SlideShare a Scribd company logo

Rsa

Download as DOCX, PDF
W
Waseem Wasi

RSA is a public-key cryptosystem that uses public and private key pairs to encrypt and decrypt messages. The public key is used to encrypt messages and can be shared widely, while the private key is used to decrypt messages and must be kept secret. RSA works because it is computationally infeasible to factor the product of two large prime numbers, even though it is easy to multiply them together.

Automotive
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
RSA (cryptosystem ) RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is publicand differs from the decryption key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publiclydescribed the algorithm in 1977. Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ, had developed an
equivalent system in 1973, but it was not declassified until 1997. A user of RSA creates and then publishesa publickey based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currentlypublished methods, if the public key is large enough, only someone with knowledge of the prime numbers can feasibly decode the message. ]Breaking RSA encryption is known as the RSA problem; whether it is as hard as the factoring problemremains an open question. RSA is a relatively slow algorithm, and because of this it is less commonly used to directly encrypt user data. More often, RSA passes encrypted shared keys for symmetric key cryptography which in turn can perform bulk encryption-decryptionoperations at much higher speed.
History The idea of an asymmetric public-privatekey cryptosystem is attributed to Whitfield Diffie and Martin Hellman, who published the conceptin 1976. They also introduceddigital signatures and attempted to apply number theory; their formulation used a shared secret key created from exponentiation of some number, modulo a prime numbers. However, they left open the problemof realizing a one-way function, possibly because the difficulty of factoring was not well studied at the time. Ron Rivest, Adi Shamir, and Leonard Adleman (R.S.A.) at MIT made several attempts over the course of a year to create a one-way function that is hard to invert. Rivest and Shamir, as computer scientists, proposed many potentialfunctions while Adleman, as a mathematician, was responsiblefor finding their weaknesses. They tried many approachesincluding"knapsack-based" and "permutation polynomials". For a time they thought it was impossible for what they wanted to achieve due to contradictoryrequirements.In April 1977, they
spent Passover at the house of a student and drank a good deal of Manischewitz wine before returningto their home at around midnight. Rivest, unableto sleep, lay on the couch with a math textbookand started thinking about their one-way function. He spent the rest of the night formalizing his idea and had much of the paper ready by daybreak. The algorithm is now known as RSA – the initials of their surnames in same order as their paper. Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ, described an equivalent system in an internal document in 1973. However, given the relatively expensive computers needed to implement it at the time, it was mostly considered a curiosity and, as far as is publiclyknown, was never deployed. His discovery, however, was not revealed until 1997 due to its secret classification. Kid-RSA (KRSA) is a simplified public-key cipher published in 1997, designed for educational purposes. Some peoplefeel that learning Kid-RSA gives insight into RSA and otherpublic-key ciphers, analogous to simplified DES.
Patent MIT was granted U.S. Patent 4,405,829 for a "Cryptographic communications system and method"that used the algorithm, on September 20, 1983. Though the patent was going to expire on September21, 2000 (the term of patent was 17 years at the time), the algorithm was released to the public domain by RSA Security on September 6, 2000, two weeks earlier. Since a paper describing the algorithm had been published in August 1977,[6] prior to the December 1977 filing date of the patent application,regulations in much of the rest of the world precludedpatentselsewhere and only the US patent was granted. Had Cocks' work been publiclyknown, a patent in the US would not have been possible either. From the DWPI's abstract of the patent, The system includes a communications channel coupled to at least one terminal having an encodingdevice and to at least one terminal having a decoding device. A message-to-be-transferred is enciphered to ciphertext at the encoding terminal by encodingthe message as a number M in a predetermined set. That number is then raised to a first predetermined power (associated with the intended receiver) and finally computed.
The remainder or residue, C, is... computed when the exponentiated numberis divided by the product of two predetermined prime numbers (associated with the intended receiver). Operation: The RSA algorithm involves four steps: key generation, key distribution, encryption and decryption. A basic principle behind RSA is the observation that it is practical to find three very large positive integers e, d and n such that with modular exponentiation for all integer m: and that even knowing e and n or even m it can be extremely difficult to find d. Additionally, for some operationsit is convenient that the order of the two exponentiationscan be changed and that this relation also implies: RSA involves a publickey and a privatekey. The publickey can be known by everyone and is used for encrypting messages. The intention is that messages encrypted with the public key can only be decrypted in a reasonableamount of time using the private key.
