RSA Prepared by: SITI ZAINAH ADNAN If you do have any feedback or comment, please feel free to email me at sitizai@hotmail.com Your cooperation is very much appreciated !

RSA Is a famous implementation of public key protocol. Deviced by Ronald Rivest, Adi Shamir and Len Adleman of MIT in 1977. Algorithm involves multiplication of large (100 digits) prime numbers to produce keys. Difficult to break the product of two large primes into its two prime factors, hence very secure.

Number Theory A number of concepts from number theory are essential in the design of public key cryptography Divisors Prime Number Relatively Prime Number Modular Arithmetic

Divisors We say that b =/ 0 divides a if a = mb for some m, where a, b, and m are integers That is, b divides a if there is no remainder on division The notation b|a is commonly used to mean b divides a Also, if b|a, we say that d is a divisor of a eg. The positive divisor of 24 are 1, 2, 3, 4, 6, 8, 12, and 24

Prime Number An integer p > 1 is a prime number if its only divisors are 1 and itself eg. 2 3 5 7 1 13 17 19 23 29 31 37 41 43 47 53… Any integer a > 1 can be factored in a unique way as a = p1m p2m….pnm where p1 > p2 > …..pn are prime numbers and where each m > 0 eg. 91 = 7 x 13 11011 = 7 x 112 x 13

Prime Number Therefore, if P is the set of all prime numbers, then any positive integer can be written uniquely as the product of all possible prime numbers eg. 216 = 12 x 18 = (2 x 6) x (2 x 9) = (2 x 2 x 3) x (2 x 3 x 3) = 23 x 32

Relative Prime Numbers We will use the notation gcd(a, b) to mean the greatest common divisor of a and b The positive integer is said to be the greatest common divisor of a and b if c is a divisor of a and of b any divisor of a and b is a divisor of c An equivalent definition is the following: gcd(a, b) = max[ k, such that k|a and k|b]

Relative Prime Numbers We always take the positive value as the greatest common divisor It is easy to determine the greatest common divisor of two positive integers if we express each integer as the product of primes eg. 300 = 22 x 31 x 52 18 = 21 x 32 Therefore, gcd(18, 300) = 21 x 31 x 50 = 6

Relative Prime Numbers The integers a and b are relatively prime if they have no prime factors in common, that is, if their only common factors is 1. This is equivalent to saying that a and b are relatively prime if gcd(a, b) = 1 eg. 8 and 15 are relatively prime because the divisors of 8 are 1, 2, 4, and 8, and the divisors of 15 are 1, 3, 5, and 15. So 1 is the only number on both lists

Modular Arithmetic Given any positive integer n and any integer a, we get a quotient q and a remainder r that obey the following relationship: a = qn + r 0 < r < n; q = [a/n] where [x] is the largest integer less than or equal to x eg. a = 11; n = 7; 11 = 1 x 7 + 4; r = 4 Therefore we can say that 11 = 1 x 7 + 4

RSA - key generation Select p, q p and q both large prime Calculate n = p x q Calculate m = (p-1)(q-1) Select integer e gcd(e,m) = 1, 1 < e < m Calculate d de mod m = 1 Public key = { e, n } Private key = { d, n } Keep p, q, m, and d secret Make e and n public

RSA encrypt RSA decrypt C = Pe mod n P = Cd mod n RSA Implementation RSA encrypt RSA decrypt C = Pe mod n P = Cd mod n

RSA - example 1 Steps of RSA implementation: 1. Select two prime numbers, p = 7 and q = 17 2. Calculate n = pq = 7 x 17 = 119 3. Calculate m = (7- 1)(17 - 1) = 6 x 16 = 96 4. Select e such that e is relatively prime to m = 96 and less than m, 1 < e < 96 gcd (e, 96) = 1 96 = 1 x 6 x 16 = 1 x 2 x 3 x 8 = 1 x 2 x 3 x 23 = 1 x 24 x 3 Assume that we take the smallest prime number in between of 3 to 96, so e = 5 You also can take other value as long as it fulfils the conditions – it must be relatively prime with 96 and it is less than 96

RSA - example 1 5. Determine d such that de = 1 mod 96 and d < 96. de mod m = 1 d x 5 = ( ? X 96) + 1 1 x 96 + 1 = 96 + 1 = 97 97/5 = 19.4 2 x 96 + 1 = 192 + 1 = 193 193/5 = 38.6 3 x 96 + 1 = 288 + 1 = 289 289/5 = 57.8 4 x 96 + 1 = 388 + 1 = 385 385/5 = 77 Find the value which when the results mod 5 with no remainder The correct value is d = 77, because 77 x 5 = 385 = 4 x 96 + 1 You also can take other value as long as it is a positive integer

RSA - example 1 Therefore, n = 119, m = 96, e = 5, d = 77 The resulting keys are: Public key = { e, n } and Private key = { d, n} Public key = {5, 119} and Private key = {77, 119} Assume that P is the plaintext and C is the ciphertext The encryption is C = P5 mod 119 The decryption is P = C77 mod 119

RSA - example 1 Public key = { e, n } and Private key = { d, n} Public key = {5, 119} and Private key = {77, 119} Given P = 4 The encryption is C = P5 mod 119 C = 45 mod 119 = 1024 mod 119 = 72 The decryption is P = C77 mod 119 P = 7227 mod 119 = 4

RSA - example 2 Steps of RSA implementation: 1. Select two prime numbers, p = 7 and q = 11 2. Calculate n = pq = 7 x 11 = 77 3. Calculate m = (7- 1)(11 - 1) = 6 x 10 = 60 4. Select e such that e is relatively prime to m = 60 and less than m, 1 < e < 60 gcd (e, 60) = 1 60 = 1 x 10 x 6 = 1 x 2 x 5 x 2 x 3 = 1 x 22 x 3 x 5 Assume that we take any prime number in between of 7 to 60, so e = 37 You also can take other value as long as it fulfils the conditions – it must be relatively prime with 60 and it is less than 60

RSA - example 2 5. Determine d such that de = 1 mod 60 and d < 60 de mod m = 1 d x 37 = ( ? X 60) + 1 1 x 60 + 1 = 60 + 1 = 61 61/37 = 1.6 2 x 60 + 1 = 120 + 1 = 121 121/37 = 3.2 3 x 60 + 1 = 180 + 1 = 181 181/37 = 4.8 4 x 60 + 1 = 240 + 1 = 241 241/37 = 6.5 5 x 60 + 1 = 300 + 1 = 301 301/37 = 8.1 6 x 60 + 1 = 360 + 1 = 361 361/37 = 9.7 7 x 60 + 1 = 420 + 1 = 421 421/37 = 11.3 8 x 60 + 1 = 480 + 1 = 481 481/37 = 13

RSA - example 2 Find the value which when the results mod 5 with no remainder The correct value is d = 13, because 13 x 37 = 481 = 8 x 60 + 1 You also can take other value as long as it is a positive integer

RSA - example 2 Therefore, n = 77, m = 60, e = 37, d = 13 The resulting keys are: Public key = { e, n } and Private key = { d, n} Public key = {37, 77} and Private key = {13, 77} Assume that P is the plaintext and C is the ciphertext The encryption is C = P37 mod 77 The decryption is P = C13 mod 77

RSA - example 2 Public key = { e, n } and Private key = { d, n} Public key = {37, 77} and Private key = {13, 77} Given P = 5 The encryption is C = P37 mod 77 C = 537 mod 77 = 1024 mod 77 = 47 The decryption is P = C77 mod 119 P = 4713 mod 77 = 5

RSA - example 3 Steps of RSA implementation: 1. Select two prime numbers, p = 3 and q = 11 2. Calculate n = pq = 3 x 11 = 33 3. Calculate m = (3- 1)(11 - 1) = 2 x 10 = 20 4. Select e such that e is relatively prime to m = 20 and less than m, 1 < e < 20 gcd (e, 20) = 1 20 = 1 x 2 x 10 = 1 x 2 x 2 x 5 = 1 x 22 x 5 Assume that we take the smallest prime number in between of 2, 5 to 20, so e = 3 You also can take other value as long as it fulfils the conditions – it must be relatively prime with 20 and it is less than 20

RSA - example 3 5. Determine d such that de = 1 mod 20 and d < 20 de mod m = 1 d x 3 = ( ? X 20) + 1 1 x 20 + 1 = 20 + 1 = 21 21/3 = 7 2 x 20 + 1 = 40 + 1 = 41 41/3 = 13.6 Find the value which when the results mod 3 with no remainder The correct value is d = 7, because 7 x 3 = 21 = 1 x 20 + 1 You also can take other value as long as it is a positive integer

RSA - example 3 Therefore, n = 33, m = 20, e = 3, d = 7 The resulting keys are: Public key = { e, n } and Private key = { d, n} Public key = {3, 33} and Private key = {7, 33} Assume that P is the plaintext and C is the ciphertext The encryption is C = P3 mod 33 The decryption is P = C7 mod 33

RSA - example 3 Public key = { e, n } and Private key = { d, n} Public key = {3, 33} and Private key = {7, 33} Given P = 6 The encryption is C = P3 mod 33 C = 63 mod 33 = 216 mod 33 = 18 The decryption is P = C7 mod 33 P = 187 mod 33 = 6

