RSA Cryptosystem Setup 1. Choose two “large” primes p and q and compute the quantities m pq and f ( p 1)( q 1) . 2. A positive integer e is chosen where gcd(e, f ) 1 . Using the Euclidean algorithm, we calculate an integer d where (e d ) MOD f 1 . Note that d is the multiplicative inverse of e MOD f , that is d e 1 MOD f . Here, e will be called the enciphering exponent and d will be called the deciphering exponent. 3. Using an alphabet assignment to convert from English letters to numbers, compute an English plaintext message number Y . Assuming that Y m , we use the enciphering exponent e to encipher the message by computing Z Y e MOD m . by successive squaring. Here, Z will be the “secret” message number that will be transmitted from the sender to the recipient of the message. If Y m , we break Y into blocks of numbers smaller than m, say Y1 , Y2 , … , Yr , and encipher each block separately, that is, we compute Z1 Y1e MOD m , Z 2 Y2e MOD m , … , Z r Yre MOD m . 4. To decipher the message, the recipient uses the deciphering exponent d to reverse the process of step 3 by computing Y Z d MOD m . or if the cipher-text is in blocks Z1 , Z 2 , … , Z r , we compute Y1 Z 1d MOD m , Y2 Z 2d MOD m , … , Yr Z rd MOD m . The alphabet assignment is used to recover the message. Important Facts Concerning the RSA Cryptosystem 1. A common place that causes confusion when first learning the RSA is when to use m and f computed in step 1. The integer m pq is the modulus used in enciphering and deciphering messages (to compute Z Y e MOD m in step 3 and Y Z d MOD m in step 4). The integer f ( p 1)( q 1) is only needed in step 2 and is the modulus needed to find the multiplicative inverse of e MOD f , that is d e 1 MOD f . 2. 3. In practice, the modulus m and enciphering exponent e are made public (everyone knows). To ensure gcd(e, f ) 1 so that d e 1 MOD f exists, a good choice for the enciphering exponent e is a prime number (although it is not necessarily required).