Tag: algorithm

RSA (cryptosystem) – Part 2 (Key Generation Algorithm)

The mathematics described in the previous post is enough to describe RSA and show how it works. RSA is actually a set of two algorithms:

1. Key Generation: A key generation algorithm.
2. RSA Function Evaluation: A function F, that takes as input a point x and a key k and produces either an encrypted result or plain text, depending on the input and the key.

Key Generation

The key generation algorithm is the most complex part of RSA. The aim of the key generation algorithm is to generate both the public and the private RSA keys.This has to be done correctly in order to generate secure RSA keys, else it opens up the system for many different attacks (We will talk about the attacks later). I will break down the steps involved to generate keys with the mathematics functions used within that:

1. Large Prime Number Generation: Two large prime numbers p and q need to be generated. These numbers are very large up to 1024 digits or even 2048 digits. For security purposes, the integers p and q should be chosen at random, and should be similar in magnitude but differ in length by a few digits to make factoring harder.
2. Modulus: From the two large numbers, a modulus n is generated by multiplying p and q.
3. Totient: The totient of n, ϕ(n)is calculated.
4. Public Key: A prime number is calculated from the range [1 , ϕ(n)] that has a greatest common divisor of 1 with ϕ(n).
5. Private Key: Because the prime in step 4 has a gcd of 1 with ϕ(n), we are able to determine its inverse with respect to modϕ(n).

Let’s see how each step works with an example:

Large Prime Number Generation

RSA security depends on two very large prime numbers that are quite far apart. Generating composite numbers, or even prime numbers that are close together makes RSA totally insecure.

So how to generate large prime numbers? The answer is to pick a large random number and test for primness. If that number fails the prime test, then add 1 and start over again until we have a number that passes a prime test. For testing a big prime number we have many online/offline tools available which are also known as primality test (Example: Rabin-Miller primality test etc.).

Example: In this post, I am not going to show an example with 2 very large prime numbers. For ease of understanding, lets take two prime numbers as:

p=61 and q=53

Modulus

Once we have our two prime numbers, we can generate a modulus very easily:

n=p⋅q

RSA’s main security foundation relies upon the fact that given two large prime numbers, a composite number (in this case n) can very easily be deduced by multiplying the two primes together. But, given just n, there is no known algorithm to efficiently determining n’s prime factors. It is considered a hard problem, many people throughout history had tried and failed to find the solution of this problem.

Example: Compute n = pq giving

n = 61 x 53 = 3233

Totient

With the prime factors of n, the totient can be very quickly calculated:

ϕ(n)=LCM(p−1)⋅(q−1)

I talked about Totient in the last post. The reason why the RSA becomes vulnerable if one can determine the prime factors of the modulus is because then one can easily determine the totient.

Example: The actual totient calculation is done by taking in LCM but sometimes we may even use just multiplication of (p-1).(q-1) as per our prime numbers but with large prime numbers taking LCM would be much better.

ϕ(n)= LCM(61-1).(53-1) = 780

Public Key

The public key, normally expressed as e, it is a prime number chosen in the range [1,ϕ(n)]. You may think that 1 is a little small, and yes, I agree, if any small number is chosen, it could lead to security flaws. So in practice, the public key is normally set at 65537. Note that because the public key is prime, it has a high chance of a gcd equal to 1 with ϕ(n). If this is not the case, then we must use another prime number.

An interesting observation: If in practice, the number above is set at 65537, then it is not picked at random; surely this is a problem? Actually, no, it isn’t. As the name implies, this key is public and therefore is shared with everyone. As long as the private key cannot be deduced from the public key, we are secure. The reason why the public key is not randomly chosen in practice is because it is desirable not to have a large number. This is because it is more efficient to encrypt with smaller numbers than larger numbers.

The public key is actually a key pair of the exponent e and the modulus n and is present as follows

(e,n)

Example: Choose any number 1 < e < 780 that is coprime to 780. Choosing a prime number for e leaves us only to check that e is not a divisor of 780.

Let e= 17

Then our public key pair is (17,3233)

Private Key

The public key has a gcd of 1 with ϕ(n), the multiplicative inverse of the public key with respect to ϕ(n) can be efficiently and quickly determined using the Extended Euclidean Algorithm. This multiplicative inverse is the private key(d). So , we have the following equation (one of the most important equations in RSA):

e⋅d=1modϕ(n)

Just like the public key, the private key is also a key pair of the exponent d and modulus n:

(d,n)

One of the absolute fundamental security assumptions behind RSA is that given a public key, one cannot efficiently determine the private key.

