modular arithmetic & rsa encryption
DESCRIPTION
Provides an introduction to modular arithmetic and it's application to encryption via RSA, intended for talented year 10 students (though should be fairly widely applicable)TRANSCRIPT
Modular Arithmetic & RSA Encryption
Philip Tromanshttp://pjtlog.blogspot.com/
March 2008
1 Introduction
With the rise of the internet, information security has become enormously important to every internet user.After all, no-one wants their credit card details stolen when they shop online. All modern cryptography (theart of encoding messages so that only the desired recipient can understand the message) is based on maths,and huge amounts of money are directed at research into these fields. In this talk we intend to explorethe most prominent form of encryption used on the internet (RSA encryption) and some of the theory thatmakes us believe it’s safe to use.
As for the exercises in this set of notes, don’t be worried if you can’t do all of them. The first few aregenerally intended to be do-able, but the latter ones are supposed to be hard, and are supposed to stretchyou (hopefully you’ll find them interesting too).
2 Prime numbers
Prime numbers are sometimes said to be the building blocks of the number system. A number is prime ifand only if the only two numbers that divide it are 1 and itself. For example: 11, 17, 23 and 2 are all prime,and 4 and 33 aren’t prime as 4 = 2× 2 and 33 = 3× 11. Every number that isn’t prime can be expressed asa product of primes, for example:
53158732 = 2 × 2 × 11 × 19 × 63587
Note: 1 is defined not to be a prime.
2.1 Coprime numbers
Two numbers are coprime if they don’t share any common factors. If they don’t have any common factors,then they definitely can’t have any common prime factors (if you can’t see why that’s true, then think aboutit for a little while or ask someone). So for example, 9 and 10 are coprime as 9 = 3 × 3 and 10 = 2 × 5, and8 and 12 are not coprime as 8 = 2 × 2 × 2 and 12 = 2 × 2 × 3 (both have a factor of 2).
Note: 1 is coprime to every number apart from 1 (and anything being coprime to 0 makes no sense).
2.2 Exercises
1. Which of 68, 50, 37, 97, 5, 43 are prime? If not, why not?
2. Express 18 as a product of primes.
3. Are any two different prime numbers coprime?
4. What’s the highest common factor (HCF) of any two coprime numbers?
1
5. Is x3 prime where x is any positive integer (i.e. a counting number: 1, 2, 3 . . . ).
6. Consider the sequence of numbers: 41, 43, 47, 53, 61, . . . (where the difference between each pair ofnumbers increases by 2 each time). Are all of these numbers in the sequence (up to infinity) prime?
3 Euler’s Totient Function, φ(x)
Euler’s totient function is generally written φ(x), and only exists when x is a positive integer. It is definedby: φ(x) = the number of positive integers less than x (and greater than or equal to 1) that are coprime tox. For example:
φ(9) = 6
as 1, 2, 4, 5, 7 and 8 are coprime to 9. Also,
φ(13) = 12
as 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 are all coprime to 13.
3.1 Properties
(You might like to write reasons why this is true after it’s been explained on the board).For a prime number p:
φ(p) = p − 1
φ(p2) = p2− p
For distinct primes p, q:φ(pq) = pq − q − p + 1
= (p − 1)(q − 1)
3.2 Exercises
1. Calculate φ(16), φ(21), φ(25), φ(7).
4 Modular Arithmetic
You might not have ever heard of modular arithmetic, but the chances are you use it every day. It’s justa posh name for arithmetic on remainders. For example, when you tell the time, if it’s 2pm you say it’s 2o’clock and not 14 o’clock. We say that the time is told mod 12 (mod stands for modulo). We write this as:
t ≡ 2 (mod 12)
What this means is ”when t is divided by 12, the remainder is 2”. Some more examples are: 7 ≡ 2 (mod 5),6 ≡ 0 (mod 6).
4.1 Exercises
1. Calculate 7 (mod 3), 6 (mod 4), 100 (mod 9).
2. What is p + 3 (mod p) for any postive integer p bigger than 3?.
3. What is p2 (mod p) for any positive integer p?. What about p2 + p + 1 (mod p)?
4. Does 2x ≡ 3 (mod 6) have any solutions if x is a positive integer? (if it does, state one, if not thensay why not)
5. Solve 2x ≡ 4 (mod 6).
2
5 Encryption
Encryption is the art of transforming text (called a plaintext) so that it is unreadable unless you have specialknowledge (a key). So, if you want to communicate in secret with someone, you give them a key (and youhave the same key) and encrypt some information for them. If this is intercepted by someone else, then inan ideal world it is useless to them, as they don’t have the key. If the message is received as intended, thenthat person has the key and can decrypt it, and read the contents.
5.1 The Key Distribution Problem
Think of a way of encryption (say swap A with B, B with C, C with D, ..., Z with A). Chances are, you’vethought of something that is symmetric. This means that you need the same key to decrypt it as to encryptit.
Plaintext CiphertextKey
Now imagine you are somewhere where all your communications are intercepted. How will you get the keyto the recipient? This is what is known as the key distribution problem.
What we need is an asymmetric cipher, i.e. one where there is a different encryption key and decryptionkey (and ideally it needs to be hard to work out the decryption key from the encryption key).
