Public Key Cryptography

and RSA

RSA
by Rivest, Shamir & Adleman of MIT in 1977
best known & widely used public-key scheme
based on exponentiation in a finite (Galois) field

over integers modulo a prime

Exponentiation takes O((log n)3) operations (easy)

uses large integers (eg. 1024 bits)

security due to cost of factoring large numbers

Factorization takes O(e

log n log log n

) operations (hard)

RSA Key Setup

each user generates a public/private key pair by:
selecting two large primes at random - p, q
computing their system modulus N=p.q

note (N)=(p-1)(q-1)

selecting at random the encryption key e

where 1<e<(N), gcd(e,(N))=1

solve following equation to find decryption key d

e.d=1 mod (N) and 0dN

publish their public encryption key: KU={e,N}

keep secret private decryption key: KR={d,p,q}

RSA Use
to encrypt a message M the sender:

obtains public key of recipient KU={e,N}

computes: C=Me mod N, where 0M<N

to decrypt the ciphertext C the owner:

uses their private key KR={d,p,q}

computes: M=Cd mod N

note that the message M must be smaller than the

modulus N (block if needed)

Why RSA Works

Because of Euler's Theorem:
a(n)mod N = 1

where gcd(a,N)=1

in RSA have:

N=p.q

(N)=(p-1)(q-1)

carefully chosen e & d to be inverses mod (N)

RSA
Uses Modular
Arithmetic Extensively

Modular Arithmetic & Congruency

define modulo operator a mod n to be

remainder when a is divided by n

use the term congruence for: a b mod n

when divided by n, a & b have same remainder

eg. 100 = 34 mod 11 i.e. 1

Modulo 7 Example
...
-21 -20 -19 -18 -17 -16 -15
-14 -13 -12 -11 -10 -9 -8
-7 -6 -5 -4 -3 -2 -1
0
1
2
3
4
5
6
7
8
9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 32 33 34
...

Modular Arithmetic Operations

is 'clock arithmetic'
uses a finite number of values, and loops back

from either end

modular arithmetic is when do addition &
multiplication and modulo reduce answer
can do reduction at any point, ie
a+b

mod n = [a mod n + b mod n] mod n

Modular Arithmetic
can do modular arithmetic with any group of

integers:

Zn = {0, 1, , n-1}

form a commutative ring for addition

with a multiplicative identity
note some peculiarities
if (a+b)(a+c) mod n then bc mod n
but (ab)(ac) mod n then bc mod n only if a is
relatively prime to n

Greatest Common Divisor (GCD)

a common problem in number theory
GCD (a,b) of a and b is the largest number that

divides evenly into both a and b

eg GCD(60,24) = 12

often want no common factors (except 1) and

hence numbers are relatively prime

eg GCD(8,15) = 1
hence 8 & 15 are relatively prime

Euclid's GCD Algorithm

an efficient way to find the GCD(a,b)
uses theorem that:

GCD(a,b) = GCD(b, a mod b)

Euclid's Algorithm to compute GCD(a,b):

A=a, B=b

while B>0
R = A mod B
A = B, B = R

return A

Euclid's Algorithm keeps computing successive differences until

it vanishes, at which point that divisor has been reached.

Example GCD(1970,1066)
1970 = 1 x 1066 + 904
gcd(1066, 904)
1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94
gcd(162, 94)
162 = 1 x 94 + 68
gcd(94, 68)
94 = 1 x 68 + 26
gcd(68, 26)
68 = 2 x 26 + 16
gcd(26, 16)
26 = 1 x 16 + 10
gcd(16, 10)
16 = 1 x 10 + 6
gcd(10, 6)
10 = 1 x 6 + 4
gcd(6, 4)
6 = 1 x 4 + 2
gcd(4, 2)
4 = 2 x 2 + 0
gcd(2, 0)

RSA Example
1.

Select primes: p=17 & q=11

2.

Compute n = pq =1711=187

3.

Compute (n)=(p1)(q-1)=1610=160

4.

Select e : gcd(e,160)=1; choose e=7

5.

Determine d: de=1 mod 160 and d < 160 Value is

d=23 since 237=161= 10160+1

6.

Publish public key KU={7,187}

7.

Keep secret private key KR={23,187}

RSA Example cont

sample RSA encryption/decryption is:
given message M = 88 (nb. 88<187)
encryption:

C = 887 mod 187 = 11

decryption:

M = 1123 mod 187 = 88

Exponentiation
can use the Square and Multiply Algorithm
a fast, efficient algorithm for exponentiation
concept is based on repeatedly squaring base
and multiplying in the ones that are needed to

compute the result

look at binary representation of exponent
only takes O(log2 n) multiples for number n

887mod187
= (884mod187 X 882mod187 X
881mod187)mod187
881mod187=88
882mod187=7744mod 187=77
884mod187=59,969,536mod187=132
887mod187=(88X77X132)mod187=894,432mod1
87=11

Mathematics behind RSA

Relative primes
Primality test
Eulers Theorem
Euclids Method
Principle of Congruency
Principles of Modular Mathematics

19

The background number theory required to

understand how RSA works
Basics:
A number is prime if the only numbers that exactly divide it
are 1 and itself.
A pair of numbers are relatively prime if the great common
divisor of them is 1.
Note:
If p and q are distinct prime numbers, they are certainly
relatively prime to each other.

