Professional Documents
Culture Documents
gives a remainder
gives a remainder
gives a remainder
.
.
.
gives no remainder
By continuing this process, we conclude that is the
An example follows:
Suppose we are looking for the :
Therefore,
7
In the RSA, the Euclidean algorithm will be used backwards to solve the linear
Diophantine equation , where all variables are integers.
According to Bezouts Identity, for two integers with , there exist
integers and such that . This fact is used along with Euclids
algorithm in order to determine the multiplicative inverse
of a
number when are relatively prime, namely . An
inverse does not exist if .
Finding the multiplicative inverse is a step used in the RSA, where we are required
to find
An example should clarify things:
As noted above, we will be interested in the case where ;
therefore, we choose and and we wish to find
Note that Euclids algorithm provides the only in the case where a and b are
not relatively prime, unlike the numbers we are considering. Applying Euclids
algorithm will provide a series of divisions until we end up with the final stage where
the remainder is 1, and then built backwards to end up with Bezouts Identity.
Euclids algorithm:
Now going backwards:
8
Bezouts Identity:
Now to find
B) Next I will consider Eulers function, which is also essential in the RSA
process. Eulers phi function or totient function, since a number is called totative
when it is less than or equal and relatively prime to a given number, is defined to be
the number of positive integers not exceeding n which are relatively prime to n. For
example since there are 5 integers which are relatively
prime to 8. For any prime since primes are indivisible and
therefore all numbers less that are not factors of . It can be shown that the
function is multiplicative in the sense that when are
relatively prime.
2
C) Eulers Theorem states that if , then
This is a general theorem of Fermats Little Theorem which we will use in the proof
of the RSA. Fermats Little Theorem states that for any natural number , and prime
number ,
and , hence
.
Fermat claimed to have proved his theorem but did not provide the proof. The first
one to provide a proof was Euler in 1749. There is a simple proof using mathematical
induction on , which I will provide in the appendix.
D) Certain properties of congruence will be used in the proof of the RSA(proofs in
appendix):
If , then
and , then
2
A proof of the theorem can be found in William J. Leveque, Fundamentals of Number Theory, New
York, Dover, 1996,pages 53-54
9
2. The RSA Cryptosystem
During the 1970s, banks used the mail in order to inform their clients on the keys
used on enciphered messages they sent them. The clients were informed on the key
a week before the enciphered message arrived. However, one easily understands
the financial costs and the difficulty in organizing an operation that ensured that
every client was personally handed a briefcase which contained the necessary
confidential key. The RSA offered a solution to this by solving the key distribution
problem which was considered an inevitable part of cryptography. Nowadays, this
applies to enciphering credit card numbers.
The RSA was named after its inventors; Rivest, Shamir and Adleman. Although
they were not the first ones to come up with the general idea used in the process
3
,
they were the first ones to produce a concrete implementation, in 1977. The idea
was simple; instead of having a lock which can be locked and unlocked by the same
key, we can use a lock which locks by one key and unlocks by a second, different
one. Theoretically, Alice and Bob distribute locks and their locking keys in public;
thus, anybody can write a message, lock it in a box and send it back to Alice or Bob,
who have kept the unlocking key to themselves. The entire process is done in public,
without fear of anyone intercepting information at any point, since the idea is that
the vital information in order to decipher is kept personal; every user has a personal
and a public key. The essence of the RSA is that this process is expressed
mathematically, a very difficult achievement:
Every user of the RSA has to follow a procedure (algorithm) before any encryption
can take place.
A user must first choose two large prime numbers.
Next, calculate and also .
Take such that
Calculate such that , where the
method with the Euclidean algorithm described above is used. For smaller
numbers one can guess the inverse d quicker by choosing a value which
ensures that is an integer.
At this point, the keys are ready:
- The public keys are .
- The private keys are .
3
Diffie, Helman and Merkle were the first researchers in the idea of Public Key Cryptography (PKC).
Their work greatly affected cryptography research; however, it did not implement digital signatures,
allowing other researchers to invent an algorithm which would enable a complete PKC approach.
10
Before explaining how the enciphering and deciphering is done, I will show how
Bob and Alice have processed the numbers they have chosen in order to end up with
their keys. To make the calculations easy and to demonstrate the algorithm more
clearly, I will choose small prime numbers; later on it will become clear that choosing
small prime numbers is a weak choice.
First for Alice:
Next, Alice randomly chooses
Now we are looking for
.
Euclids Algorithm:
Now going backwards:
Now to find
:
11
Now for Bob:
Next, Bob randomly chooses
Now we are looking for
.
Euclids Algorithm:
Now going backwards:
Now to find
A table with all the values is presented below:
Bob 17 23 391 352 97 225
Alice 11 19 209 180 103 7
Finally, Alices public key is and Bobs public key is .