Example: Compute d, the modular multiplicative inverse of e (mod λ(n)) :

17⋅d=1modϕ(3233)

d = 413

So the private key pair is (413, 3233)

In the next post, I will give a brief about RSA Function Evaluation and a big example to showcase how RSA works.

RSA (cryptosystem) – Part 1 (Simple mathematics)

In this post, I am going to explain exactly how RSA public key encryption works. Before start coding and using the Secure Socket Layer we need to understand the base algorithm on which it works and RSA is one of the popular algorithm under its wing. Everything in this post (including this one) are very mathematical, I am going to try and make this break down in some important concepts and make it simple with examples.

I would suggest not the use any of the example in the real world scenario as this algorithm requires to work with a secure padding structure.

Background Mathematics – The thing which makes wonders

Set Of Integers : Modulo P

Zp={0,1,2,…,p−1}

This is called the set of integers modulo p (or mod p for short). It is a set that contains Integers from 0 up until p−1.

Example: Z10={0,1,2,3,4,5,6,7,8,9}

Remainder After Division

This concept mostly we have all learnt in School, as for example if we divide 7 by 2, we get remainder as 1. This is stated without any notion of real numbers, only integers. This type of math is really vital to RSA, and is one of the reasons that secures RSA. A formal way of stating a remainder after dividing by another number is an equivalence relationship:

x,y,z,k∈Z, x≡ymodz ⟺ x=k⋅z+y

This equation states that if x is equivalent to the remainder (in this case y) after dividing by an integer (in this case z), then x can be written like so: x=k⋅z+y where k is an integer.

Example: Let’s take y =7 and z=5, then the following values of x will hold for the equation:  x=7,x=12,x=17,…. There are all sought of possibilities to get the value of if we keep on changing the value of k. Therefore, x can be written like so: x =k⋅5+7, where k can be any of the infinite amount of integers.

There are two important things to note:

1. The remainder stays constant always.
2. As we stated earlier, y∈Z(y is in the set of integers modulo z)

Greatest Common Divisor and Multiplicative Inverse

A multiplicative inverse for x is a number that when multiplied by x, will be equal to 1. The multiplicative inverse of x is written as x−1 and is defined as so:

x⋅x−1=1

The greatest common divisor (gcd) between two numbers is the largest integer that will divide both numbers. For example, gcd(3,8)=2.

The interesting thing is that if two numbers have a gcd of 1, then the smaller of the two numbers has a multiplicative inverse in the modulo of the larger number. It is expressed in the following equation:

x∈Zp,x−1∈Zp⟺gcd(x,p)=1

The above just says that an inverse only exists if the greatest common divisor is 1.

Example: Lets work in the set Z11, then 3∈Z11 and gcd(3,11)=1. Therefore 3 has a multiplicative inverse (written 3−1) in mod11, which is 4. And indeed, 4⋅3=12=1mod11. But not all numbers have inverses. For instance, 3∈Z9 but 3−1does not exist! This is because gcd(3,9)=3≠1.

Let me just give a more detailed version of how this works:

Consider the modular multiplicative inverse of 3 modulo 11, call it x. In order for x to exist it must be that 3 and 11 are co-prime, which is true.

x=3-1mod11

This is equivalent to the computation of finding x such that

3.x = 1.mod11

By observation the one positive value of x that satisfies this equation is is 4 since

3.4=12=1mod11

As 12 divided by 11 will give you remainder as 1 and thus the equation can be written as above.

Prime Numbers

Prime numbers are very important to the RSA algorithm. A prime is a number that can only be divided without a remainder by itself and 1. For example, 7 is a prime number (any other number besides 1 and 7 will result in a remainder after division) while 10 is not a prime.

This has an important implication: For any prime number p, every number from 1 up to p−1 has a gcd of 1 with p, and therefore has a multiplicative inverse in modulo p.

Euler’s Totient

Euler’s Totient is the number of elements that have a multiplicative inverse in a set of modulo integers. The totient is denoted using the Greek symbol phi (ϕ). The totient is just the count of the number of elements that have their gcd with the modulus equal to 1. This brings us to an important equation regarding the totient and prime numbers:

p∈P, ϕ(p)=p−1

Example: ϕ(9)=|{1,2,4,5,7,8}|=6

As gcd(9,3) =3, gcd(9,6)=3 and gcd(9,9)=9. So only 6 values with which 9 has greatest common divisor as 1.

With the above background, we have enough tools to describe RSA and in the next post we will see, How the RSA algorithm works.

Sources: