1

An investigation of the RSA cryptosystem, its usefulness

and its applications.



















Iason-Ioannis Stamatiadis




2








Special thanks to
C. Bowen for his advice and help.


































3

Abstract:

This essays research question of whether a code used to encode and
decode messages can be safe for all practical purposes . In response to this question
the RSA cryptosystem is presented and analyzed.
The essay begins with number-theoretical preliminaries. Euclids algorithm and
Bezouts identity which are used to determine the multiplicative inverse

of a number when and b are relatively prime, are presented first.

Eulers phi function and Eulers theorem, a more general form of Fermats little
theorem, are analyzed next. Finally, the congruence properties necessary for the
proof of the RSA cryptosystem are shown.
The RSA algorithm is presented along with its theoretical interpretation and a
brief investigation of its usefulness. An example in which two users communicate
using this system follows, in order to clarify every step of the algorithm.
A proof of the RSA algorithm follows which shows mathematically why encryption
and decryption work.
A brief presentation of the Miller-Rabin probabilistic algorithm for primality
testing which can be used to find large prime numbers are presented next. These
large primes are necessary to the good real world functioning of the RSA
algorithm. An appropriate example is also given.
An investigation of why a third party would have difficulties in cracking the RSA
cryptosystem follows, which concludes that the safety of the RSA resides on the fact
that prime factorization of large numbers is too time-consuming at present for a
practical breaking of the RSA code to be possible.. Fermat factorization, a simple yet
inefficient method to find the factors of a number is also explained. Finally, certain
important parameters which should be taken into consideration during the
implementation of the RSA are presented.
The appendix presents a proof of Fermats theorem using induction and proofs of
the congruence properties mentioned above.













4

Table of Contents:

Page number

Introduction..5


Main essay:

1. Mathematical Preliminaries..6
2. The RSA Cryptosystem.....9
3. Proof of the RSA Cryptosystem.....13
4. Miller-Rabin Probabilistic Algorithm for Primality Testing.....14
5. Difficulties in Cracking the RSA Cryptosystem, Fermat Factorization..15


Conclusion....17


Appendix....18


Bibliography and references.20




















5

Introduction:

Cryptography has always been a useful way to communicate without being afraid
of a message falling in the hands of someone one would not want it to.
Cryptography has been used since the ancient years and particularly during wartime,
where information must be encrypted in order to surprise the enemy. Messages are
enciphered because the information they contain is also useful to third parties, for
example enemies during wartime or hackers trying to find credit card numbers.
These third parties always make attempts to crack the cryptosystems, understand
how they operate and decipher the messages. Therefore, many different
cryptosystems have been invented, which after a certain period of time have been
cracked. Nevertheless, two parties trying to communicate secretly must not only be
afraid of someone cracking their cryptosystem; another problem they face is the
possibility of someone knowing what the key used to encipher is. No matter how
sophisticated the cryptosystem is, once the key is known by a third party,
deciphering a message is trivial. The question therefore arises: Can there be an
unbreakable code? Actually this question has a negative answer, since no matter
how clever an encoding scheme is it can always be broken with enough time and
computer power to spare. A more relevant question is thus: can one devise a code
which is for all practical purposes safe?
In this essay, I will attempt to show in a simple manner the significance of the RSA
system, which is such a system, how it works and most importantly why it works
mathematically. I will also briefly show why it is so hard to crack. As I have stated
above, I will use simple examples in order to achieve my goal; therefore, I will use a
case scenario. I will assume that Bob
1
and Alice are two friends who want to
communicate secretly, while Eve is trying to intercept their message and decipher it.
Bob and Alice will use the RSA cryptosystem in order to exchange information safely.











1
Bob and Alice and Eve are names one commonly encounters when reading about cryptography. Bob
and Alice are names which were first used by Ron Rivest in an article where he presented the RSA
cryptosystem. They offer an advantage since subscripts A and B are commonly used. Eve has been
used since the name is related with the word eavesdropper, which is Eves attribute.


6

1. Mathematical Preliminaries

Before analyzing the mathematics of the RSA, I will briefly describe some of the
key mathematical elements which are the foundation for the RSA encryption
method.