RSA - example 4 Steps of RSA implementation: 1. Select two prime numbers, p = 5 and q = 11 2. Calculate n = pq = 5 x 11 = 55 3. Calculate m = (5- 1)(11 - 1) = 4 x 10 = 40 4. Select e such that e is relatively prime to m = 40 and less than m, 1 < e < 40 gcd (e,40) = 1 40 = 1 x 4 x 10 = 1 x 2 x 2 x 2 x 5 = 1 x 23 x 5 Assume that we take the smallest prime number in between of 2, 5 to 40, so e = 3 You also can take other value as long as it fulfils the conditions – it must be relatively prime with 40 and it is less than 40

RSA - example 4 5. Determine d such that de = 1 mod 40 and d < 40 de mod m = 1 d x 3 = ( ? X 40) + 1 1 x 40 + 1 = 40 + 1 = 41 41/3 = 13.6 2 x 40 + 1 = 80 + 1 = 81 121/3 = 27 Find the value which when the results mod 3 with no remainder The correct value is d = 27, because 27 x 3 = 81 = 2 x 40 + 1 You also can take other value as long as it is a positive integer

RSA - example 4 Therefore, n = 55, m = 40, e = 3, d = 27 The resulting keys are: Public key = { e, n } and Private key = { d, n} Public key = {3, 55} and Private key = {27, 55} Assume that P is the plaintext and C is the ciphertext The encryption is C = P3 mod 55 The decryption is P = C27 mod 55

RSA - example 4 Public key = { e, n } and Private key = { d, n} Public key = {3, 55} and Private key = {27, 55} Given P = 4 The encryption is C = P3 mod 55 C = 43 mod 55 = 64 mod 55 = 9 The decryption is P = C27 mod 55 P = 927 mod 55 = 4

RSA - example 5 Steps of RSA implementation: 1. Select two prime numbers, p = 11 and q = 17 2. Calculate n = pq = 11 x 17 = 187 3. Calculate m = (11- 1)(17 - 1) = 10 x 16 = 160 4. Select e such that e is relatively prime to m = 160 and less than m, 1 < e < 160 gcd (e,160) = 1 160 = 1 x 10 x 16 = 1 x 2 x 10 x 2 x 8 = 1 x 2 x 2 x 5 x 2 x 2 x 2 = 1 x 26 x 5 Assume that we take the smallest prime number in between of 2, 5 to 160, so e = 3 You also can take other value as long as it fulfils the conditions – it must be relatively prime with 160 and it is less than 160

RSA - example 5 5. Determine d such that de = 1 mod 160 and d < 160 de mod m = 1 d x 3 = ( ? X 160) + 1 1 x 160 + 1 = 160 + 1 = 161 161/3 = 53.6 2 x 160 + 1 = 320 + 1 = 321 321/3 = 107 Find the value which when the results mod 3 with no remainder The correct value is d = 107, because 107 x 3 = 321 = 2 x 160 + 1 You also can take other value as long as it is a positive integer

RSA - example 5 Therefore, n = 187, m = 160, e = 3, d = 107 The resulting keys are: Public key = { e, n } and Private key = { d, n} Public key = {3, 187} and Private key = {107, 187} Assume that P is the plaintext and C is the ciphertext The encryption is C = P3 mod 187 The decryption is P = C107 mod 187

RSA - example 5 Public key = {3, 187} and Private key = {107, 187} Given P = 7 The encryption is C = P3 mod 187 C = 73 mod 187 = 343 mod 187 = 156 The decryption is P = C107 mod 187 P = 156107 mod 187 = 7

RSA of trap-door function A trap-door function is a function that is easy to compute ‘forwards’ but hard to compute ‘backwards’ Specifically, it should be fairly cheap to compute the output given the input, but computationally infeasible to recover the input given the output It is also called as a one-way-function is one that maps a domain into a range such that every function value has a unique inverse, with the condition that the calculation of the function is easy whereas the calculation of the inverse is infeasible

How secure is your RSA ? With the knowledge of Public key = {3, 187} and ciphertext, C = 156, how to recover the plaintext, P ? The decryption is P = Cd mod 187 P = 156d mod 187 Actually there are infinite possibility of d that we can try to recover the plaintext. Such condition make RSA very secure because the it is computationally expensive to do brute-force analysis (trying all the possible key)

How secure is your RSA ? In 1977, RSA inventors offered a $100 reward for the return of a plaintext sentences, an event they predicted might not occur for some 40 quadrillion years with the public key length of 129 decimal digits or around 428 bits In April 1994, a group working over the Internet claimed the prize after only eight months of work