n) = (13, 2537), so we have:

HE = 070413 mod 2537 ≡ (FYOG: fast mod. exp.) ≡ 981

(mod 2537)

LP = 111513 mod 2537 ≡ (FYOG: fast mod. exp.) ≡ 461

(mod 2537)

So the encrypted message would be sent out as 0981 0461

18
Example2: Decrypt C = 1188 1346 using the keys from the
previous example
(e = 13, d = 937, n = 2537)

1188937 mod 2537 ≡ (fast mod. exp.) ≡ 1814 (mod 2537) → SO

1346937 mod 2537 ≡ (fast mod. exp.) ≡ 1823 (mod 2537) → SX

So the decrypted message in characters would be SOSX

Convention: If your message doesn’t fit perfectly into your block

size, then you pad the end of the last block with X’s

⇒ So this message is likely SOS

19
Recap:
 RSA public key encryption:
 You give everyone your publicKey (e, n) so
they can encrypt messages to you
 You know what the 2 primes p and q such that
n = pq…
 … So you know what d is (the inverse of e
modulo (p-1)(q-1)) …
 … So you can invert the encrypted messages
without spending >thousands of years
throwing CPUs at it

20
hints!
070413 mod 2537 ≡ … ≡ 981 (mod 2537)

13 = 23 + 22 + 20 , so 70413 = 7048·7044·7041, so we need

to calculate
these powers
of 704 (modulo 2537)

7041 = 704 (modulo 2537)

7042 = 495616 ≡ 901 (mod 2537)

7044 = (7042)2 ≡ 9012 = 811801 ≡ 2498 (mod

2537)

and 7048 = (7044)2 ≡ 24982 = 6240004 ≡ 1521 (mod

2537)

⇒ 70413 = 7048·7044·7041 ≡ 1521·2498·704 (mod 2537) ≡ 21

981 (mod 2537)
THANK YOU!

22