A) First let us consider Euclids Algorithm, which is used at a step during the RSA
process. What Euclids algorithm enables us to do easily, is given two numbers to
find their greatest common divisor. The algorithm is relatively simple, and is based
on the observations that if ( perfectly divides ) then the Greatest Common
Divisor , and that if , for integers t and l, then


We want to find the ; the process is to divide with and then
continue dividing devisors with remainders until the remainder is 0, namely;

gives a remainder

gives a remainder

gives a remainder
.
.
.

gives no remainder

By continuing this process, we conclude that is the

An example follows:

Suppose we are looking for the :





Therefore,


7

In the RSA, the Euclidean algorithm will be used backwards to solve the linear
Diophantine equation , where all variables are integers.
According to Bezouts Identity, for two integers with , there exist
integers and such that . This fact is used along with Euclids
algorithm in order to determine the multiplicative inverse

of a
number when are relatively prime, namely . An
inverse does not exist if .
Finding the multiplicative inverse is a step used in the RSA, where we are required
to find

, which will be of the form , where

If , then

An example should clarify things:

As noted above, we will be interested in the case where ;
therefore, we choose and and we wish to find

Note that Euclids algorithm provides the only in the case where a and b are
not relatively prime, unlike the numbers we are considering. Applying Euclids
algorithm will provide a series of divisions until we end up with the final stage where
the remainder is 1, and then built backwards to end up with Bezouts Identity.


Euclids algorithm:







Now going backwards:









8

Bezouts Identity:



Now to find

B) Next I will consider Eulers function, which is also essential in the RSA
process. Eulers phi function or totient function, since a number is called totative
when it is less than or equal and relatively prime to a given number, is defined to be
the number of positive integers not exceeding n which are relatively prime to n. For
example since there are 5 integers which are relatively
prime to 8. For any prime since primes are indivisible and
therefore all numbers less that are not factors of . It can be shown that the
function is multiplicative in the sense that when are
relatively prime.
2


C) Eulers Theorem states that if , then

This is a general theorem of Fermats Little Theorem which we will use in the proof
of the RSA. Fermats Little Theorem states that for any natural number , and prime
number ,

If p does not divide , then there exists a smaller

exponent such that

and , hence

.
Fermat claimed to have proved his theorem but did not provide the proof. The first
one to provide a proof was Euler in 1749. There is a simple proof using mathematical
induction on , which I will provide in the appendix.

D) Certain properties of congruence will be used in the proof of the RSA(proofs in
appendix):

If , then

, for any integer .

If and , then
.
If

and , then

2
A proof of the theorem can be found in William J. Leveque, Fundamentals of Number Theory, New
York, Dover, 1996,pages 53-54


9

2. The RSA Cryptosystem

During the 1970s, banks used the mail in order to inform their clients on the keys
used on enciphered messages they sent them. The clients were informed on the key
a week before the enciphered message arrived. However, one easily understands
the financial costs and the difficulty in organizing an operation that ensured that
every client was personally handed a briefcase which contained the necessary
confidential key. The RSA offered a solution to this by solving the key distribution
problem which was considered an inevitable part of cryptography. Nowadays, this
applies to enciphering credit card numbers.
The RSA was named after its inventors; Rivest, Shamir and Adleman. Although
they were not the first ones to come up with the general idea used in the process
3
,
they were the first ones to produce a concrete implementation, in 1977. The idea
was simple; instead of having a lock which can be locked and unlocked by the same
key, we can use a lock which locks by one key and unlocks by a second, different
one. Theoretically, Alice and Bob distribute locks and their locking keys in public;
thus, anybody can write a message, lock it in a box and send it back to Alice or Bob,
who have kept the unlocking key to themselves. The entire process is done in public,
without fear of anyone intercepting information at any point, since the idea is that
the vital information in order to decipher is kept personal; every user has a personal
and a public key. The essence of the RSA is that this process is expressed
mathematically, a very difficult achievement:

Every user of the RSA has to follow a procedure (algorithm) before any encryption
can take place.

A user must first choose two large prime numbers.
Next, calculate and also .
Take such that
Calculate such that , where the
method with the Euclidean algorithm described above is used. For smaller
numbers one can guess the inverse d quicker by choosing a value which
ensures that is an integer.
At this point, the keys are ready:
- The public keys are .
- The private keys are .


3
Diffie, Helman and Merkle were the first researchers in the idea of Public Key Cryptography (PKC).
Their work greatly affected cryptography research; however, it did not implement digital signatures,
allowing other researchers to invent an algorithm which would enable a complete PKC approach.


10

Before explaining how the enciphering and deciphering is done, I will show how
Bob and Alice have processed the numbers they have chosen in order to end up with
their keys. To make the calculations easy and to demonstrate the algorithm more
clearly, I will choose small prime numbers; later on it will become clear that choosing
small prime numbers is a weak choice.