RSA Crptography

Multiplicative Inverses
Theorem. A number e has a multiplicative

inverse mod n if and only if gcd (e ,n)=1.

If e has a multiplicative inverse mod n it is

unique.
Further, there is an efficient algorithm to test

whether e and n are relatively prime, and if

so, calculate the inverse of e.

RSA Crptography

20

Fermats Little Theorem

21

If p is a prime number and a is any integer between 1

and p-1 inclusive, then

ap-1 = 1 (mod p )

RSA Crptography

Eulers theorem

22

Any number a relatively prime to n there exists

the congruence

aPhi(n) = 1

(mod n)

Phi(n) is the number of positive integers

less than n and relatively prime to n

RSA Crptography

23

The Chinese Remainder

Theorem
Suppose a and b are relatively prime. If
x = y (mod a) and x = y (mod b)
then
x = y (mod a b)

RSA Crptography

The RSA Algorithm Key

Generation
1.
2.
3.
4.
5.
6.
7.

Select p,q
p and q both prime
Calculate n = p x q
Calculate (n) ( p 1)(q 1)
gcd( (n), e) 1; 1 e (n)
Select integer e
1
d e mod (n)
Calculate d
Public Key
KU = {e,n}
Private key
KR = {d,n}

24

RSA Key Generation

users of RSA must:

determine two primes at random - p, q

select either e or d and compute the other

primes p,q must not be easily derived from

modulus N=p.q

means must be sufficiently large

typically guess and use probabilistic test

exponents e, d are inverses, so use Inverse

algorithm to compute the other

RSA Private Key (1024) looks like

-----BEGIN RSA PRIVATE KEY----MIIEogIBAAKCAQBs8/qxzPzwW4cLvbb01403U5CXFBXzpYHzLhjwavzYyiMRl5p5
PLJHzWdrljzGtXTtROVDQdPRqvpc5LMuVk6PYVj9Fk5pmoR7qydLOFsR2FA9GEix
cPnWkzwqfzSgY61QMpeDf2d5vPZdixWoQIjXtpV5pJ2IKyM1zjY2W7qU0G3RATWj
kj5u+XnLn05xuf9CQHVmaBSwo6a68pIuKmgrAwx0S/7qY/B3BP5s+EIHN7tY0iE+
iJsMtf1zB1ZdY1Cc3/vYz+8M5Q1qtvFliC3/BsRg6/ZjXsJq4PeA0phOpO02rv37
TgtrigzGpSoe15ExeNjr+YwwDCaMncMC2Sc9AgMBAAECggEAQuTxsST4z+KCYfUT
VfTaYXPPPNM6PyQJS3OsIECwCbLiITUBxRo9I9S7gNT3b9GNfvhkAw1xrjPaEBri
4Lpg9auBZbLCZhhW609EiuyJDcXQThKQ31FMNDCmKjl76FYK3UiSukwJDje00+5H
V8x3uGoEEHG/vxEtRyXbJzjer+sTT6AztkgnqBBER6/lHaKP7sQ2ideSNYb/iQ6C
3jOMqmuk7vHTN52LjDkpjYRJ3AjLD/m24H6fkT76XQJ2YAAzjZQKBXEsXmRpwr0Z
yvYznDcL0KTkadmVgPIr3+eILWtuwByvoOfUsmstxnp6dLXBcXtZij4vD3c3S91c
G5ZJQQKBgQCy9REVw6ykFlAKj/XV50QXbWAiSLLizR6zmzx8FSAnY/4pVGS9CJRq
aZ8Vl0PGwCvSWVmr4OogG8iYntznUdTgOKQJliNFbbtfIM9h9EiUyAJX+ei7xiHG
4y43haJLb1Z8o0wPLKoXb5sC8Ok3plP7Mxj7Mzj0nRjj78Ghie9NRQKBgQCb27mK
oNlPx9Wfr/yBJT2qvxqk/xrs3X45eeNVmaeO1BJ+W3K9cEEUneP+9T/hT8Itusro
DGPvdVHxlb9zrICVyiVGMXNuD+UiU68cqzupvbmkgXmB2lCYQ7bkkCSbK+i7wPSq
cTJaZnzctDrAYWFBOrH+sWL/I6Yr7mFXbhUlmQKBgHbvcN9qIL8dJS0f6F61SQfY
5V9juaAKezEbJuPAlpIXXr/RGvKXVSwz7krHMYBSD83JHFOjM3cLgBIO4vnJ5RTw
D/VfFyn5d+INSEbtt59KHmSh7w986s3oBrtX0TkZUf2b+dzL7m+M+RTHT/hwTrhQ
iXXJ4TyRfA1hNutJZQWRAoGBAIDs7Tpje9+m6mtB5Jnf+Hb5xkyeSeOOBQ/+Z7Mz
e4uGmhW0B+H0raEkSqlorgLvOy0gyx/QwAog/jvdJ5XEKEnAAb1iwp1UwLH4j24j
pyLuMlaGU8C6mtiZivzez6kcVVSadMlZAdIN3VOkMsVYyF5w8zRAACgVkSvd8N+l
zBBhAoGAP9HrOL2RiDE2mcwFLV4m2P1kxGHnDCCsPN/211+RcFoxKHeYrfa9UiSp
eAfBJEa2ZdpC3X8iIbszqcpt4CnXFDWtlMoDaszQLs13pD+ue9j3XelUYnk2+Cdq
YAXyY+QTuYPjBQv9MCMrv72/XUmzxGNLJSC9CmPbsfKVdkENt10=
-----END RSA PRIVATE KEY-----