The public key is represented by the integers n and e; and, the private key, by the integer d (although n is also used during the decryption process; so, it might be considered a part of the private key, too). m represents the message (previously prepared with certain technique explained below). Key generation The keys for the RSA algorithm are generated the following way: 1.Choose two distinct prime numbers p and q.  For security purposes, the integers p and q should be chosen at random, and should be similar in magnitude but 'differ in length by a few digits to make factoring harder. Prime integers can be efficiently found using a primality test 2.Compute n = pq.  n is used as the modulus for both the public and private keys. Its length, usuallyexpressed in bits, is the key length.
3.Compute λ(n) = lcm(λ(p), λ(q)) = lcm(p − 1, q − 1), where λ is Carmichael's totient function. This value is kept private. 4.Choose an integer e such that 1 < e < λ(n) and gcd(e, λ(n)) = 1; i.e., e and λ(n) are coprimeinverser 5.Determine d as d ≡ e−1 (mod λ(n)); i.e., d is the of e (modulo λ(n)).milt  This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod λ(n)).  e having a short bit-length and small Hamming weight results in more efficient encryption – most commonly 216 + 1 = 65,537.However, much smaller values of e (such as 3) have been shown to be less secure in some settings.  e is released as the public key exponent.  d is kept as the private key exponent. The publickey consists of the modulus n and the public(or encryption)exponent e. The private key consists of the modulusn and the private (or decryption)exponentd, which must be kept secret. p, q, and λ(n) must also be kept secret because they can be used to calculate d. Alternatively, as in the original RSA paper, the Eulertotient function φ(n) = (p − 1)(q −
1) can be used instead of λ(n) for calculatingthe private exponent d. This works because φ(n) is always divisible by λ(n) (a consequenceof applying Lagrange's theorem to the multiplicative group of integers modulo pq), and thus any d satisfying d⋅e ≡ 1 (mod φ(n)) also satisfies d⋅e ≡ 1 (mod λ(n)). However, computing d modulo φ(n) will sometimes yield a result that is larger than necessary (i.e. d > λ(n)). Most RSA implementationswill accept exponents generated using either method (if they use the private exponent d at all, rather than using the optimized decryption method based on the Chinese remainder theorem described below), but some standardslike FIPS 186-4 may require that d < λ(n). Any "oversized" private exponents not meeting that criterion may always be reduced modulo λ(n) to obtain a smaller equivalent exponent. Since any common factors of (p − 1) and (q − 1) are present in the factorisation of n − 1 = pq − 1 = (p − 1)(q − 1) + (p − 1) + (q − 1),it is recommended that (p − 1) and (q − 1) have only
very small common factors, if any besides the necessary 2. Note: The authorsof the original RSA paper carry out the key generation by choosing d and then computing e as the modular multiplicative inverse of d (modulo φ(n)). Since it is beneficial to use a small value for e (i.e. 65,537)in order to speed up the encryption function, current implementations of RSA, such as PKCS#1 choose e and compute d instead. Key distribution: Supposethat Bob wants to send a secret message to Alice. If they decide to use RSA, Bob must know Alice's public key to encrypt the message and, Alice must use her private key to decrypt the message. To enableBob to send his encrypted messages, Alice transmits her publickey (n, e) to Bob via a reliable, but not necessarily secret route. Alice's private key (d), is never distributed.
Encryption: After Bob obtains Alice's public key, he can send a message M to Alice. To do it, he first turns M (strictly speaking, the un- padded plaintext)into an integer m (strictly speaking, the padded plaintext), such that 0 ≤ m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext c, using Alice's public key e, correspondingto This can be donereasonablyquickly, even for 500-bit numbers, using modular exponentiation. Bob then transmits c to Alice. Decryption: Alice can recover m from c by using her private key exponent d by computing Given m, she can recover the original message M by reversing the padding scheme.
Example: Here is an example of RSA encryption and decryption. The parameters used here are artificially small, but one can also use OpenSSL to generate and examine a real keypair. 1.Choose two distinct prime numbers, such as and 2.Compute n = pq giving 3.Computethe totient of the product as λ(n) = lcm(p − 1, q − 1) giving 4.Choose any number 1 < e < 780 that is coprime to 780. Choosing a prime number for e leaves us only to check that eis not a divisor of 780. Let 5.Compute d, the modular multiplicative inverse of e (mod λ(n)) yielding,
Worked example for the modularmultiplicative inverse: The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is The privatekey is (n = 3233, d = 413). For an encrypted ciphertext c, the decryption function is For instance, in order to encrypt m = 65, we calculate To decrypt c = 2790, we calculate Both of these calculationscan be computed efficiently using the square-and-multiply algorithm for modular exponentiation.
 In real-life situations the primes selected would be much larger; in our example it would be trivial to factor n, 3233 (obtained from the freely available publickey) back to the primes p and q. e, also from the public key, is then inverted to get d, thus acquiring the private key. Practical implementations use the Chinese remainder theorem to speed up the calculationusing modulus of factors (mod pq using mod p and mod q). The values dp, dq and qinv, which are part of the private key are computed as follows: Here is how dp, dq and qinv are used for efficient decryption. (Encryptionis efficient by choice of a suitable d and e pair)

