As discussed in the lecture, rsa is based on which of the following problem(s)?

We talked about the ideas behind public key cryptography last lecture. How do we implement such a scheme? This is where number theory comes to the rescue in the form of the RSA crypto system. RSA stands for Rivest, Shamir and Adelman, who discovered the scheme in 1977. Clifford Cocks had independently discovered this earlier in 1973, but his work was classified and remained unknown for many years.

A link to the original RSA paper is here.

Messages As Numbers

First, let us get some preliminary concepts out of the way. We will regard messages as numbers. The idea is that your message is encoded as a number through a scheme such as ASCII. The rest of this presentation will deal with encrypting and decrypting numbers.

Basic Idea

Suppose Alice wished to send a message

As discussed in the lecture, rsa is based on which of the following problem(s)?
to Bob that she wished Bob and no one else to read. In a public key system, she will obtain Bob's public key and encrypt the message
As discussed in the lecture, rsa is based on which of the following problem(s)?
using Bob's public key to obtain a encrypted message
As discussed in the lecture, rsa is based on which of the following problem(s)?
. This is sent to Bob.

Upon receiving the message from Alice, Bob decrypts it using his private key. No one else can decrypt the message unless they have Bob's private key.

How do we implement this in practice?

The basic idea behind RSA is to create a one-way function

As discussed in the lecture, rsa is based on which of the following problem(s)?
that given a message
As discussed in the lecture, rsa is based on which of the following problem(s)?
and a public key
As discussed in the lecture, rsa is based on which of the following problem(s)?
, encrypts the message by computing
As discussed in the lecture, rsa is based on which of the following problem(s)?
to yield the cipher
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

The reason

As discussed in the lecture, rsa is based on which of the following problem(s)?
is called one-way is that

However, if it is hard for someone to invert

As discussed in the lecture, rsa is based on which of the following problem(s)?
, how is it that Bob can do so?

  • We will assume that using the private key, Bob has a function

    As discussed in the lecture, rsa is based on which of the following problem(s)?
    that will allow him to compute
    As discussed in the lecture, rsa is based on which of the following problem(s)?
    .

So our scheme should give us functions

As discussed in the lecture, rsa is based on which of the following problem(s)?
where
As discussed in the lecture, rsa is based on which of the following problem(s)?
is easy to compute but very hard to invert. On the other hand,
As discussed in the lecture, rsa is based on which of the following problem(s)?
is easy to compute and inverts
As discussed in the lecture, rsa is based on which of the following problem(s)?
if the private key is available.

Number Theory to the Rescue

The basic scheme for RSA uses a really large number

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

  • The public key is a pair of numbers

    As discussed in the lecture, rsa is based on which of the following problem(s)?

  • The private key is a pair of numbers

    As discussed in the lecture, rsa is based on which of the following problem(s)?
    .

Each message

As discussed in the lecture, rsa is based on which of the following problem(s)?
is assumed to be a number between
As discussed in the lecture, rsa is based on which of the following problem(s)?
and
As discussed in the lecture, rsa is based on which of the following problem(s)?
. If
As discussed in the lecture, rsa is based on which of the following problem(s)?
is really large, we allow a large space of numbers to code our messages with.

The basic idea is to encrypt a message

As discussed in the lecture, rsa is based on which of the following problem(s)?
by computing
As discussed in the lecture, rsa is based on which of the following problem(s)?
. This operation is called modular exponentiation. It is computationally inexpensive to compute even though
As discussed in the lecture, rsa is based on which of the following problem(s)?
and
As discussed in the lecture, rsa is based on which of the following problem(s)?
are typically large numbers in an RSA implementation.

Example

Let us take a message

As discussed in the lecture, rsa is based on which of the following problem(s)?
and encrypt it using the public key
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

We will simply compute

As discussed in the lecture, rsa is based on which of the following problem(s)?

On the first sight, this modular exponentiation looks like an atrociously hard computation. But remember that

As discussed in the lecture, rsa is based on which of the following problem(s)?
is infectious :-).

