Engineering & Analysis Operation
Public Key Encryption
James C. Bradas, Ph.D.
18 June 2009
A Bit of History
• In mid 1970s, the primary means of encrypting data was via “single-key
encryption”. This uses a single mathematical formula or key to encrypt
data or messages and requires the sender and receiver to have the key. If
you want to share information with multiple users, all have to have the key.
The more users, the less secure the key becomes.
• Whitfield Diffie & Martin Hellman at Stanford University proposed a solution
in 1976 - Asymmetric “Public Key Encryption”.
• This system was perfected by three MIT students in 1977 – Ronald Rivest,
Adi Shamir & Leonard Adleman. Their system has come to be known as
RSA Public-Key Cryptography and is now the standard method of data
encryption used today.
• An interesting article on the history of RSA encryption is contained at the
website: http://www.fundinguniverse.com/company-histories/RSA-SecurityInc-Company-History.html
• RSA Encryption makes use of the properties of Prime Numbers to develop a
unique and “break-proof” key for each sender.
What Are Prime Numbers?
Prime Numbers are numbers divisible only by themselves and 1
22
33
22  2  4
55
23  6
77
2
222  2  8
3
3  3  32  9
etc.
ALL Integers Can Be Built
From Prime Numbers
Prime Numbers are the
“Elementary Particles”
of Mathematics
The Fundamental Theorem of Arithmetic
ANY integer greater than 1 can be written as a UNIQUE product of prime numbers
Integer Factorization of 864
864
32
4
27
8
3
2 2 2 2 2 3
864  2  3
5
9
3
3 3
A semi-prime number is the product of two (not necessarily distinct)
prime numbers (not raised to a power greater than 1)
As of September 2008, the largest known semi-prime is:
2
43,113, 609

1
2
(has over 25 million digits)
This number is the square of the largest prime number discovered so far
There is no “Integer Factorization Spectrometer”
White Light
Spectrometer
Colors of the Spectrum
Semi-Prime Number
Prime Number 1
Prime Number 2
Cryptography, and in particular, RSA Public Key Encryption, makes use
of the fact that it is EXTREMELY EASY to multiply two numbers together
and EXTREMELY DIFFICULT to factor a semi-prime number into the product
of prime numbers.
Factoring Semi-Prime Numbers is particularly challenging because there are
only TWO unique factors
RSA Uses Prime Numbers
RSA Encryption Scheme
I choose 2 extremely large prime numbers, p & q*.
n  pq
This number, combined with modular arithmetic and the RSA scheme, provides
secure data encryption.
How Large Are These Two Prime Numbers?
If I use 128-bit encryption, then I choose a prime number between 2 &
2128  1  340,282,366,920,938,........  3.4 1038
How many prime numbers are there in that range?
N
Np 
ln( N )
Gauss’ formula for estimating
the number of prime numbers in
2 - N integers
* In reality, much goes into the selection of the prime numbers to be used. They should not be too
close together (p-q should not be less than 2n 1/4 ). If p-1 or q-1 have only small prime factors, n can
be factored quickly by Pollard’s p-1 algorithm. There is some art to this.
RSA Uses Prime Numbers
RSA Encryption Scheme
I choose 2 extremely large prime numbers, p & q.
n  pq
This number, combined with modular arithmetic and the RSA scheme, provides
secure data encryption.
How Large Are These Two Prime Numbers?
If I use 128-bit encryption, then I choose a prime number between 1 &
2128  1  340,282,366,920,938,........  3.4 1038
How many prime numbers are there in that range?
2128
36
Np 