More Related Content

DOCX
Unit 3(1)
Vinod Kumar Gorrepati
 
DOC
Unit 3(1)
Vinod Kumar Gorrepati
 
PPTX
Cryptography
pravin pandey
 
PPT
Digital Signature Recognition using RSA Algorithm
Vinayak Raja
 
PDF
Data Security With Colors Using Rsa
IJERA Editor
 
DOCX
Unit 4
Vinod Kumar Gorrepati
 
PDF
rsa-1
aniruddh Tyagi
 
PPTX
Cryptography and network security
patisa
 
Unit 3(1)
Vinod Kumar Gorrepati
 
Unit 3(1)
Vinod Kumar Gorrepati
 
Cryptography
pravin pandey
 
Digital Signature Recognition using RSA Algorithm
Vinayak Raja
 
Data Security With Colors Using Rsa
IJERA Editor
 
Unit 4
Vinod Kumar Gorrepati
 
rsa-1
aniruddh Tyagi
 
Cryptography and network security
patisa
 

What's hot (20)

PPTX
Ch9
Mahender Kumar
 
PDF
Survey on asymmetric key cryptography algorithms
Editor Jacotech
 
PDF
A Novel Key Distribution Scheme f or a Visual Crypto System
IRJET Journal
 
PDF
Analysis of rsa algorithm using gpu
IJNSA Journal
 
PDF
A comparative analysis of the possible attacks on rsa cryptosystem
IAEME Publication
 
PDF
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
journalBEEI
 
PDF
Asymmetric Cryptography
UTD Computer Security Group
 
PPT
Cryptography - An Overview
ppd1961
 
PPT
(Crypto) DES And RSA Algorithms Overview
EL Bachir Nouni
 
PDF
Presentation on Cryptography_Based on IEEE_Paper
Nithin Cv
 
DOCX
Unit 2
Vinod Kumar Gorrepati
 
PPT
Cryptography - A Brief History
prasenjeetd
 
PPT
Network Security & Cryptography
Dr. Himanshu Gupta
 
PPTX
Cryptography - 101
n|u - The Open Security Community
 
PDF
An Unobservable Secure On-Demand Routing With D-Worm Detection In MANET
IJRES Journal
 
PDF
IRJET- Secure Data on Multi-Cloud using Homomorphic Encryption
IRJET Journal
 
PDF
Presentation about RSA
Srilal Buddika
 
PPTX
RSA & MD5 algorithm
Siva Rushi
 
PDF
D017433134
IOSR Journals
 
PPTX
Introduction to Cryptography
Bharat Kumar Katur
 
Ch9
Mahender Kumar
 
Survey on asymmetric key cryptography algorithms
Editor Jacotech
 
A Novel Key Distribution Scheme f or a Visual Crypto System
IRJET Journal
 
Analysis of rsa algorithm using gpu
IJNSA Journal
 
A comparative analysis of the possible attacks on rsa cryptosystem
IAEME Publication
 
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
journalBEEI
 
Asymmetric Cryptography
UTD Computer Security Group
 
Cryptography - An Overview
ppd1961
 
(Crypto) DES And RSA Algorithms Overview
EL Bachir Nouni
 
Presentation on Cryptography_Based on IEEE_Paper
Nithin Cv
 
Unit 2
Vinod Kumar Gorrepati
 
Cryptography - A Brief History
prasenjeetd
 
Network Security & Cryptography
Dr. Himanshu Gupta
 
Cryptography - 101
n|u - The Open Security Community
 
An Unobservable Secure On-Demand Routing With D-Worm Detection In MANET
IJRES Journal
 
