The Mathematics of RSA Encryption

THE MATHEMATICS OF
RSA ENCRYPTION
By Nathan Dunn
University of Hawaii at Manoa – Graduate Student Mathematics Se
Mar. 2017

Outline
 What is RSA Encryption?
 How do you encrypt and decrypt a message?
 Why can you encrypt and decrypt a message?
 Why is it secure?
 Bonus Content!

What is RSA Encryption?
 Public Key Cryptography System

Encoding a message as a
number
 Say you want to encode the message ‘Hi!’
 Each character has an ASCII code
 H  7210  010010002
 i  10510  011010012
 !  3310  001000012
 Concatenate the bit strings so you have one
big number
 0100100001101001001000012
 474550510

How to encrypt a message
 Public key: (e, n)
 Private key: (d, n)
 Message: M
 Encrypted Message: EM = Me (mod n)
 Decrypted Message: DM = EMd (mod n)

Example
 Public key: (e, n) = (3593, 150349)
 Private key: (d, n) = (957, 150349)
 Message: M = 90001
 Encrypted Message: EM = Me (mod n)
 EM = 900013593 (mod 150349)
 131425
 Decrypted Message: DM = EMd (mod n)
 DM = 131425957 (mod 150349)
 90001

Why did that work?
 Euler’s Theorem
 Cleverly chosen keys

φ, the totient function
 Define φ(n) as the totient of n
 Number of integers between 0 and n, coprime
with n
 φ(15) = Number of integers coprime with 15
 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
 1, 2, 4, 7, 8, 11, 13, 14
 φ(15) = 8

Calculating φ(n)
 φ(15) = 8
 Notice: φ(5 * 3) = (5-1) * (3-1)
 n = p * q
 n is the product of 2 different primes, p and q
 There are p multiples of q
 There are q multiples of p
 0 is counted twice
 φ(n) = p*q – p – q + 1 = (p-1) * (q-1)

Euler’s Theorem
 xφ(n) = 1 (mod n), where x is coprime with n
 Proof
 Consider multiplicative group of integers modulo
n, (Z/nZ)*
 Group consists of integers between 0 and n that
are coprime with n
 Order of this group is φ(n)
 Apply Lagrange’s Theorem

Key Generation
 How did we get our keys from the example?
 Public key: (e, n) = (3593, 150349)
 Private key: (d, n) = (957, 150349)

Key Generation
 p, q = 251, 599 random primes
 n = p * q
 150349
 e = 3593 arbitrarily
 φ(n) = (p-1) * (q-1)
 149500
 d = e-1 (mod φ(n))
 d = 957

What makes those keys work?
 EM = Me (mod n)
 DM = EMd (mod n)
 DM = Med (mod n)
 ed = 1 (mod φ(n))
 ed = 1 + k*φ(n)
 DM = M(1 + k*φ(n)) (mod n)
= M1 (Mφ(n))k (mod n)
= M

Why is it secure?
 All we’ve shown is we get the same message
back after decrypting
 What makes the encrypted message
unreadable?
 Computational difficulty of certain math problems

Big-O notation
 A function f is said to be O(g) if E m, a, s.t. A x
> m, f(x) ≤ a*g(x)
 35.23x4log2(x) + x3log(x) + 10100 is O(x4log(x))
 Used to compare efficiency of algorithms
 T(n) – time it takes for an algorithm to solve a
problem of size n
 “size of problem” refers to the number of bits,
not the magnitude, of the input
 n = bits to represent N ≈ log2(N)
 Polynomial time algorithms are considered
“efficient”

Easy problem - Exponentiation
 aN
 Naïve solution – multiply a times itself N times
 Requires N multiplications
 O(N) = O(2n) = bad

Easy problem - Exponentiation
 aN
 Better solution – exponentiation by squaring
 aN = (aN/2)2 N even
a(a(N-1)/2)2 N odd
 Recurrence relation for number of
multiplications
 TN = TN/2 + 1 N even
T(N-1)/2 + 2 N odd
 Requires no more than 2log2N multiplications
 TN is O(logN) = O(n) = good

Why is it secure?
 Can we get the private key from the public
key?
 d = e-1 (mod φ(n))
 d = 3593-1 (mod φ(150349))
 Need to calculate φ(150349)
 Need the prime factorization