3
.
8

10
ln 2128
 
Size of the Problem
2128
36
Np 

3
.
8

10
ln 2128
 
Approximate number of prime numbers using 128 bits
In order to determine p & q, I might use trial & error. In other words, pick a
prime number p & divide it into n to see if I get the other prime number q.
To get an idea of the size of the problem, suppose I use trial & error.
128
Divide n by each prime number between 2 and 2
If my computer operates at Teraflop speed, I can do
There are
 1036
1
1 1012 divisions per second
primes to try.
24
10 secs
=
1036
1012
18
Since the universe is only 10
Number of primes to try
Number of tries per second
seconds old, it will take a while!
What About Some Sort of a Lookup Table?
List of semi-prime integers
1st Prime
2nd Prime
X
ni  p j  pk
ni 1  pl  pm
36
With 128-bit numbers, there are ~ 10 prime numbers. If I take 2 at a
time, there are 1036 1036  1072 possible combinations. The number of
elementary particles in the visible universe is around 1084. There isn’t
enough memory capacity to store all of the prime numbers between 1
and 1036, much less the number of possible combinations available.
Because of the number of primes, “table lookup” cannot be done. The
encryption algorithm must generate prime numbers “on the fly”.
So What About Faster Computers?
Top500 – 2x per year – the 500 fastest known computer systems
The Top Three (As of June 2009)
1 1105 TFLOPs ( 1.105 PFLOPs ) IBM Roadrunner System @ LANL
2 1059 TFLOPs
3
Cray XTS Jaguar @ DOEs ORNL
825 TFLOPs ( 1 1012 )
# Floating Point
Operations Per
Second
10
Today
9
IBM BlueGene/P @ FZJ in Germany
Abbreviation
GigaFLOPS
1012
TeraFLOPS
2007
1015
PetaFLOPS
~2008
1018
ExaFLOPS
10 21
ZettaFLOPS
10 24
YottaFLOPS
Even with Zettaflop performance, time is still
1 billion years.
1015
seconds or about
So What About Faster Computers?
Top500 – 2x per year – the 500 fastest known computer systems
The Top Three (As of June 2009)
1 1105 TFLOPs ( 1.105 PFLOPs ) IBM Roadrunner System @ LANL
2 1059 TFLOPs
3
Cray XTS Jaguar @ DOEs ORNL
825 TFLOPs ( 1 1012 )
# Floating Point
Operations Per
Second
10
Today
9
IBM BlueGene/P @ FZJ in Germany
Abbreviation
GigaFLOPS
1012
TeraFLOPS
1015
PetaFLOPS
1018
ExaFLOPS
by 2019?
10 21
ZettaFLOPS
by 2030?
10 24
YottaFLOPS
(That’s a Lotta FLOPS!)
Even with Zettaflop performance, time is still
1 billion years.
1015
seconds or about
Of course, no one actually tries every prime number by brute force.
There are algorithms that make it possible to make a reasonable “guess”
based on the value of the number to be factored. However, given the
sheer number of prime numbers, the task of finding the correct two prime
numbers is still quite formidable.
A number of semi-prime numbers published by RSA in 1991 (54) have been
successfully factored (12) by networked computers. However, it took months
to factor just one semi-prime number.
There is still no computer system/algorithm that can factor semi-prime
numbers quickly (days – hours – minutes) which would put RSA encryption
at risk.
So Now That We’ve Convinced Ourselves
About the Viability of Prime Numbers,
Let’s Look At How RSA Works
First, we need some basic modular arithmetic
a  b(mod n)
We can write this as:
Two numbers a & b are congruent modulo n
if their difference ( a – b ) is an integer multiple
of n (the integer can be positive or negative).
a  b  kn
So, for example:
25  4(mod 3)
25  4 21

7
3
3
or
a b
k
n
Other Examples
33  1(mod 4)
22  1(mod 7)
4  2(mod 2)
k 8
k 3
k 1
k 7
“a” divided by “n” is equal to some integer x “n” + “b”. “b” is the remainder
Note: the

sign is NOT the same thing as an “=“ sign.
In our example, replace “25” by “x”. What values of x make the
statement true?
x  4(mod 3)
x4
k
3
x  3k  4
if :
k  1 then x  1
k  0 then x  4
k  1 then x  7
k  2 then x  10
k  3 then x  13
and so on
So, the following are all true:
1  4(mod 3)
4  4(mod 3)
7  4(mod 3)
10  4(mod 3)
13  4(mod 3)
and so on
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
and y are congruent modulo n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
Proof :
x  y (mod n)
means
x y
k
n
and y are congruent modulo n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
Proof :
x  y (mod n)
means
x y
k
n
and y are congruent modulo n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
Proof :
x  y (mod n)
means
x y
k
n
and y are congruent modulo n
x  y (mod n)
 y
y  n  INT    y
n
k
n
 y
INT    k
n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
and y are congruent modulo n
insert expression for x
Proof :
x  y (mod n)
means
x y
k
n
x  y (mod n)
 y
y  n  INT    y
n
k
n
 y
INT    k
n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
Proof :
x  y (mod n)
means
x y
k
n
and y are congruent modulo n
 y
y  n  INT    y (mod n)
n
 y
y  n  INT    y
n
k
n
 y
INT    k
n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
Proof :
x  y (mod n)
means
x y
k
n
and y are congruent modulo n
 y
y  n  INT    y (mod n)
n
 y
y  n  INT    y
n
k
n
 y
INT    k
n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
Proof :
x  y (mod n)
means
x y
k
n
and y are congruent modulo n
 y
y  n  INT    y (mod n)
n
 y
y  n  INT    y
n
k
n
 y
INT    k
n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
Proof :
x  y (mod n)
means
x y
k
n
and y are congruent modulo n
 y
y  n  INT    y (mod n)
n
 y
y  n  INT    y
n
k
n
 y
INT    k
n
For RSA Encryption, we will be performing the following calculation:
Given y and n, determine x such that
x  y (mod n)
I claim that
 y
x  y  n  INT  
n
Proof :
x  y (mod n)
means
x y
k
n
and y are congruent modulo n
 y
y  n  INT    y (mod n)
n
 y
y  n  INT    y
n
k
n
 y
 INT    k k is an integer
n
Bottom Line….
To solve for x given the expression
x  y (mod n)
Proposed solution:
 y
x  y  n  INT  
n
This means, divide y by n and find the remainder. x is the remainder.
Example: I want to solve for x given:
x  4(mod 3)
4 divided by 3 is 1 remainder 1
So, x  1 is a solution.
Meet Alice & Bob
Alice & Bob want to send secure
messages to one another without fear
of their messages being read
by a third party
Alice
Bob
Using RSA PKE, each person creates a “Public Key” and a “Private Key”
Their Public Key is sent to any party that wishes to send them a message
Their Private Key is kept to themselves
Public Key
Private Key
RSA Public Key Encryption Scheme
Alice Creates Her Public & Private Key
1. Select two large prime numbers, p & q
2. Compute their product – the “modulus” n:
Alice
3. Compute Euler’s “totient”
  ( p  1)( q  1)
Public Key
Private Key

4. Choose e, 1 < e < 
such that the greatest common divisor (gcd) ( e ,   = 1
e
is the “public key exponent”
( Common choices are e =
5. Compute d such that
3,
17
&
65537 )
ed  1(mod )
d is the “private key exponent”
Public Key
(n,e)
Private Key
(n,d)
So Where’s the Secret?
n  pq
Alice
Public Key
(n,e)
  ( p  1)( q  1)
 pq  1  p  q  n  1  ( p  q)
The public
knows this
Private Key
(n,d)
ed  1(mod )
The public DOESN’T
know this
Because Alice doesn’t publish the values of p & q –

an eavesdropper can’t determine
and thus can’t determine the correct
value of d which is needed for message decryption
“M”
Bob wishes to send a message to Alice
Alice
Public Key
(n,e)
Private Key
(n,d)
Bob
“M”
Bob wishes to send a message to Alice
Alice
Bob
Public Key
(n,e)
Private Key
(n,d)
Alice sends her public key to Bob
and keeps her private key secret
“M”
Bob wishes to send a message to Alice
Alice
Bob
Public Key
(n,e)
Alice sends her public key to Bob
Public Key
(n,e)
Private Key
(n,d)
and keeps her private key secret
“M”
Bob wishes to send a message to Alice
Alice
Bob
Public Key
(n,e)
Alice sends her public key to Bob
Public Key
(n,e)
Private Key
and keeps her private key secret
(n,d)
Bob first turns his message M into an integer m (or series of integers) where 0 < m < n
by using an agreed-upon reversible protocol known as a padding scheme. He then
computes the cipher text c (for each integer in his message) via the following:
c  m (mod n)
e
“M”
Bob wishes to send a message to Alice
Alice
Bob
Public Key
(n,e)
Alice sends her public key to Bob
Public Key
(n,e)
Private Key
and keeps her private key secret
(n,d)
Bob first turns his message M into an integer m (or series of integers) where 0 < m < n
by using an agreed-upon reversible protocol known as a padding scheme. He then
computes the cipher text c (for each character in his message) via the following:
c  m (mod n)
e
Bob sends each “c” in the now-encrypted message to Alice.
“c”?
Alice Receives Bob’s Encrypted Message
Alice
Public Key
(n,e)
Private Key
(n,d)
Bob
“c”?
Alice Receives Bob’s Encrypted Message
Alice
Public Key
(n,e)
Private Key
(n,d)
Bob
Alice uses her Private Key and reverse padding scheme
to decrypt Bob’s message
“c”?
Alice Receives Bob’s Encrypted Message
Alice
Public Key
(n,e)
Private Key
(n,d)
Bob
Alice uses her Private Key and reverse padding scheme
to decrypt Bob’s message
m  c d (mod n)
“c”?
Alice Receives Bob’s Encrypted Message
Alice
Public Key
(n,e)
Private Key
(n,d)
Bob
Alice uses her Private Key and reverse padding scheme
to decrypt Bob’s message
m  c d (mod n)
m
Reverse Padding Scheme
“M”
Alice Receives Bob’s Encrypted Message
Alice
Public Key
(n,e)
Private Key
(n,d)
Bob
Alice uses her Private Key and reverse padding scheme
to decrypt Bob’s message
m  c d (mod n)
m
Reverse Padding Scheme
M
Alice Recovers Bob’s Original Message “M”
Sending Information from “B” to “A” – “Bob” and “Alice”
Via RSA Public Key Encryption
Alice
In Summary
Bob
Bob’s Message
Public Key
M
M
Private Key
m
Alice’s Public Key
Public Key
c  me (mod n)
Encrypted
Message
Alice’s Private Key
(n,d)
Bob’s Message is Recovered
m  c d (mod n)
Reverse Padding Scheme
M
M