First for Alice:

Next, Alice randomly chooses

, which is relatively prime to

Now we are looking for

.

Euclids Algorithm:






Now going backwards:






Now to find

:

11

Now for Bob:

Next, Bob randomly chooses

, which is relatively prime to

Now we are looking for

.

Euclids Algorithm:










Now going backwards:







Now to find

A table with all the values is presented below:


Bob 17 23 391 352 97 225
Alice 11 19 209 180 103 7

Finally, Alices public key is and Bobs public key is .



12

In order to encrypt a number the process is to calculate

, where
is the number to be encrypted and is encrypted message. Clearly, the
only information needed in order to encrypt a message is to know the public key of
the recipient. Once the message arrives to the recipient, the method to decipher it is
simple, and makes use of the recipients personal keys. The recipient must calculate

, which will result to .

Bob wants to send Alice an important number, a code, which he certainly does
not want Eve, the third party, to have access to; thus, he chooses to encipher the
number 10:

But,

So,

And by the same procedure, simplifying, we end up with:

The next step is to make public. Technically, Bob is not afraid of Eve who
can see this number, since the only way to decipher it is to have Alices private keys.
Now, Alice must calculate:

Clearly, the RSA cryptosystem has worked since the deciphering of the encrypted
message gave the correct result. In the next section, I will give a mathematical proof
of why the RSA works.










13


3. Proof of the RSA Cryptosystem

There are many proofs of why the RSA works, namely that

and

. Clearly, both the

above statements are equivalent to

; therefore, what is left to prove is

that

.

Since is prime, either or divides .
Assume first that
It is known that
But
And so clearly also, .
Also, by Fermats little theorem


Therefore we can apply that if

and , then

We set and obtain

This however is clearly also true when so that divides ,
since in that case

By taking , we can similarly prove that

Now, since , using the properties of congruences, we
can write

or

, which completes the

proof.











14

4. Miller-Rabin Probabilistic Algorithm for Primality Testing

In the RSA, it is important to find large prime numbers easily, in order to use them
in the key calculation process. In order to find large prime numbers, of say 120 digits,
we use an algorithm, which is called the Miller Rabin probabilistic algorithm. The
algorithm is quite simple; given an odd integer , let

, with odd.
Next, choose a random integer , where . If

, or if
for some , ,

, then passes the test. The test

does not ensure that is prime, may be composite. It has been shown that a
composite number will also pass the test for at most of all the possible bases of .
Therefore if passes the test, it is said to be probably prime (i.e. probabilistic
algorithm). Nevertheless, a prime number will pass the test for all . For the RSA, we
are interested in prime numbers with more than 120 digits. It has been shown that
the probability a randomly chosen number t with 120 digits is prime, is about 1 in
270 randomly chosen 120 digit numbers, which shows that this is a fast algorithm.
Recently, a deterministic algorithm for primality testing was found, which was a
major breakthrough in mathematics, but it was not as practical as the Miller Rabin
one. A simple example follows:

We know that is a prime number; however, the algorithm only informs us that it
is probably prime. We must continue evaluating for different bases in order to be
certain. It is interesting to note that it has been shown by Gerhard Jaeschke that
when testing 32-bit numbers, we can deterministically test their prime nature by
only trying










15

5. Difficulties in Cracking the RSA Cryptosystem, Fermat Factorization

I have shown how the RSA works and proved why it works. Now I will briefly show
why Eve, who does not have adequate information, will find extreme difficulties in
her effort to decipher the message. These difficulties make the system unbreakable
for all practical applications, where time is an important factor. The information Eve
has is the public keys of every user (i.e. ) and the encrypted message . Alice uses
in order to decipher the message; therefore, Eve would love to have . However,
can she calculate from and ? In order to calculate , Alice has used and .
Eve knows but does not have a clue about what the prime numbers are. The other
information she has is , the product of and . Therefore, if Eve manages to
successfully find the prime factors of , she will be able to decipher the message.
Another way to proceed is to use the fact that

, and try to evaluate

the e
th
root of . This proves to be as hard as factoring. We understand that
the security of the RSA is based on the assumption that Eve cannot factor ;
factoring large numbers is extremely hard and time-consuming with current
technologies.

Given a composite number , the simplest way to find the prime factors is to
calculate and then divide with all primes up to until you find and
easily find by

. Clearly, this is not a practical method since the square root of

grows too fast in terms of ; for instance if has 40 digits the square root still has
20 digits. Many different algorithms have been found in order to find the prime
factors faster. I will briefly present a method devised by Fermat, called Fermat
Factorization.

