Introduction to Algorithms Second Edition by Cormen, Leiserson, Rivest & Stein Chapter 31
Using the definition of multiplication modulo n, we define the multiplicative group modulo n as . The elements of this group are the set of elements in Zn that are relatively prime to n:
An example of such a group is The size of is denoted (n). This function, known as Euler's phi function, satisfies the equation where p runs over all the primes dividing n (including n itself)
For example, since the prime divisors of 45 are 3 and 5,
The RSA cryptosystem-(1) The RSA system, named after its inventors Ron Rivest, Adi Shamir, and Len Adleman, was the first public-key cryptosystem and is still most important Its security is closely related to the difficulty of finding the factorization of a composite integer that is the product of two large primes
The RSA cryptosystem-(2) We explain how Bob generates his private and public RSA keys n=pq, where p, q are randomly and independently two large prime numbers Bob also chooses an integer e with 1<e<(n)=(p-1)(q-1) and gcd(e, (n))=1 Bob computes an integer d with 1<d<(n)=(p-1)(q-1) and de=1 mod (p-1)(q-1), since gcd(e, (p-1)(q-1))=1, such a number d exists
The RSA cryptosystem-(3) Bob’s public key is the pair (n,e), his private key is d The number n is called the RSA modulus, e is called the encryption exponent, and d is called the decryption exponent
The RSA cryptosystem-(4) Encryption: A plaintext m is encrypted by computing c=me mod n, 0m<n The ciphertext is c, if Alice knows the public key (n,e), she can encrypt efficient
The RSA cryptosystem-(5) Decryption: The decryption of RSA is based on the following theorem: (me)d mod n =m for any integer m with 0m<n Proof: since ed=1 mod (p-1)(q-1), there is an integer l with ed=1+l(p-1)(q-1) Therefore (me)d=med=m1+l(p-1)(q-1)=m(m(p-1)(q-1))l It follows that med=m(m(p-1))(q-1)l=m mod p Analogously, we see that (me)d=m mod q Because p and q are distinct prime numbers, we obtain (me)d=m mod n The assertion follows form the fact that 0m<n
The RSA cryptosystem-(6) Example: Bob choose p=11 and q=23, then n=pq=253 and (p-1)(q-1)=220, the smallest possible e is 3, then d=147 We know the plaintext space is {0,1,…,252}, encrypting m=165, we obtain 1653 mod 253=110 Then 110147 mod 253=165
The RSA cryptosystem-(7) Security of the secret We show that computing d from (n,e) is as difficult as finding the prime factors p and q of n There is no proof that factoring RSA modules is difficult, however, if the factor p and q of the RSA module n are sufficiently large, then nobody yet knows how to factor n
Powers of an element Just as it is natural to consider the multiples of a given element a, modulo n, it is often natural to consider the sequence of powers of a, modulo n, where : a0,a1,a2,a3,... , modulo n. Indexing from 0, the 0th value in this sequence is a0 mod n = 1, and the ith value is ai mod n.
Example . For example, the powers of 3 modulo 7 are i 0 1 2 3 4 5 6 7 8 9 10 11 ...----------------------------------------------- 3imod 7 1 3 2 6 4 5 1 3 2 6 4 5 ...
Theorem(Euler) For any integer n > 1,
Theorem(Fermat) If p is prime, then