Plaintext Ciphertext
Encryption Key
Decryption Key
With this setup, you can publish your encryption key (write it on your door or whatever) and keep yourdecryption key secret. Then, if anyone wants to communicate with you, then they just encrypt it using yourencryption key, and only you should be able to decrypt and read the message. One such algorithm existsand is called RSA (after the initials of its inventors).
6 RSA Encryption
Before we can actually look at the RSA algorithm, we need one more tool. It’s called the Fermat-EulerTheorem.
Note: This section is the hardest so far, and takes the ideas from before and makes quite a lot of use ofthem. Don’t be put off if you don’t understand this straight away. It’s meant to be challenging.
6.1 The Fermat-Euler Theorem
The Fermat-Euler Theorem states that:
aφ(n)≡ 1 (mod n)
for all integers a in the range 1 . . .n (not including n) that are coprime to n. This is quite a complicatedstatement, so read it a few times to make sure you’ve understood it.
Proving this isn’t too hard, but we don’t have time to do it now. It requires a bit more background inmodular arithmetic, but if you’re interested then either me or one of your maths teachers would be happy
3
to help. To help us believe that it might be true, let’s see an example: working mod 5. φ(5) = 4. And wecan see by calculation that:
14≡ 1 (mod 5)
24 = 16 ≡ 1 (mod 5)
34 = 81 ≡ 1 (mod 5)
44 = 256 ≡ 1 (mod 5)
You might like to try it with some other values of n (but make sure you only check it for values of a thatare coprime to n!) and check that the theorem’s true for these values too.
6.2 The RSA Algorithm
6.2.1 Encryption
1. Let our message (or part of our message) be m, and make sure this m is an integer (as encryption isgoing to involve modular arithemetic).
2. Choose two large prime numbers, p and q (say each is 200 digits long), and let n = p × q and store n
somewhere.
3. Now calculate the totient, φ(n). But this is easy as:
φ(n) = φ(pq) = (p − 1)(q − 1)
So this is just multiplication and subtraction (both of which a computer can do very very quickly).
4. We now choose an integer e which is between 1 and φ(n) such that e and φ(n) are coprime (so thatthey share no factors). This e is called the coding exponent and this is what you publish (along withn) if you want people to be able to send encrypted messages to you.
5. To encrypt a message m, all that we do is raise it to the power e, working modulo n, i.e.:
x = me (mod n)
and we call x the ciphertext.
6.2.2 Decryption
Decrypting a message is easy if you know what the values of p and q were from before.
1. Just like we had an ”coding exponent” (which we called e), we also have a ”decoding exponent” whichshall be called d. We know (from the Fermat-Euler theorem) that:
xφ(n)≡ 1 (mod n)
(this assumes that x is coprime to n but this turns out to be true). So:
xkφ(n)≡ 1 (mod n)
for any integer k. So:xkφ(n)+1
≡ x (mod n)
(just by multiplying each side by x).
4
2. So, we need to set up our decoding exponent (d) so that:
(me)d≡ m (mod n)
This is is done by picking d so that:de ≡ 1 (mod φ(n))
which it turns out is fairly easy to do1. This is only easy to do because we know what the value ofφ(n) is, because we know what the values of p and q are.
3. Let the encrypted message (ciphertext) we receive be x, and hopefully the decrypted value will be theoriginal m.
m = xd (mod n)
6.2.3 Summary
To Encode To Decodex 7→ xe (mod n) x 7→ xd (mod n)Need to know n and e (which have been pub-lished).
Need to know n and d.
So, encryption is always easy, and decryption is easy if we know n and d. However, d is always kept secret(which is why it’s called a private key) so that only we can decrypt messages intended for us.
6.2.4 Decryption by an enemy
If we don’t know what d is, then we can calculate it if we know what φ(n) is (which is what we did in thelast section). n is publicly available (it’s part of someone’s public key) and we even know that n is two bigprimes multiplied together. But if we don’t know what the values of p and q are then we have to find them(so that we can calculate φ(n) = φ(pq) = (p− 1)(q − 1)) because there is no way of calculating φ(n) withoutthem! To the best of public knowledge, there is no way of finding out what p and q are other than bruteforce (i.e. starting from 1 and manually checking every number between 1 and n to see whether it’s coprimeto n), and the numbers chosen are always very very large (so that the amount of time taken to find thedecryption key is expected to be many times the lifetime of the universe).
6.3 Exercises
1. When we’re working out xe (mod n), if we just multiply x by itself e times, this is likely to take along time. What’s a quicker way of working it out?
2. It turns out that in practice RSA is pretty slow (lots of big numbers to multiply etc...). Bearing inmind that there are lots of very strong and very fast symmetric ciphers, what might the best use ofsomething like RSA be in practice? (Hint: think about the key distribution problem).
3. The numbers 3, 5 and 7 are all prime. Does it ever happen again that there are numbers n, n + 2,n + 4 that are all prime?
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License, seehttp://creativecommons.org/licenses/by-sa/3.0/ for details.
1This uses something called Euclid’s algorithm. To see what Euclid’s algorithm does, see:http://en.wikipedia.org/wiki/Euclidean algorithm and to see how to solve the above equation, look at:http://en.wikipedia.org/wiki/Linear congruence theorem
5