The RSA public encryption scheme: How I learned to stop ...math.rice.edu/~av15/Files/MLI2010.pdf ·...

The RSA public encryption scheme:How I learned to stop worrying and love buying

stuff online

Anthony Varilly-AlvaradoRice University

Mathematics Leadership Institute,June 2010

Anthony Varilly-Alvarado Rice University The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Our Goal Today

I will describe how it is possible to safely send your credit cardnumber over the internet to a trusted party you have never met.

Why?

Bring Math to life with a monumentally important application.

Illustrate why pushing the boundary of “pure” Math is soimportant to our society’s development.

We can teach this to high-school students! (over many weeks)


Public key cryptography: What is it?

A definition by example.

Suppose that Alice wants to send a message half way around theworld to Bob.

The content of the message is a secret, and it is extremelyimportant that nobody but Bob be able to read the message.

There are two complications:

Eave, a character with malicious intentions, will likelyintercept the message.

Alice and Bob have never met, so they don’t have a secretcode in place.


Public key cryptography: What is it?

What can Alice and Bob do?

Somehow, they have to establish a secret code in plain sight. Theymust assume that Eave can read anything they send to each other.

Public key cryptography is a subject that, at heart, aims toproduce solutions to this seemingly impossible task.


The Lunchbox Metaphor

Here’s one way to solve the problem:

Bob sends Alice a lunchbox with an open padlock inside it.He keeps the key.

Alice puts the message inside the lunchbox and uses thepadlock to seal the lunchbox. She is no longer able to retrievethe message.

Alice sends the sealed lunch box back to Bob.

Bob uses his key to open the lunchbox and read Alice’smessage.

Note: there is nothing Eave can do to read the message.

To make this metaphor into a precise, mathematical crytosystem,we need the notion of modular arithmetic.


Modular Arithmetic

Fix:

A positive whole number n (the modulus).

Two (possibly negative) integers a and b.

We say that “a is congruent to b modulo n,” and write

a ≡ b mod n

if a− b is divisible by n.

Example

Take n = 5, a = 27 and b = −8. Then 27 ≡ −8 mod 5 because27−−8 = 35 is divisible by 5. In fact, 7× 5 = 35, so 7 is thewitness to this divisibility relation.


Examples

45 ≡ 13 mod 4 because 45− 13 = 32 is divisible by 4.

27 ≡ 8 mod 19 because 27− 8 = 19 is divisibile by 19.

−36 ≡ 0 mod 9 because −36− 0 = −36 is divisible by 9.


Audience participation

True or False? 17 ≡ 12 mod 5?

17− 12 = 5.

True or False: 25 ≡ 10 mod 12?

25− 10 = 15.

True or False: 105 ≡ 14 mod 7?

105− 14 = 91.


The Power Property

Fact

Let k be a non-negative integer, and fix n, a and b as above. Then

a ≡ b mod n =⇒ ak ≡ bk mod n.

Let’s see this in an example. We have 12 ≡ 2 mod 5. Take k = 2.Then the theorem says that

122 ≡ 22 mod 5

Let’s simplify:144 ≡ 4 mod 5.

This is true: 144− 4 = 140 is divisible by 5.


Congruences multiply

Fact

Let c be an integer, and fix m, a and b as above. Then

a ≡ b mod n =⇒ ca ≡ cb mod n.

Proof.

Since a− b is divisible by n we know that there is a witness integerr such that

a− b = rn

Multiply both sides by c :

ca− cb = crn.

Hence ca− cb is divisible by n as well (cr is a witness!).


Euler’s φ function

The last ingredient we need is Euler’s φ function, which takes asinput a positive number n and is defined as follows:

φ(n) = number of integers between 1 and n − 1 that have nocommon factors with n (other than 1).

For example: φ(12) = 4 because out of{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}, there are four integers, namely{1, 5, 7, 11} that don’t share a common factor with 12.


Facts about Euler’s φ function

If p is prime then φ(p) = p − 1. (Because every numbersmaller than p doesn’t share a factor with p.)

If p and q are two prime numbers, thenφ(pq) = (p − 1)(q − 1). (Harder.)

Euler’s Theorem: If m and n are integers with no commonfactors, then

mφ(n) ≡ 1 mod n.

For example: take n = 12 and m = 5. Then φ(12) = 4 andwe get 54 ≡ 1 mod 12, i.e.,

625 ≡ 1 mod 12.

This is true because 625− 1 = 624 = 52× 12.


The RSA cryptosystem

RSA stands for Rivest, Shamir and Adleman, three cryptographerswho came up with the following algorithm at MIT in 1978.


Step 1: The Public Key

In our metaphor, Bob sent Alice an open lock (to which he keptthe key). Mathematically, the padlock is called the public key.

Bob chooses two BIG primes p and q.

He computes n = pq. This will be our modulus.

He computes φ(n) = φ(pq) = (p − 1)(q − 1).

He picks an integer e in the range 1 < e < φ(pq) such that eand φ(pq) don’t share a common factor.

He finds an integer d such that de ≡ 1 mod φ(n).

The pair of integers (n, e) is the public key. Bob sends them toAlice in the clear (i.e. Eave also knows what n and e are). Theinteger d is the private key (the key to the padlock in ourmetaphor).


Factoring integers is HARD

Something important to note: Eave can get a hold of (n, e). IfEave can figure out what p and q are, then she can also figure outwhat d is!

RSA relies heavily on the idea that factoring large numbers is aREALLY HARD problem.


Step 2: Encryption

Alice is now in possession of of Bob’s public key (n, e). Say Alice’scredit card number is m. (Technical assumption: we need m < nand we need m and n to share no common factors. This is all easyto arrange.)

Alice computes me .

She divides me by n. Call the remainder c . In other words:

c ≡ me mod n.

The number c is called the ciphertext. It’s the scrambledmessage.

Alice sends c to Bob in the clear. Eave can see it.


Step 3: Decryption

Bob is now in possession of the scrambled message c . He also hasthe private key d , which no one else has.

Here’s the magic trick: the remainder when cd is divided by n ism. In other words:

cd ≡ m mod n

So Bob can figure out what m is!


Proof

Recall that de ≡ 1 mod φ(n). This means that de − 1 is divisibleby n. Say that

de − 1 = kφ(n)

so k is the witness to the division. Let’s rewrite this as

de = 1 + kφ(n).

Now for the one line proof:

cd ≡ (me)d ≡ mde ≡ m1+kφ(n) ≡ m(mφ(n))k ≡ m · 1k ≡ m mod n.


In slow motion

mφ(n) ≡ 1 mod n Euler’s theorem

=⇒ mkφ(n) ≡ 1k mod n The Power Property

=⇒ mkφ(n) ≡ 1 mod n

=⇒ m1+kφ(n) ≡ m mod n Congruences multiply

=⇒ mde ≡ m mod n because de = 1 + kφ(n)

=⇒ (me)d ≡ m mod n Law of Exponentiation

=⇒ cd ≡ m mod n because c ≡ me mod n

QED.


Why RSA works

There are two reasons why RSA is safe:

Factoring integers is hard.

The RSA problem: if we know c , n and e, and if

c ≡ me mod n

then there is no known way to compute m!!! In other words,taking e-th roots modulo n is also hard.


Where can I learn more?

Wikipedia! Just google “RSA wiki.”

Introduction to cryptography by Johannes Buchmann.


The RSA public encryption scheme: How I learned to stop ...math.rice.edu/~av15/Files/MLI2010.pdf ·...

Documents

Transcript of The RSA public encryption scheme: How I learned to stop ...math.rice.edu/~av15/Files/MLI2010.pdf ·...