RSA.htm

Secure Communication and Public Key Encryption

The "Key" Idea: Remember that A cryptosystem is a five-tuple () where the following conditions are satisfied:

1. $\QTR{bs}{P}$ is a finite set of possible plaintexts:

2. $\QTR{bs}{C}$ is a finite set of possible ciphertexts:

3. $\QTR{bf}{K}$ the keyspace, is the a finite set of possible keys:

4. For each K there is and encryption rule e and a corresponding decryption rule d. Where

e and d are functions such that for all M $\in \QTR{bs}{P}$ ,d(e(M )) $\fallingdotseq$ M.

In general we think of cryptosystems as being used for two-way communication between individuals who want to carry on a private dialog. However, this is really not be practical for e-commerce. Consider the basic function of taking a credit card over the Web.

Suppose, however, that it were possible to find a cryptosystem for which knowing e , and the general methodology used in its construction, did not lead to an easy computation of d , then we could do the following.

Secure One-Way Communication: (eg Web Form)

1. Publish e for the world to see. Tell the world that, if they want to communicate securely with you, all they need to is apply e to the message before transmitting it. This because there is an acceptably small chance of someone discovering d hence decoding there message.

2. When I received the encrypted message apply d which, presumably only I know.

Secure Two-Way Communication:

Assume that we are dealing with a Cryptosystem such that

$\QTR{bs}{P=C}$
In addition to d(e(M )) $\fallingdotseq$ M, we have e(d(C )) $\fallingdotseq$ C for all C $\in \QTR{bs}{C=P}$ .
Given d(), it is also very hard to compute e().

Suppose that we have two people P and P who want to communicate securely with each other. Each selects their own "one way system", K and K , from a Cryptosystem with the above listed properties .

P and P commmunicate as follows:

1. P gives e to P and P gives e to P.

2. Suppose P wants to send message M to P . P computes C e (d (M )) and transmits it.

3. P computes e (d (C )) e (d (e (d (M )))) e (d (M )) M.

Why does this work?

P knows that the only person who can read the message is P , the owner of K since, presumably P , is the only person who knows d ().
P knows that P sent the message since, presumably P , is the only person who knows d (). We are implicitly assuming that the message P

sees is meaningful.

There are Examples of One Way Cryptosystems:

RSA ( The RSA algorithm was invented in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman):

1. Begin by choosing $\QTR{Large}{p}$ and $\QTR{Large}{q}$ to be two very large prime numbers.

2. Next choose $\QTR{Large}{e}$ , , such that $\QTR{Large}{e}$ and are relatively prime.

3. Referring back to the previous sections, we can find $\QTR{Large}{d}$ such that . Note that $\QTR{Large}{e}$ and $\QTR{Large}{d}$ are "symmetric" for two way communication.

4. Here is RSA

$\QTR{bs}{P=C}$ is the set of integers between $\QTR{Large}{1}$ and $\QTR{Large}{pq=n}$ and relatively prime to $\QTR{Large}{n}$ .
$\QTR{bf}{K}$ the keyspace, is the set of pairs $\QTR{Large}{e}$ , $\QTR{Large}{d}$ as above:
For each K in $\QTR{bs}{K}$ and all M $\in \QTR{bs}{P}$ , e(M )) $\fallingdotseq$ M $^{\QTR{Large}{e}}$ =C and d(C ) $\fallingdotseq$ C $^{\QTR{Large}{d}}$

Note: d (e (M)) $\fallingdotseq$ M M (M ) $^{\QTR{Large}{a}}$ M $\fallingdotseq$ (1) $^{\QTR{Large}{a}}$ M $\fallingdotseq$ M

And d (e (M))=M.

Example- Let $\QTR{Large}{p=47}$ and $\QTR{Large}{q=53}$ .

$\vspace{1pt}$

and . So . Choose $\QTR{Large}{e=35}$ . Note

$\vspace{1pt}$

Compute

$\vspace{1pt}$

Suppose M $\QTR{Large}{=25}$ $\$ Check

$\vspace{1pt}$

----------------------------------------------------------------------------------------------------------

If your pocket calculator is not working try:

$\vspace{1pt}$

import java.util.*;

import java.math.*;

public class Calcmod {

public static void main(String[] args)

{

try

{

BigInteger p=new BigInteger("48112959837082048697"); //I looked these two primes up (see TOC for this section)

BigInteger q=new BigInteger("36413321723440003717");

BigInteger n=new BigInteger("0");

n=p.multiply(q);

BigInteger pm1qm1= new BigInteger("0");

pm1qm1=(p.subtract(new BigInteger("1"))).multiply(q.subtract(new BigInteger("1")));

System.out.println("n="+n);

System.out.println("(p-1)(q-1)="+pm1qm1);

BigInteger e=new BigInteger("67843189741225"); //Chosen at random, sort of......

BigInteger d=new BigInteger("0");

d=e.modInverse(pm1qm1);

System.out.println("e="+e+" d="+d);

//HELLO=7269767679

BigInteger Message=new BigInteger("7269767679");

System.out.println("Message='HELLO' as decimal ascii= "+Message);

BigInteger code=Message.modPow(e,n);

System.out.println("Message ^e=coded="+code);

BigInteger result=code.modPow(d,n); // Message.modPow(e.multiply(d),n);

System.out.println("Message ^(ed) MOD mod = Message?");

System.out.println(result);

}

catch (Exception ex){ ex.printStackTrace();}

}//main

} //Calcmod

THE OUTPUT

n=1751952685614616185916001760791655006749

(p-1)(q-1)=1751952685614616185831475479231132954336

e=67843189741225 d=346820212054753766339618442769730365753

Message='HELLO' as decimal ascii= 7269767679

Message ^e=coded=195102718882357445246760445462165944439

Message ^(ed) MOD mod = Message?

7269767679

Observation: At first glance there may appear to be a security opening in RSA. A reasonable question that could be asked is, while it may be hard to factor $\QTR{Large}{n}$ all we really need to do is find $\QTR{Large}{d}$ such that , so given, , is there a way to compute ?

The answer is that it is as "hard" to compute from $\QTR{Large}{n}$ as it is to factor $\QTR{Large}{n}$ it self. Here is the argument.

1. For the sake of clarity, set . So if we know $\QTR{Large}{p}$ and $\QTR{Large}{q}$ we can quickly compute $\QTR{Large}{m}$ .

Next the important direction.

2. Suppose there was an easy way to compute $\QTR{Large}{m}$ from $\QTR{Large}{n}$ . To factor $\QTR{Large}{n}$ , we would then only have to solve the two simultaneous equations.

in two unknowns $\QTR{Large}{p}$ and $\QTR{Large}{q}$ .

Solving the first equation for p gives.

substituting this into the second equation gives.

The quadratic formula does the rest.