Fermat Factorization is based on the fact that every non prime odd integer can be
written as

The reason for this is as follows:
Since is composite, we can write . Let us assume without losing
generality that .
We set and . Solving for and , we get
and . These numbers are integers since and are both
odd.
In order to proceed, we calculate and then assign consecutive integer
values greater than , in order to calculate

until the result is a perfect square,

which will be equal to

.
The method is efficient when and are close together, since this implies that
is small, which in turn implies that is not much greater than .
If and were not close together many different values of would have to be tried,


16

which would make the process time-consuming. An example should clarify the
method:


, thus we first assign the value 29;

, not a perfect square

, a perfect square

So and . Now, by solving the system we can easily calculate
and . We check that . This is not a prime
factorization but the factors are smaller than N, which reduces the difficulty of the
problem. In the case of RSA, we would have found the two prime factors of N and
Eve would be able to break the code.
Although faster methods than Fermat Factorization have been invented, one can
only imagine how hard factoring can get for large numbers. When making individual
use of the RSA, it is recommended to use 768-bits prime numbers,
namely digits
4
; to show how safe this choice is I will provide the
following fact: In 1991, the RSA laboratories sponsored a factoring challenge to
encourage research in factoring large numbers and in computational number theory;
the last prime to have been factored successfully was the RSA-640 in 2005, which
had 193 digits.
5

Nevertheless, implementation of the RSA has to be done carefully, since
otherwise certain parameters can prove to be weak; If

, can be found
from , .
6
If the choice of and is not really random, then assuming that
has digits, one may find the first or last

digits, which are enough to

factor .
7
Finally, if two users share the modulus , then one can easily find the
other ones private key, as can a user who does not have the same modulus.
8
These
are details which have to be taken into account in order to ensure the safety of the
process; clearly, if the implementation of RSA is correct, it is almost immune to code
breakers.

4
http://www.coursehero.com/file/532731/N5-RSA/
5
Ibid
6
Ibid
7
Ibid
8
Ibid


17

6. Conclusion

The research question of this essay was whether a cryptosystem that is safe for all
practical purposes can be devised. In this essay, I presented the RSA cryptosystem,
showed how it works and proved why it works. The safety of the RSA is based on the
fact that factorizing very large numbers is extremely difficult and time-consuming,
even with modern computers. Since the RSA uses numbers with more than 200
digits, one understands the impossibility of someone factoring such numbers before
an encrypted message has completed its intended service. Nevertheless, research in
cryptanalysis is ongoing, and since a faster algorithm for factorization may be
invented and computer power is constantly increasing, no cryptosystem should feel
too safe.
However, we may conclude that given the restrictions of current technologies, the
RSA is indeed a cryptosystem which is safe for all practical purposes.





















18

Appendix:

A) Proof of

using mathematical induction.

First, we check if the theorem is true for ;

Next, we assume

and examine

Using the Binomial Theorem:

However, since

so clearly

and

for .This means that divides every member of the right side,
i.e. it divides the right side, so also divides the left side. Combining with our
assumption, we get that

, as assumed, so the
hypothesis is true for any a.

B) Proof: If

and , then

Since , we can write , for some integer p.

Then,

C) Proof: If , then

, for any integer using

mathematical induction.

First, we check if the theorem is true for :

, which is as given.

Next, we assume

and examine

19

Combining with and our assumption,

, as assumed,
so the property is true for any integer .


























20

Bibliography and References:

Internet sites:
http://www.cut-the-knot.org/blue/Euclid.shtml, visited: 9 September 2009
www.garykessler.net/Library/Crypto.html, visited: 4 August 2009
http://old-www.cwi.nl/publications/annual-reports/1999/AR/PDF/factoring.pdf,
visited: 14 September 2009
http://www.jimloy.com/number/euclids.htm, visited: 9 September 2009
http://www.coursehero.com/file/532731/N5-RSA/, visited: 8 September 2009
http://mathworld.wolfram.com/FermatsLittleTheorem.html, visited: 12 September
2009
http://mathworld.wolfram.com/Rabin-MillerStrongPseudoprimeTest.html, visited:
13 September 2009
http://mathworld.wolfram.com/FermatsFactorizationMethod.html, visited: 14
September 2009
http://mathworld.wolfram.com/RSANumber.html, visited: 14 September 2009
Bibliography:
Simon Singh, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum
Cryptography, Translation: Nasos Kiriazopoulos, Athens, Travlos, 2001
William J. Leveque, Fundamentals of Number Theory, New York, Dover, 1996