IRJET- Secure Data on Multi-Cloud using Homomorphic Encryption
IRJET Journal
 
Presentation about RSA
Srilal Buddika
 
RSA & MD5 algorithm
Siva Rushi
 
D017433134
IOSR Journals
 
Introduction to Cryptography
Bharat Kumar Katur
 
Ad

Similar to Rsa (20)

PPT
Rsa rivest shamir adleman
Hossain Md Shakhawat
 
PPTX
Presentation
rokham khawaja
 
PDF
Twenty years of attacks on the rsa cryptosystem
linzi320
 
PDF
RSA Algorithm report
Mohamed Ramadan
 
DOCX
Senior Research Final Draft3
Coleman Gorham
 
PDF
MAT255_Final_Paper_RSA_Encryption
Xudong Brandon Liang
 
PDF
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
decentralizeeverything
 
PDF
An Introduction to RSA Public-Key Cryptography
David Boyhan, JD, CIPP
 
PPT
Ch09
Joe Christensen
 
DOCX
Number Theory In Cryptography
Aadya Vatsa
 
PDF
Generate an Encryption Key by using Biometric Cryptosystems to secure transfe...
IOSR Journals
 
PPT
Public Key Cryptography and RSA algorithm
Indra97065
 
PDF
rsa-1
Aniruddh Tyagi
 
PDF
rsa-1
aniruddh Tyagi
 
DOCX
Number Theory In Cryptography
Abhishek Nand
 
PPT
Network and Information Security unit2.ppt.ppt
Vivekananda Gn
 
PDF
CRYPTOGRAPHY (2).pdf
BhuvanaR13
 
PPTX
RSA Algorithem and information about rsa
Mohsin Ali
 
PPTX
Data security using rsa
LAKSHMI TEJA SAYABARAPU
 
PDF
Introduction to Cryptography
Popescu Petre
 
Rsa rivest shamir adleman
Hossain Md Shakhawat
 
Presentation
rokham khawaja
 
Twenty years of attacks on the rsa cryptosystem
linzi320
 
RSA Algorithm report
Mohamed Ramadan
 
Senior Research Final Draft3
Coleman Gorham
 
MAT255_Final_Paper_RSA_Encryption
Xudong Brandon Liang
 
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
decentralizeeverything
 
An Introduction to RSA Public-Key Cryptography
David Boyhan, JD, CIPP
 
Ch09
Joe Christensen
 
Number Theory In Cryptography
Aadya Vatsa
 
Generate an Encryption Key by using Biometric Cryptosystems to secure transfe...
IOSR Journals
 
Public Key Cryptography and RSA algorithm
Indra97065
 
rsa-1
Aniruddh Tyagi
 
rsa-1
aniruddh Tyagi
 
Number Theory In Cryptography
Abhishek Nand
 
Network and Information Security unit2.ppt.ppt
Vivekananda Gn
 
CRYPTOGRAPHY (2).pdf
BhuvanaR13
 
RSA Algorithem and information about rsa
Mohsin Ali
 
Data security using rsa
LAKSHMI TEJA SAYABARAPU
 
Introduction to Cryptography
Popescu Petre
 
Ad

Recently uploaded (20)

PDF
Instant Download ec300dnl manual Volvo Excavator Manual.pdf
Service Repair Manual
 
PPT
MTR VISIT By Indian Railway - Very Important.ppt
abheeplay
 
PDF
PW60-3 KOMATSU WHEELED EXCAVATOR PARTS MANUAL 2001-UP
Heavy Equipment Manual
 
PPTX
STRATEGIC HRM.pptxkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
khushigulati2325
 
PDF
PC450LC-8R KOMATSU HYDRAULIC EXCAVATOR PARTS MANUAL SN 75001-UP
Heavy Equipment Manual
 
PPTX
AIMS OBJECTIVES ajjsjsjsjejejejejejejejejj
IsaacAntwi15
 
PDF
SAA4D95LE-7A KOMATSU ENGINE PARTS MANUAL SN 800001-UP (For PC138US-11PC138USL...
Heavy Equipment Manual
 