The Factoring Problem
 Given a number N, find the prime factors
 Naïve solution – Trial division
 O(N) = O(2n)
 Better naïve solution – Trial division up to
sqrt(N)
 O(sqrt(N)) = O(2n/2)
 Best known solution – General number field
sieve
 O(ecbrt(n))

The Factoring Problem
 RSA-200
 279978339112213278708294676387226016210
704467869554285375600099293261284001076
093456710529553608560618223519109513657
886371059544820065767750985805576135790
987349501441788631789462951872378692218
23983
 663 bits, 2 years real time, 75 years CPU time
 Modern RSA moduli are 1024 – 4096 bits

Why is it secure?
 Can we solve for M given the encrypted
message?
 EM = Me (mod n)
 131435 = M3593 (mod 150349)
 No, because taking the modular eth root (The
RSA Problem) appears to be difficult
 Best known solution is to derive the private
exponent by factoring the modulus

Why is it secure?
 Can we solve for d given a decrypted
(authenticated) message?
 EM = Md (mod n)
 131435 = 90001d (mod 150349)
 No, because the discrete logarithm appears to
be difficult
 Similar complexities to the factoring problem

More References
 Video demonstrating Public Key Cryptography
 https://www.youtube.com/watch?v=GSIDS_lvRv4
 Wikipedia Page
 https://en.wikipedia.org/wiki/RSA_(cryptosystem)

Why is it secure?
 Can we take a guess at M, given the
encrypted message?
 EM = Me (mod n)
 131435 = M3593 (mod 150349)
 900013593 (mod 150329) = 131435 !!
 Yes, that is a “chosen plaintext attack”, and
that is why you must pad your messages

Modular Inverse
 d = e-1 (mod n)
 eφ(n) = 1 (mod n)
 e*eφ(n)-1 = 1 (mod n)
 d = eφ(n)-1 (mod n)

Generating Prime Numbers
 How did we generate our primes, p and q,
initially?
 1. Generate a random number n bits long
 2. Test if that number is prime
 3. If yes, done. If not, go to 1.
 Generating an n-bit number is O(n)
 The Fermat Primality Test is O(n2 log(n)
log(log(n)))
 N/π(N) ~ log(N) test O(n) values on average
 Total is O(n3 log(n) log(log(n)))

Fermat Primality Test
 Probabilistic test
 Based on Fermat’s Little Theorem
 p prime => ap-1 = 1 (mod p), for 1<a<p
 Do k times
 1. Pick a randomly in the range [2, n-2]
 2. If aN-1 ≠ 1 (mod p), N is composite, end
 If Fermat’s expression holds all k times, N is likely
prime
 Modular exponentiation takes O(n)
multiplications
 However, the multiplications are O(n log(n)

 Can give false positives – may say N is prime
when it is not
 No false negatives – if N is composite
 For composite N,
 a is a Fermat witness if aN-1 ≠ 1 (mod N)
 a is a Fermat liar if aN-1 = 1 (mod N)
 For most composite N, at least half of (Z/NZ)*
are witnesses
 Can make probability of false positives
tolerably low by choosing high k

Charmichael Numbers
 Some composite N have aN-1 = 1 (mod N) for
all a coprime with N
 Called Charmichael Numbers
 Much more likely to get a false positive with
 Charmichael Numbers are very rare
 Variants of Fermat Primality Test are used in
practice

Argument for Euler’s Theorem
X 1 2 4 7 8 11 13 14
1 1 2 4 7 8 11 13 14
2 2 4 8 14 1 7 11 13
4 4 8 1 13 2 14 7 11
7 7 14 13 4 11 2 1 8
8 8 1 2 11 4 13 14 7
11 11 7 14 2 13 1 8 4
13 13 11 7 1 14 8 4 2
14 14 13 11 8 7 4 2 1

Argument for Euler’s Theorem
 Consider the product of each number in the
first row
 1*2*4*7*8*11*13*14 (mod 15)
 Multiply by 78
 78 (1*2*4*7*8*11*13*14) (mod 15)
 (7*1)(7*2)(7*4)(7*7)(7*8)(7*11)(7*13)(7*14)
(mod 15)
 7*14*13*4*11*2*1*8 (mod 15)
 1*2*4*7*8*11*13*14 (mod 15)
 Same value, therefore 78 = 1 (mod 15)

The Mathematics of RSA Encryption

More Related Content

What's hot (20)

Similar to The Mathematics of RSA Encryption (20)

Recently uploaded (20)

The Mathematics of RSA Encryption

Editor's Notes