# RSA Cryptography - Full ```2008
RSA Cryptography
The Science of Keeping Secrets
Math 430: Number Theory
My Viet Nguyen
Reference #: 32
5/1/2008
Tuohtiw egaugnal terces a etaerc nac uoy taht nam ecnassianer taerg a hcus gnieb enigami
dednah-tfel erew ouy esuaceb ecneinevnoc erup fo tuo metsysotpyrc siht detaerc ouy. Gniyrt neve
gnigdums tuoba hcum oot yrrow ot evah ton did uoy, dednah-thgir erew uoy fi. Nep lliuq a gnisu
ylbaborp Odranoel. Dednah-tfel erew uoy fi dluow uoy ekil mlap ruoy fo edis eht htiw krow ruoy
S’icniv ad tuo erugif to sraey ynam koot ti hgouhtla. Tfel ot thgir morf etorw eh suht, oot os thguoht
ot neht od ot sgniht retteb dah tsuj eh, saedi sih gnilaets srehto tuoba suovren ton saw eh, sterces
Nep lliuq sih htiw thgif
In other words…
Imagine being such a great renaissance man that you can create a secret language without
even trying. You created this cryptosystem out of pure convenience because you were left-handed
using a quill pen. If you were right-handed, you did not have to worry too much about smudging
your work with the side of your palm like you would if you were left-handed. Leonardo probably
thought so too, thus he wrote from right to left. Although it took many years to figure out da Vinci’s
secrets, he was not nervous about others stealing his ideas, he just had better things to do then to
fight with his quill pen.
information is the key ingredient to identity fraud prevention. In the following pages we will
discuss RSA cryptography by first examining where it came from and where it is today. First we
will describe Caesar’s Cipher, the Diffie-Hellman Key Exchange and how this leads to a more general
form of the discrete logarithm problem which is the focal point of RSA.
Cryptography as my professor has said is the science of keeping secrets. Before we can
discuss the exchange of secrets and messages, we need to find a way to convert letters, numbers,
and common symbols into integers that can easily be processed in a cryptosystem. For the purpose
of this paper we will use the following standard two-digit integer assignment:
Digital Alphabet
A=
B=
C=
D=
E=
F=
G=
H=
I=
J=
00
01
02
03
04
05
06
07
08
09
K=
L=
M=
N=
O=
P=
Q=
R=
S=
T=
10
11
12
13
14
15
16
17
18
19
(space) =
U=
V=
W=
X=
Y=
Z=
,=
.=
?=
0=
40 or 99
Table 1
20
21
22
23
24
25
26
27
28
29
1=
2=
3=
4=
5=
6=
7=
8=
9=
!=
30
31
32
33
34
35
36
37
38
39
Then the numbers:
1200190740171402101839
is the message, MATH ROCKS!, but can also be digitalized as
1200190799171402101839
Also the message:
Don’t try that one on me!
Can be digitalized to
031413199919172499190700199914130499141399120439
or 031413194019172440190700194014130440141340120439.
As you can see, the lowercases and the apostrophe ( ’ ) are not included in our integer assignment,
so our messages cannot be case sensitive. As for the apostrophe we would just omit it, since DONT
can be easily understood to be Don’t. It is possible to extend the integer assignment to include both
lowercases and other symbols. One example is the ASCII character assignment, which could be
found at http://www.petefreitag.com/cheatsheets/ascii-codes/. Once the original message, called
plaintext is digitalized we can use a cryptosystem to turn it into a ciphertext which is unreadable by
others.
In general all cryptosystems can be broken down into symmetric and asymmetric
cryptography, also known as private-key and public-key cryptography, respectively.
In a private-key cryptosystem, the plaintext is encrypted into a ciphertext using only one
process, called the private key. Since this private key is necessary to encrypt and decrypt a
message, it is important that only those that are trusted should know about the private key. Some
examples include the Caesar’s Cipher, Vigenere’s Cipher, and Hill’s Cipher.
Of the three mentioned, Caesar’s Cipher is the simplest to understand and the other two
ciphers are derived from it. It is said that Caesar himself used this cryptosystem to get messages
out to his soldiers who were out building his empire. With Caesar’s Cipher, he would take his
message and shift it three letters over. So his cipher alphabet would be:
Caesar’s Cipher
A
B
C
D
E
F
G
H
I
=
=
=
=
=
=
=
=
=
D
E
F
G
H
I
J
K
L
J =
K
L
M
N
O
P
Q
R
=
=
=
=
=
=
=
=
M
N
O
P
Q
R
S
T
U
Table 2
S
T
U
V
W
X
Y
Z
=
=
=
=
=
=
=
=
V
W
X
Y
Z
A
B
C
For example, the plaintext
MATH ROX,
would be converted to the ciphertext
PDWK URA.