Therefore, we can first compute this by repeated squaring and modulo operations. Here is how we compute for our example using python interpreter

Example Computation

bash$ python

Python 2.7.6 (v2.7.6:3a1db0d2747e, Nov 10 2013, 00:42:54)
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> c1 = (1098 **2) % 41989
>>> c1
29912
>>> c2 = (c1 **2) % 41989
>>> c2
26132
>>> c3 = (c2 **2) %41989
>>> c3
14317
>>> c4 = (c3 * c2) % 41989
>>> c4
9854
>>> c5 = (c4 * 1098) % 41989
>>> c5
28519

However, a snooper who simply sees the encrypted message

As discussed in the lecture, rsa is based on which of the following problem(s)?
and the public key
As discussed in the lecture, rsa is based on which of the following problem(s)?
will find it very hard to figure out the message
As discussed in the lecture, rsa is based on which of the following problem(s)?
. This problem is considered to be a computationally hard problem, and is called the RSA problem.

So far, we have identified our one way function

As discussed in the lecture, rsa is based on which of the following problem(s)?
, which is given by modular exponentiation . We have claimed that inverting
As discussed in the lecture, rsa is based on which of the following problem(s)?
when given
As discussed in the lecture, rsa is based on which of the following problem(s)?
and the public key
As discussed in the lecture, rsa is based on which of the following problem(s)?
is computationally a hard problem. There is no known efficient algorithm for this problem, to date.

Now the idea is to find a private key

As discussed in the lecture, rsa is based on which of the following problem(s)?
that satisfies
As discussed in the lecture, rsa is based on which of the following problem(s)?
. In other words, if we take the encrypted message
As discussed in the lecture, rsa is based on which of the following problem(s)?
and perform modular exponentiation with the private key
As discussed in the lecture, rsa is based on which of the following problem(s)?
, we obtain the original message
As discussed in the lecture, rsa is based on which of the following problem(s)?
back.

This means that we need

As discussed in the lecture, rsa is based on which of the following problem(s)?
to satisfy the property that for any message
As discussed in the lecture, rsa is based on which of the following problem(s)?
,

As discussed in the lecture, rsa is based on which of the following problem(s)?

In other words, we require that

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

The question is how can we find a pair

As discussed in the lecture, rsa is based on which of the following problem(s)?
that will satisfy this relation, and furthermore, given
As discussed in the lecture, rsa is based on which of the following problem(s)?
it should be hard to find the corresponding
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Some Preliminaries

We say that two numbers

As discussed in the lecture, rsa is based on which of the following problem(s)?
are relatively prime if they have no prime factors in common. In other words,
As discussed in the lecture, rsa is based on which of the following problem(s)?
are relatively prime if their greatest common divisor
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Euler's Theorem

You can skip this section on a first read

The answer comes from a result proved by Euler in 1741, called the Euler's Totient theorem. We will first examine the Totient function.

As an example, consider

As discussed in the lecture, rsa is based on which of the following problem(s)?
. The numbers that are relatively prime to
As discussed in the lecture, rsa is based on which of the following problem(s)?
include
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Therefore

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Interestingly, given a number

As discussed in the lecture, rsa is based on which of the following problem(s)?
,
As discussed in the lecture, rsa is based on which of the following problem(s)?
is rather hard to compute. But there are numbers for which it is relatively easy.

Totient Function for Prime Numbers

Theorem: The totient function

As discussed in the lecture, rsa is based on which of the following problem(s)?
for a prime number
As discussed in the lecture, rsa is based on which of the following problem(s)?
is simply
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

The proof is simply to note that every number

As discussed in the lecture, rsa is based on which of the following problem(s)?
is relatively prime to
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Another important result about Totient functions is as follows:

Totient functions for products of primes

If

As discussed in the lecture, rsa is based on which of the following problem(s)?
and
As discussed in the lecture, rsa is based on which of the following problem(s)?
are prime numbers, such that
As discussed in the lecture, rsa is based on which of the following problem(s)?
, then
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Let us look at all numbers between

As discussed in the lecture, rsa is based on which of the following problem(s)?
that have a common factor with
As discussed in the lecture, rsa is based on which of the following problem(s)?
. These can only be multiples of
As discussed in the lecture, rsa is based on which of the following problem(s)?
or multiples of
As discussed in the lecture, rsa is based on which of the following problem(s)?
. The reader can convince themselves that there are
As discussed in the lecture, rsa is based on which of the following problem(s)?
of these numbers. Therefore,
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Here is what Euler's theorem says:

Euler's Theorem

Let

As discussed in the lecture, rsa is based on which of the following problem(s)?
be relatively prime numbers. We have
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

The proof is rather elegant. Let

As discussed in the lecture, rsa is based on which of the following problem(s)?
be the set of all the numbers relatively prime with
As discussed in the lecture, rsa is based on which of the following problem(s)?
. Here
As discussed in the lecture, rsa is based on which of the following problem(s)?
and
As discussed in the lecture, rsa is based on which of the following problem(s)?
belongs to this set. Now consider
As discussed in the lecture, rsa is based on which of the following problem(s)?
. It is possible to show that
As discussed in the lecture, rsa is based on which of the following problem(s)?
and
As discussed in the lecture, rsa is based on which of the following problem(s)?
are, in fact, the same sets.

Therefore,

As discussed in the lecture, rsa is based on which of the following problem(s)?

We therefore conclude that

As discussed in the lecture, rsa is based on which of the following problem(s)?
, or in other words
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

RSA Scheme

We are now ready to talk about the basic RSA scheme.

The idea is to choose two different large prime numbers

As discussed in the lecture, rsa is based on which of the following problem(s)?
and compute
As discussed in the lecture, rsa is based on which of the following problem(s)?
. Let us assume
As discussed in the lecture, rsa is based on which of the following problem(s)?
, in general.

We now wish to find a pair

As discussed in the lecture, rsa is based on which of the following problem(s)?
and
As discussed in the lecture, rsa is based on which of the following problem(s)?
for the public and private keys such that for any message
As discussed in the lecture, rsa is based on which of the following problem(s)?
, we have
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Choosing any message

As discussed in the lecture, rsa is based on which of the following problem(s)?
between
As discussed in the lecture, rsa is based on which of the following problem(s)?
, we can use Totient's theorem to guarantee that

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Therefore, if we choose any positive

As discussed in the lecture, rsa is based on which of the following problem(s)?
, we still obtain

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Therefore,

As discussed in the lecture, rsa is based on which of the following problem(s)?
, for any
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Our goal is now to find

As discussed in the lecture, rsa is based on which of the following problem(s)?
such that

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

In other words,

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

We follow the following steps to do so:

  • Choose large primes

    As discussed in the lecture, rsa is based on which of the following problem(s)?
    with
    As discussed in the lecture, rsa is based on which of the following problem(s)?
    .

  • Let

    As discussed in the lecture, rsa is based on which of the following problem(s)?
    .

  • Let

    As discussed in the lecture, rsa is based on which of the following problem(s)?
    .

  • Choose a number

    As discussed in the lecture, rsa is based on which of the following problem(s)?
    with
    As discussed in the lecture, rsa is based on which of the following problem(s)?
    that is relatively prime with
    As discussed in the lecture, rsa is based on which of the following problem(s)?
    .

  • Compute

    As discussed in the lecture, rsa is based on which of the following problem(s)?
    such that
    As discussed in the lecture, rsa is based on which of the following problem(s)?
    for some
    As discussed in the lecture, rsa is based on which of the following problem(s)?
    . This is done using the Euclidean Algorithm.

Finally, we discard

As discussed in the lecture, rsa is based on which of the following problem(s)?
and simply retain
As discussed in the lecture, rsa is based on which of the following problem(s)?
. We publish
As discussed in the lecture, rsa is based on which of the following problem(s)?
as the public key and retain
As discussed in the lecture, rsa is based on which of the following problem(s)?
as the private key.

Encryption

Encrypting a message

As discussed in the lecture, rsa is based on which of the following problem(s)?
is performed by modular exponentiation with public key:

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Likewise, decryption uses the private key

As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Decryption

Given cipher-text

As discussed in the lecture, rsa is based on which of the following problem(s)?
, we recover the original message as

As discussed in the lecture, rsa is based on which of the following problem(s)?