 Plaintext: Divya
Encrypted Text:

JN1P1i3uIdMApN6SuLMHHEm0eYs3hG/7w/rknanz
xFQ+2KSTYagEwisIEZmCXGlylpFzGO4lvrYOMbL
wX6E3AXTOG4Elhx8VDnp54at0TmKTxvbEBzBr7
ToDmngBOFWEOdaGkHfdYQBlZ4w6L8KjRWj59Ie
M8b2M7xD0JOVmX00=

RSA Public Key

System
Choose prime numbers p and
q.

Example
Choose 11 and 13
Calculate n = 11*13 = 143

Find their product n = pq.

Calculate Phi(n) = (11-1)*(131) = 120.

Calculate Phi(n) = (p-1)(q-1).

Let e = 7.

Select an integer e, in which

the
gcd( e, Phi(n))= 1.

We want 7*d = 1 mod 120.

Thus d = 103, as 7*103 = 721
= 1 mod 120.

Calculate d such that e*d = 1

mod Phi(n).

The public key is (7, 143).

The public key is (e, n).

Let the numerical

representation of M be
M = 5, for example.

The private key is (d, n).

Plaintext can be any number
M, where
M < n, and neither p nor q
divides M
e

The private key is (103, 143).

The ciphertext is C=5

(mod

153) =47
The plaintext is 47103 (mod
143) =5

RSA
Crpto

Is RSA secure?
The security of the RSA cryptosystem depends on
the difficulty of factoring n.
It is currently difficult to obtain the private key d from
the public key (n, e). However if one could factor n
into p and q, then one could obtain the private key d.
Thus the security of the RSA system is based on the
assumption that factoring is difficult.
The discovery of an easy method of factoring would
"break" RSA .

RSA Crptography

29

30

Is RSA Secure? (Cont.)

How might we break RSA?

Factoring n
Computing Phi(n)
Compute d given e and n
Still need to know n or Phi(n)
Computing e-th roots modulo n
(C= Me (mod n); then M= C1/e (mod n))
It is computationally intractable

RSA Crptography

The following table gives the number of operations

needed to factor n with GNFS method, and the time
required if each operation uses one microsecond, for
various lengths of the number n (in decimal digits)
Digits
Number of
Time
operations
100

9.6 108

200

3.3 1012

38 days

300

1.3 1015

41 years

400

1.7 1017

5313
years

500

1.1 1019

3.5 105
years

1024

1.3 1026

4.2 1012
years

RSA Crptography

16 minutes

31

RSA Security
three approaches to attacking RSA:
brute force key search (infeasible given size of
numbers)
mathematical attacks (based on difficulty of
computing (N), by factoring modulus N)
timing attacks (on running of decryption)

Timing Attacks
developed in mid-1990s
exploit timing variations in operations

eg. multiplying by small vs large number

or IF's varying which instructions executed

infer operand size based on time taken

RSA exploits time taken in exponentiation
countermeasures

use constant exponentiation time

add random delays

blind values used in calculations

Exercises
EX-1
Perform encryption ad decryption using RSA:
P=3; Q=11, E=7, M=5
P=5, Q=11, E=3; M=9
P=7, Q=11, E=17, M=8
EX-2
In a RSA system public key to the user is e=31,
n=3599, what is the private key used by the
user?

Summary
have considered:
principles of public-key cryptography
RSA algorithm, implementation, security