Even though Caesar used a three letter shift, this general method could be used with any number of
shifts. Using a digital alphabet we could create an equation from congruence theory that will allow
us to easily convert our message from plaintext, M to ciphertext, C one letter at a time. This
equation is
,
where k is the private key, or number of shifts and A is the number of characters in a digital
alphabet. Then using Caesar’s Cipher, we would have the equation,
,
Using the same example, our message digitalized and encrypted can be found by utilizing just the
first 26-letters from the digital alphabet in table 1 and it would be
Plaintext, M
Digitalized M
M
12
15
A
00
03
T
19
22
H
07
10
R
17
20
O
14
17
X
23
26
(mod 26)
Ciphertext, C
15
P
03
D
22
W
10
K
20
U
17
R
00
A
Note that we can use any number k provided k is between 1 and A-1. If k was bigger than A-1, our
ciphertext would be the same as the ciphertext generated by k-A modulus A, since A is 0 modulo A.
Now to decrypt our message we use a similar process. To get our original message, we
would subtract our private key, k, from the ciphertext, C, to get our original message, M.
,
For example, If we had private key, k =27, and
C =?GD_6_4,F52,!61_6F2,A69Z,
(the underscore character, (_), will be used to signify and easily read spaces), we have
Ciphertext, C ? G D _ 6
Digitalized C 28 06 03 40 35
01 -21-24 13 08
(mod 41)
01 20 17 13 08
Plaintext, M
B U R N I
Ciphertext, C !
Digitalized C 39
12
(mod 41)
12
Plaintext, M M
6 1
35 30
08 03
08 03
I D
_
40
13
13
N
_ 4 , F 5
40 33 26 05 34
13 06 -01-22 07
13 06 40 19 07
N G _ T H
6 F 2
35 05 31
08 -22 04
08 19 04
I T E
Thus our secret message is M= Burning the midnite oil!
, A 6
26 00 35
-1 -27 08
40 14 08
_ O I
2 ,
31 26
04 -01
04 40
E _
9 Z
38 25
11 01
11 39
L !
Although, Caesar’s ciphers and other private-key cryptosystems can be used with some
effectiveness, they do have some flaws. One problem occurs when two people or entities such as
Wescom Credit Union and SchoolsFirst Federal Credit Union (SFFCU) are trying to establish their
mutual private key. If they are relatively close by, they could send a representative in person to
exchange the private key, otherwise they would have to find a secure way to exchange this
information or have a trusted source deliver the key, without the knowledge of another person or
company like Bank of America (BofA) who might want to have access to these credit unions’
secrets. Then the private key could be compromised. One way to counter this attack is to use the
Diffie-Hellman Key Exchange (DH KEy). This is a method which can allow Wescom and SFFCU to
communicate openly about their private key, without BofA finding out. DH KEy is an asymmetric
cipher that is usually used in conjunction with a private-key cryptosystem. It is usually used to
effortlessly exchange a private key between two parties.
With asymmetric cryptography we have two separate keys. One is made public for anyone
to know and see, while the other is kept private. Wescom could release a public key to others so
they can send an encrypted message back to Wescom. Even if BofA intercepted the message, the
message could not be decrypted without the private key. This is possible because the equation
used to decrypt the ciphertext to plaintext is much harder to perform without knowing the missing
information known as the private key. On the other hand the equation is easy to compute to
decrypt a plaintext message with the given public key.
In 1976, Whitfield Diffie and Martin Hellman first used a discrete logarithm problem to
create their asymmetric cryptosystem, DH KEy. The discrete logarithm problem involves three
numbers, namely g, p, and x, where we know the values of
,
we need to find x.
There are special properties that are necessary to ensure that there are no easy shortcuts to
finding x. First it is important that p is a very large, usually 200+digit prime number. That is a
number that only has two positive divisors, 1 and itself. Some examples include 2, 3, 7, 17, 37, and
101. This p needs to be large so that it would be computationally hard to find x. The second
requirement is g must be a primitive root of p. A primitive root of a prime, p, is an integer, g,
between 1 and p-1 such that
,
and there are no other powers, x, between 1 and p-1 where
.
