|
|
|
| Ron Rivest | Adi Shamir | Len Adleman |
Ronald Rivest, Adi Shamir, and Len Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," MIT Laboratory for Computer Science Technical Memo LCS/TM-82, April 1977.
RSA Algorithm
Modular Arithmetic
25 % 3 = 1 means 1 is the remainder when 25 is divided
by 3.
In general a % m = c means c is the remainder when a is divided by m. The integer m is called the modulus.
The possible values for c are 0, 1, 2,..., m-1.
If a and b have the same remainder when they are divided by m, we say that
a is congruent to b modulo m
This is also written: a =b (mod m)
Examples: 57 = 5 (mod 26)
57 = 31 (mod
26)
Note that a =b (mod m) exactly when
a - b is a multiple
of m.
Uses of Modular Arithmetic we've seen:
Stripping off digits of a number (% 10)
Finding binary representation of a number (% 2)
Determining if an integer is odd or even (% 2)
Telling Time: In "clock arithmetic" there are only 12 numbers (hours):
0 (=12) 1 2 3 4 5 6 7 8 9 10 11
In clock arithmetic (% 12)
5 + 10 = ______
2 - 5 = _______
-5 = ________
Clock Arithmetic is denoted Z12
Life in Z12 has some familiar features but some things are very different:
-5 = 7 (the "negative" of a number may be bigger than the number!).
2 * 6 = 0 (The product of two nonzero numbers may = 0)
5 * 5 = 1 so = 5. The reciprocal of 5 is 5 (multiplicative inverse)
Not every number has an inverse:
The equation 2x
= 1 has no solution in Z12
Addition and Multiplication are very easy.
Subtraction is easy.
Division is tricky,
but not hard.
Finding Square Roots appears to be incredibly hard. No efficient technique is known.
Does 41 have a square root (mod 100)?
Is there an x such that x*x % 100 = 41 ?
Does 51 have a square root (mod 100)?
Finding cube roots, fourth
roots, and so on are even more difficult.
Examples: 2, 3, 5, 7,
11, 13, 17, 19, 23, 29, 31, 37,...
| 1 | 2 | 3 | 5 | 7 | |||||
| 11 | 13 | 17 | 19 | ||||||
| 23 | 29 | ||||||||
| 31 | 37 | ||||||||
| 41 | 43 | 47 | |||||||
| 53 | 59 | ||||||||
| 61 | 67 | ||||||||
| 71 | 73 | 75 | 79 | ||||||
| 83 | 89 | ||||||||
| 97 |
Theorem: There
are infinitely many primes.
Two integers are relatively prime if their greatest common factor (gcd) is 1.
gcd (14, 6) = 2
gcd(12, 25) = 1 so 12
and 25 are relatively priem
The RSA Algorithm
Pick two large prime numbers p and q.
Let n = pq
Next choose a number d relatively prime to (p-1)(q-1) and let e be the multiplcative inverse of d mod (p-1)(q-1);
that is, e * d = 1 mod ( (p-1)*(q-1) )
The product n and the integer e are made public, but not p and q or d.
Then represent the message by an integer M between 0 and n-1.
The encryption is then C = Me mod n
To decrypt, raise C
to the power d
A Very Simple Example:
p = 3
q = 11
n = 33
(p-1)(q-1) = 2 * 10 = 20
Pick d and e so that de % 20 = 1: We'll use e = 3 and d = 7.
To Encrypt: Raise M to the 3rd power mod 33.
To Decrypt: Raise ciphered number to the 7th power mod 33.
Message = SUN
Replace with positions in alphabet 19 21 14
Then 193 = 6859 % 33 = 28
213 = 9261 % 33 = 21
143 = 2744 % 33 = 5
We would transmit 28 21 5
To decrypt
287 = 13492928512 % 33 = 19
217 = 1801088541 % 33 = 21
57 = 78125 % 33 = 14
Actual Examples:
p and q might be 300 digit primes so n would be a 600 digit number.
We can then break message
up into blocks of 300 characters each and encrypt each block. The effect
is to create an alphabet of 26300 "characters"
so frequency analysis would be worthless.
To crack an RSA-enchipered message, we
have to know p and q. We know the product pq = n, so "all we have to do is factor n". How hard is that?