PPTX
Detroit Business Travel Made Easy with Detroit DTW Cars
Detroit DTW Car
 
PPT
Operational Risk and its importance an d
icuphamid
 
PDF
PC170LC-11 Komatsu Hydraulic Excvator Parts Manual SN 35001-UP (For KAL)
Heavy Equipment Manual
 
PPTX
Presentation Homologation Kendaraan Roda 3
delapanpaduprima
 
PPTX
oA final ppt parmar vishal bca sem 1 .pptx
parmarvishal6790
 
PDF
SK07J-2 Komatsu Skid Steer Loader Parts Manual SK07JF20001-Up
Heavy Equipment Manual
 
PDF
Reliable Solutions for Maserati Battery, Wiring, and Electronics Problems You...
Kruse Lucas Imports
 
PDF
PC160LC-7K-KA KOMATSU CRAWLER EXCAVATOR PARTS MANUAL SN K40001-UP
Heavy Equipment Manual
 
PDF
deloitte-nl-integrated-annual-report-2018-2019.pdf
dsoham206
 
PPTX
LIGHT-HUMAN EYE AND THE COLOURFUL WORLD.ppt.pptx
atharvawafgaonkar
 
PPTX
What is the most common reason for check engine light on Mercedes
Protech Automotive Services
 
PDF
Hitachi 125US 135US EXCAVATOR Service Repair Manual.pdf
Service Repair Manual
 
PPTX
Steps_Tutorial_1_Workforce Management.pptx
roshansharma586
 
Instant Download ec300dnl manual Volvo Excavator Manual.pdf
Service Repair Manual
 
MTR VISIT By Indian Railway - Very Important.ppt
abheeplay
 
PW60-3 KOMATSU WHEELED EXCAVATOR PARTS MANUAL 2001-UP
Heavy Equipment Manual
 
STRATEGIC HRM.pptxkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
khushigulati2325
 
PC450LC-8R KOMATSU HYDRAULIC EXCAVATOR PARTS MANUAL SN 75001-UP
Heavy Equipment Manual
 
AIMS OBJECTIVES ajjsjsjsjejejejejejejejejj
IsaacAntwi15
 
SAA4D95LE-7A KOMATSU ENGINE PARTS MANUAL SN 800001-UP (For PC138US-11PC138USL...
Heavy Equipment Manual
 
Detroit Business Travel Made Easy with Detroit DTW Cars
Detroit DTW Car
 
Operational Risk and its importance an d
icuphamid
 
PC170LC-11 Komatsu Hydraulic Excvator Parts Manual SN 35001-UP (For KAL)
Heavy Equipment Manual
 
Presentation Homologation Kendaraan Roda 3
delapanpaduprima
 
oA final ppt parmar vishal bca sem 1 .pptx
parmarvishal6790
 
SK07J-2 Komatsu Skid Steer Loader Parts Manual SK07JF20001-Up
Heavy Equipment Manual
 
Reliable Solutions for Maserati Battery, Wiring, and Electronics Problems You...
Kruse Lucas Imports
 
PC160LC-7K-KA KOMATSU CRAWLER EXCAVATOR PARTS MANUAL SN K40001-UP
Heavy Equipment Manual
 
deloitte-nl-integrated-annual-report-2018-2019.pdf
dsoham206
 
LIGHT-HUMAN EYE AND THE COLOURFUL WORLD.ppt.pptx
atharvawafgaonkar
 
What is the most common reason for check engine light on Mercedes
Protech Automotive Services
 