In other words, p-1 is the smallest power of g that will give us 1 modulo p. For our example, we will
use smaller primes so that we can easily see how the system works. Given a prime number 13, a
primitive root of 13 is 2 since
Unfortunately there are no easy calculations that will give us primitive roots, but there are a few
tricks we can used to help the process go a little faster. First we need Fermat’s Little Theorem (F l
T). It states that for all prime p, and all integers g such that p does not divide g, then
.
Let’s just make sure this is true. Suppose
are arbitrary, such that p is prime and p does not
divide g. First consider the first p-1 multiples of g, namely
We can say that each of these are mutually incongruent to each other modulo p. If there existed
such that
and
,
Then this would imply that
which is not possible since p is prime. Also, since none of the multiples of g are congruent to 0
modulo p,
Since p does not divide
, then we can cancel out
from both sides, which then gives
us what we are trying to prove,
.
We can now find a primitive roots much faster, because if
and
,
then x must divide p-1. Thus when looking for a primitive root, we only need to check the factors of
p-1 and not all integers between 1 and p-1. This proof is omitted, however consider p = 31. We can
check that 17 is a primitive root by checking that the powers 1, 2, 3, 5, 6, 10, 15 of 17 will not be 1
modulo 17.
Now that we have a prime number p and a primitive root g we can begin the process of DH
KEy. Wescom and SFFCU both agree on a prime, p, and a primitive root, g. Then both Wescom and
SFFCU either picks or randomly generates their own secret number,
and
respectively.
Wescom then computes
,
and SFFCU computes
.
Then Wescom and SFFCU trade off W and S to each other. Once Wescom receives S, they compute
And when SFFCU receives W, then they can compute
Since
then now both Wescom and SFFCU can use this as their private key k. This k can be use in
conjunction with one of the private-key ciphers. So BofA may be able to intercept g, p, S, and W, but
will not be able to find k without
and . Suppose Wescom and SFFCU agree on the prime, 31
and the primitive root, 17, Wescom might choose
, and SFFCU might select
. Then
Wescom performs the following operations
And SFFCU calculates
.
Wescom and SFFCU also share the numbers 7 and 8 to each other.
Wescom then computes,
while SFFCU calculates
Now that they have this private-key, k, they can use this along with a symmetric-cipher to exchange
messages.
Even with DH KEy, over time people outside of those entrusted with the private key could
systematically find the key. With today’s technology, we can use frequency analysis to find this
private key quite easily since the encryption scheme and decryption scheme are basically the same.
One way to prevent that from happening is to constantly change the private key. Wescom and
SFFCU could add an extra line to their encrypted message with a new prime and/or primitive root.
This would remedy a frequency analysis scheme on the ciphertext. However, primitive roots
although easy to find, can be computationally tedious to calculate as we select bigger and bigger
prime numbers and there has to be a minimum of three contacts between two parties in order to
just send or receive the first set of ciphertext. When Wescom and SFFCU are sharing time sensitive
information, the least number of contacts can be crucial.
An alternative is RSA cryptography. RSA is currently the most widely used cryptosystem
and is the basis for most other public-key cryptosystems. RSA are the initials of the MIT professors,
R. Rivest, A. Shamir, and L. Adleman who created this cipher. They also utilizes the discrete
logarithm problem, however instead of only using it to create a private key, RSA is used to encrypt
the plaintext itself.
If SFFCU and Wescom wanted to use RSA, they would first find two large primes, p and q
usually over 200 digits and multiply them together to get n. Then SFFCU carefully selects an
encryption exponent, e. It is important that the
.
Then SFFCU would publish the integer pair (n, e). These would be the public key, while the pair of
primes, (p, q) are kept private. Then if Wescom wanted to send the message, M, to SFFCU it would
take the public key pair and compute,
.
and send the ciphertext, C to SFFCU. For example say SFFCU selected the prime pair (157, 163) and
published the public key, (25591, 7) and Wescom wanted to let SFFCU know that
“Banks are evil!”,
Wescom would first digitize it using a table similar to table 1 and translate the message to
010013101899001704990421081139
Then separate this long strand of digits into smaller strings of digits, called bit-strings, so each
string is smaller than n. This is necessary because
and that can be represented as BHA which is not the same as our original message. Then let’s break
010013101899001704990421081139
into
010013/10189/9001/7049/9042/10811/39,
where / signifies the ending and beginning of each new bit-string. Since the last number is much
smaller, we can add in a filter number like a space or a random symbol to make it a bit bigger.