Let us illustrate this:

Encryption: Take a message

As discussed in the lecture, rsa is based on which of the following problem(s)?
represented as a number from
As discussed in the lecture, rsa is based on which of the following problem(s)?
. The encrypted value of
As discussed in the lecture, rsa is based on which of the following problem(s)?
is
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Example: Using public key

As discussed in the lecture, rsa is based on which of the following problem(s)?
and message
As discussed in the lecture, rsa is based on which of the following problem(s)?
, we have
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

To decrypt, we have to compute

As discussed in the lecture, rsa is based on which of the following problem(s)?
=
As discussed in the lecture, rsa is based on which of the following problem(s)?
.

Breaking RSA

Let us assume that some one has access to the public key

As discussed in the lecture, rsa is based on which of the following problem(s)?
. What stops them from finding out
As discussed in the lecture, rsa is based on which of the following problem(s)?
, the secret key?

After all,

As discussed in the lecture, rsa is based on which of the following problem(s)?
. Therefore, by factorizing
As discussed in the lecture, rsa is based on which of the following problem(s)?
, we can find
As discussed in the lecture, rsa is based on which of the following problem(s)?
and repeat the process for ourselves to compute
As discussed in the lecture, rsa is based on which of the following problem(s)?
and
As discussed in the lecture, rsa is based on which of the following problem(s)?
. Once
As discussed in the lecture, rsa is based on which of the following problem(s)?
is known then the whole scheme goes kaput.

Problem (Factoring) Given a number

As discussed in the lecture, rsa is based on which of the following problem(s)?
that we are told is the product of two as yet unknown prime numbers
As discussed in the lecture, rsa is based on which of the following problem(s)?
, finding out
As discussed in the lecture, rsa is based on which of the following problem(s)?
is a hard problem.

In order to convince you that factoring a large number say

As discussed in the lecture, rsa is based on which of the following problem(s)?
digits is hard, your first programming assignment that will be out this monday asks you to try and write a factoring routine that given a number
As discussed in the lecture, rsa is based on which of the following problem(s)?
finds a prime factor
As discussed in the lecture, rsa is based on which of the following problem(s)?
of
As discussed in the lecture, rsa is based on which of the following problem(s)?
. You can use any method to do so.

Combinatorially Hard Problems

There are problems in CS which do not have any known algorithms. The class of problems is called NP standing for Non-Deterministic Polynomial Time.

Claim Factoring a number

As discussed in the lecture, rsa is based on which of the following problem(s)?
is an example of a hard problem.

Naive Algorithm

int factor(int n){
   int i;
   for (i = 0; i < n;++i)
      if (Divides(i,n)) return i;

   return NO_FACTOR;
}

Time taken to factor by best known algorithm is roughly

As discussed in the lecture, rsa is based on which of the following problem(s)?
. However, does that preclude a clever and faster algorithm?

The best known factoring algorithm is the general number field sieve. Even though it is worst case exponential, it has been used to factor large number of upto a

As discussed in the lecture, rsa is based on which of the following problem(s)?
decimal digits.

What problem is RSA based on?

The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the "factoring problem". Breaking RSA encryption is known as the RSA problem.

What is RSA used for?

RSA encryption, in full Rivest-Shamir-Adleman encryption, type of public-key cryptography widely used for data encryption of e-mail and other digital transactions over the Internet. RSA is named for its inventors, Ronald L. Rivest, Adi Shamir, and Leonard M.

What is RSA algorithm and how it works?

The RSA algorithm is a public-key signature algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman. Their paper was first published in 1977, and the algorithm uses logarithmic functions to keep the working complex enough to withstand brute force and streamlined enough to be fast post-deployment.

Which of the following is disadvantage of the RSA algorithm?

Disadvantages of RSA It may fail sometimes because for complete encryption both symmetric and asymmetric encryption is required and RSA uses asymmetric encryption only. It has slow data transfer rate due to large numbers involved. It requires third party to verify the reliability of public keys sometimes.