Hitachi 125US 135US EXCAVATOR Service Repair Manual.pdf
Service Repair Manual
 
Steps_Tutorial_1_Workforce Management.pptx
roshansharma586
 

Rsa

  • 1. RSA (cryptosystem ) RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is publicand differs from the decryption key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publiclydescribed the algorithm in 1977. Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ, had developed an
  • 2. equivalent system in 1973, but it was not declassified until 1997. A user of RSA creates and then publishesa publickey based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currentlypublished methods, if the public key is large enough, only someone with knowledge of the prime numbers can feasibly decode the message. ]Breaking RSA encryption is known as the RSA problem; whether it is as hard as the factoring problemremains an open question. RSA is a relatively slow algorithm, and because of this it is less commonly used to directly encrypt user data. More often, RSA passes encrypted shared keys for symmetric key cryptography which in turn can perform bulk encryption-decryptionoperations at much higher speed.
  • 3. History The idea of an asymmetric public-privatekey cryptosystem is attributed to Whitfield Diffie and Martin Hellman, who published the conceptin 1976. They also introduceddigital signatures and attempted to apply number theory; their formulation used a shared secret key created from exponentiation of some number, modulo a prime numbers. However, they left open the problemof realizing a one-way function, possibly because the difficulty of factoring was not well studied at the time. Ron Rivest, Adi Shamir, and Leonard Adleman (R.S.A.) at MIT made several attempts over the course of a year to create a one-way function that is hard to invert. Rivest and Shamir, as computer scientists, proposed many potentialfunctions while Adleman, as a mathematician, was responsiblefor finding their weaknesses. They tried many approachesincluding"knapsack-based" and "permutation polynomials". For a time they thought it was impossible for what they wanted to achieve due to contradictoryrequirements.In April 1977, they
  • 4. spent Passover at the house of a student and drank a good deal of Manischewitz wine before returningto their home at around midnight. Rivest, unableto sleep, lay on the couch with a math textbookand started thinking about their one-way function. He spent the rest of the night formalizing his idea and had much of the paper ready by daybreak. The algorithm is now known as RSA – the initials of their surnames in same order as their paper. Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ, described an equivalent system in an internal document in 1973. However, given the relatively expensive computers needed to implement it at the time, it was mostly considered a curiosity and, as far as is publiclyknown, was never deployed. His discovery, however, was not revealed until 1997 due to its secret classification. Kid-RSA (KRSA) is a simplified public-key cipher published in 1997, designed for educational purposes. Some peoplefeel that learning Kid-RSA gives insight into RSA and otherpublic-key ciphers, analogous to simplified DES.
  • 5. Patent MIT was granted U.S. Patent 4,405,829 for a "Cryptographic communications system and method"that used the algorithm, on September 20, 1983. Though the patent was going to expire on September21, 2000 (the term of patent was 17 years at the time), the algorithm was released to the public domain by RSA Security on September 6, 2000, two weeks earlier. Since a paper describing the algorithm had been published in August 1977,[6] prior to the December 1977 filing date of the patent application,regulations in much of the rest of the world precludedpatentselsewhere and only the US patent was granted. Had Cocks' work been publiclyknown, a patent in the US would not have been possible either. From the DWPI's abstract of the patent, The system includes a communications channel coupled to at least one terminal having an encodingdevice and to at least one terminal having a decoding device. A message-to-be-transferred is enciphered to ciphertext at the encoding terminal by encodingthe message as a number M in a predetermined set. That number is then raised to a first predetermined power (associated with the intended receiver) and finally computed.
  • 6. The remainder or residue, C, is... computed when the exponentiated numberis divided by the product of two predetermined prime numbers (associated with the intended receiver). Operation: The RSA algorithm involves four steps: key generation, key distribution, encryption and decryption. A basic principle behind RSA is the observation that it is practical to find three very large positive integers e, d and n such that with modular exponentiation for all integer m: and that even knowing e and n or even m it can be extremely difficult to find d. Additionally, for some operationsit is convenient that the order of the two exponentiationscan be changed and that this relation also implies: RSA involves a publickey and a privatekey. The publickey can be known by everyone and is used for encrypting messages. The intention is that messages encrypted with the public key can only be decrypted in a reasonableamount of time using the private key.