Then we calculate
Then Wescom would send SFFCU,
C = 3659/16489/7322/16175/1166/9913/10926.
With RSA we would not convert it back into letters because sometimes the output numbers are
bigger than the largest value in the digital alphabet. This could lead to some reducing that could
possibly change the original message, as we saw earlier when we didn’t reduce the message, M,
into bit-strings of the plaintext message smaller than n.
So now that SFFCU has this ciphertext, how do they decrypt it back to the original message?
In order to do this, SFFCU needs the decryption exponent, d. To get, d, we need to solve the
congruence,
Since p and q are both large primes, then
would be hard to know what
will both be large even numbers. So it
without knowing what p and q were originally.
To solve this congruence, we use the Euclidean Algorithm. Then from our example above,
thus we need to solve,
Then it is equivalent to say
Then by the Euclidean Algorithm we get
Then combining these we get,
1
Thus d=10831. Once we have d, we can calculate
to get the original message again. Let’s check to make sure this works.
From above we have
Then it is also true that
Then
Since
, we can use the Chinese Remainder Theorem1 (CRT) to break this into a system of
equations,
Recall that by F l T,
and so by the uniqueness of CRT ,
1
For a Proof of the Chinese Remainder Theorem, Please see Appendix A.
So if Wescom sent another message to SFFCU, such as
21509 / 17445 / 5624 / 4093 / 5624 / 11835 /
14368 / 25277 / 9078 / 25277 / 4951 / 19352,
SFFCU would decrypt it by computing,
Putting these strings all down we get,
Digitalized, M 03 14 13 19 99 19 17 24 99 19 07 00 19 99 14 13 04 99 14 13 99 12 04 39
Plaintext, M D O N T _ T R Y _ T H A T _ O N E _ O N _ M E !
RSA cryptography also relies on large primes similar to the DH KEy, although a primitive
root is not necessary in RSA. Most cryptosystem schemes currently in use today is RSA or some
variation of it. So rest assure that Wescom Credit Union and SchoolsFirst Federal Credit Union can
easily exchange information without Bank of America or anyone else being able to steal the private
information. So even though this seems complicated, I would like to leave you with one last
ciphertext, a quote from S. Gudder,
SGNIHT ELPMIS EKAM OT TON SI SCITAMEHTAM FO ECNESSE EHT
ELPMIS SGNIHT DETACILPMOC EKAM OT TUB, DETACILPMOC
Works Cited
Annin, Scott. “Math 430: Number Theory” Class notes. 2008
Burton, David M. Elementary Number Theory. New Delhi: Tata McGraw-Hill,
2007
Freitag, Pete. “ASCII Character Codes &amp; Cheat Sheet.”2005-2008.
http://www.petefreitag.com/cheatsheets/ascii-codes/
Lu, Mark. “Large Mod Calculator.” 2008
http://www.excelex.net/powermod.php
Marx, Kyle. “TI-83 RSA Program” 2008
McCurley, Kevin. “Diffie-Hellman Key Echange.” 1/23/1998.
http://www.swcp.com/~mccurley/talks/msri2/node14.html
Sequib, Al. “Diffie-Hellman Key Echange.”
http://www.xml-dev.com/blog/index.php?action=viewtopic&amp;id=196
Appendix A
The Chinese Remainder Theorem, CRT.
Let
where
such that
,
then the system of equations:
has a unique solution for
Proof:
To show this is true, first we define
then
such that
Then the
congruence
has a unique solution where
is unknown. We claim that
is a unique solution to the system,
Remember that
and
thus
and
This process can be checked for each of the
and
pair to show that
for all i =1, 2, …, r. Last we need to check for uniqueness. Suppose y is also a solution to the system
Then we need to show that
Since y is a solution to the system, then
and
We also know
such that
,
then
,
which implies that
Thus the solution to the CRT is unique.
Let’s see an example to see how this works, compute
By the uniqueness of the CRT, it is easier to compute the system
Note that
Thus we have
,
We need to find
such that
or
and
or
Then we can see that
. Thus we need to compute
,
```