12
In order to encrypt a number the process is to calculate
, where
is the number to be encrypted and is encrypted message. Clearly, the
only information needed in order to encrypt a message is to know the public key of
the recipient. Once the message arrives to the recipient, the method to decipher it is
simple, and makes use of the recipients personal keys. The recipient must calculate
But,
So,
And by the same procedure, simplifying, we end up with:
The next step is to make public. Technically, Bob is not afraid of Eve who
can see this number, since the only way to decipher it is to have Alices private keys.
Now, Alice must calculate:
Clearly, the RSA cryptosystem has worked since the deciphering of the encrypted
message gave the correct result. In the next section, I will give a mathematical proof
of why the RSA works.
13
3. Proof of the RSA Cryptosystem
There are many proofs of why the RSA works, namely that
and
.
Since is prime, either or divides .
Assume first that
It is known that
But
And so clearly also, .
Also, by Fermats little theorem
Therefore we can apply that if
and , then
We set and obtain
This however is clearly also true when so that divides ,
since in that case
By taking , we can similarly prove that
Now, since , using the properties of congruences, we
can write
or
, with odd.
Next, choose a random integer , where . If
, or if
for some , ,
We know that is a prime number; however, the algorithm only informs us that it
is probably prime. We must continue evaluating for different bases in order to be
certain. It is interesting to note that it has been shown by Gerhard Jaeschke that
when testing 32-bit numbers, we can deterministically test their prime nature by
only trying
15
5. Difficulties in Cracking the RSA Cryptosystem, Fermat Factorization
I have shown how the RSA works and proved why it works. Now I will briefly show
why Eve, who does not have adequate information, will find extreme difficulties in
her effort to decipher the message. These difficulties make the system unbreakable
for all practical applications, where time is an important factor. The information Eve
has is the public keys of every user (i.e. ) and the encrypted message . Alice uses
in order to decipher the message; therefore, Eve would love to have . However,
can she calculate from and ? In order to calculate , Alice has used and .
Eve knows but does not have a clue about what the prime numbers are. The other
information she has is , the product of and . Therefore, if Eve manages to
successfully find the prime factors of , she will be able to decipher the message.
Another way to proceed is to use the fact that
The reason for this is as follows:
Since is composite, we can write . Let us assume without losing
generality that .
We set and . Solving for and , we get
and . These numbers are integers since and are both
odd.
In order to proceed, we calculate and then assign consecutive integer
values greater than , in order to calculate
.
The method is efficient when and are close together, since this implies that
is small, which in turn implies that is not much greater than .
If and were not close together many different values of would have to be tried,
16
which would make the process time-consuming. An example should clarify the
method:
, thus we first assign the value 29;
, a perfect square
So and . Now, by solving the system we can easily calculate
and . We check that . This is not a prime
factorization but the factors are smaller than N, which reduces the difficulty of the
problem. In the case of RSA, we would have found the two prime factors of N and
Eve would be able to break the code.
Although faster methods than Fermat Factorization have been invented, one can
only imagine how hard factoring can get for large numbers. When making individual
use of the RSA, it is recommended to use 768-bits prime numbers,
namely digits
4
; to show how safe this choice is I will provide the
following fact: In 1991, the RSA laboratories sponsored a factoring challenge to
encourage research in factoring large numbers and in computational number theory;
the last prime to have been factored successfully was the RSA-640 in 2005, which
had 193 digits.
5
Nevertheless, implementation of the RSA has to be done carefully, since
otherwise certain parameters can prove to be weak; If
, can be found
from , .
6
If the choice of and is not really random, then assuming that
has digits, one may find the first or last
Next, we assume
and examine
Using the Binomial Theorem:
However, since
so clearly
and
for .This means that divides every member of the right side,
i.e. it divides the right side, so also divides the left side. Combining with our
assumption, we get that
, as assumed, so the
hypothesis is true for any a.
B) Proof: If
and , then
Since , we can write , for some integer p.
Then,
C) Proof: If , then
, which is as given.
Next, we assume
and examine
19
Combining with and our assumption,
, as assumed,
so the property is true for any integer .
20
Bibliography and References:
Internet sites:
http://www.cut-the-knot.org/blue/Euclid.shtml, visited: 9 September 2009
www.garykessler.net/Library/Crypto.html, visited: 4 August 2009
http://old-www.cwi.nl/publications/annual-reports/1999/AR/PDF/factoring.pdf,
visited: 14 September 2009
http://www.jimloy.com/number/euclids.htm, visited: 9 September 2009
http://www.coursehero.com/file/532731/N5-RSA/, visited: 8 September 2009
http://mathworld.wolfram.com/FermatsLittleTheorem.html, visited: 12 September
2009
http://mathworld.wolfram.com/Rabin-MillerStrongPseudoprimeTest.html, visited:
13 September 2009
http://mathworld.wolfram.com/FermatsFactorizationMethod.html, visited: 14
September 2009
http://mathworld.wolfram.com/RSANumber.html, visited: 14 September 2009
Bibliography:
Simon Singh, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum
Cryptography, Translation: Nasos Kiriazopoulos, Athens, Travlos, 2001
William J. Leveque, Fundamentals of Number Theory, New York, Dover, 1996