  • 7. The public key is represented by the integers n and e; and, the private key, by the integer d (although n is also used during the decryption process; so, it might be considered a part of the private key, too). m represents the message (previously prepared with certain technique explained below). Key generation The keys for the RSA algorithm are generated the following way: 1.Choose two distinct prime numbers p and q.  For security purposes, the integers p and q should be chosen at random, and should be similar in magnitude but 'differ in length by a few digits to make factoring harder. Prime integers can be efficiently found using a primality test 2.Compute n = pq.  n is used as the modulus for both the public and private keys. Its length, usuallyexpressed in bits, is the key length.
  • 8. 3.Compute λ(n) = lcm(λ(p), λ(q)) = lcm(p − 1, q − 1), where λ is Carmichael's totient function. This value is kept private. 4.Choose an integer e such that 1 < e < λ(n) and gcd(e, λ(n)) = 1; i.e., e and λ(n) are coprimeinverser 5.Determine d as d ≡ e−1 (mod λ(n)); i.e., d is the of e (modulo λ(n)).milt  This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod λ(n)).  e having a short bit-length and small Hamming weight results in more efficient encryption – most commonly 216 + 1 = 65,537.However, much smaller values of e (such as 3) have been shown to be less secure in some settings.  e is released as the public key exponent.  d is kept as the private key exponent. The publickey consists of the modulus n and the public(or encryption)exponent e. The private key consists of the modulusn and the private (or decryption)exponentd, which must be kept secret. p, q, and λ(n) must also be kept secret because they can be used to calculate d. Alternatively, as in the original RSA paper, the Eulertotient function φ(n) = (p − 1)(q −
  • 9. 1) can be used instead of λ(n) for calculatingthe private exponent d. This works because φ(n) is always divisible by λ(n) (a consequenceof applying Lagrange's theorem to the multiplicative group of integers modulo pq), and thus any d satisfying d⋅e ≡ 1 (mod φ(n)) also satisfies d⋅e ≡ 1 (mod λ(n)). However, computing d modulo φ(n) will sometimes yield a result that is larger than necessary (i.e. d > λ(n)). Most RSA implementationswill accept exponents generated using either method (if they use the private exponent d at all, rather than using the optimized decryption method based on the Chinese remainder theorem described below), but some standardslike FIPS 186-4 may require that d < λ(n). Any "oversized" private exponents not meeting that criterion may always be reduced modulo λ(n) to obtain a smaller equivalent exponent. Since any common factors of (p − 1) and (q − 1) are present in the factorisation of n − 1 = pq − 1 = (p − 1)(q − 1) + (p − 1) + (q − 1),it is recommended that (p − 1) and (q − 1) have only
  • 10. very small common factors, if any besides the necessary 2. Note: The authorsof the original RSA paper carry out the key generation by choosing d and then computing e as the modular multiplicative inverse of d (modulo φ(n)). Since it is beneficial to use a small value for e (i.e. 65,537)in order to speed up the encryption function, current implementations of RSA, such as PKCS#1 choose e and compute d instead. Key distribution: Supposethat Bob wants to send a secret message to Alice. If they decide to use RSA, Bob must know Alice's public key to encrypt the message and, Alice must use her private key to decrypt the message. To enableBob to send his encrypted messages, Alice transmits her publickey (n, e) to Bob via a reliable, but not necessarily secret route. Alice's private key (d), is never distributed.
  • 11. Encryption: After Bob obtains Alice's public key, he can send a message M to Alice. To do it, he first turns M (strictly speaking, the un- padded plaintext)into an integer m (strictly speaking, the padded plaintext), such that 0 ≤ m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext c, using Alice's public key e, correspondingto This can be donereasonablyquickly, even for 500-bit numbers, using modular exponentiation. Bob then transmits c to Alice. Decryption: Alice can recover m from c by using her private key exponent d by computing Given m, she can recover the original message M by reversing the padding scheme.
  • 12. Example: Here is an example of RSA encryption and decryption. The parameters used here are artificially small, but one can also use OpenSSL to generate and examine a real keypair. 1.Choose two distinct prime numbers, such as and 2.Compute n = pq giving 3.Computethe totient of the product as λ(n) = lcm(p − 1, q − 1) giving 4.Choose any number 1 < e < 780 that is coprime to 780. Choosing a prime number for e leaves us only to check that eis not a divisor of 780. Let 5.Compute d, the modular multiplicative inverse of e (mod λ(n)) yielding,
  • 13. Worked example for the modularmultiplicative inverse: The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is The privatekey is (n = 3233, d = 413). For an encrypted ciphertext c, the decryption function is For instance, in order to encrypt m = 65, we calculate To decrypt c = 2790, we calculate Both of these calculationscan be computed efficiently using the square-and-multiply algorithm for modular exponentiation.
  • 14.  In real-life situations the primes selected would be much larger; in our example it would be trivial to factor n, 3233 (obtained from the freely available publickey) back to the primes p and q. e, also from the public key, is then inverted to get d, thus acquiring the private key. Practical implementations use the Chinese remainder theorem to speed up the calculationusing modulus of factors (mod pq using mod p and mod q). The values dp, dq and qinv, which are part of the private key are computed as follows: Here is how dp, dq and qinv are used for efficient decryption. (Encryptionis efficient by choice of a suitable d and e pair)