RSA Encryption

Zeph Grunschlag

Copyright © Zeph Grunschlag,

2001-2002.
 Agenda
RSA Cryptography
 A useful and basically unbreakable method for
encoding messages
Needed for implementing RSA:
 Fast Exponentiation
 Extended Euler’s Algorithm
 Modular inverses
 FLT (Fermat’s Little Theorem)
 CRT (Chinese Remainder Theorem)

L13 2
 RSA Cryptography
N = 4559, e = 13. m e mod N

Smiley Transmits: “Last name Smiley”


 L A S T N A M E S M I L E Y
 1201 1920 0014 0113 0500 1913 0912 0525
 120113 mod 4559, 192013 mod 4559, …
 2853 0116 1478 2150 3906 4256 1445 2462

L13 3
 RSA Cryptography
FrogsRUs.com receives the encrypted
blocks n = m e mod N. They have a
private decryption exponent d which
when applied to n recovers the original
blocks m : (m e mod N )d mod N = m
For N = 4559, e = 13 the
decryptor d = 3397.

L13 4
 RSA Cryptography
N = 4559, d = 3397
 2853 0116 1478 2150 3906 4256 1445 2462
 28533397 mod 4559, 01163397 mod 4559, …
 1201 1920 0014 0113 0500 1913 0912 0525
 LA S T N A M E S M I L E Y

L13 5
 RSA Cryptography
The key to security of RSA cryptosystem:
The public key (N,e) must be such that
it is very difficult for Snoop Snoopy
Snoop to figure out what d is, yet very
simple for FrogsRUs.com to come up
with.

L13 6
 Fast Modular Exponentiation
In order to implement RSA exponentiation
relative some modulo needs to be done
a lot. So this operation better be
doable, and fast.
Q: How is it even possible to compute
28533397 mod 4559 ? After all, 28533397
has approximately 3397·4 digits!

L13 7
 Fast Modular Exponentiation
A: By taking the mod after each
multiplication.
EG, a more lucid example:
233 mod 30  -73 (mod 30)
 (-7)2 ·(-7) (mod 30)  49 · (-7) (mod 30)
 19·(-7) (mod 30)  -133 (mod 30)
 17 (mod 30)

L13 8
 Fast Modular Exponentiation
Therefore, 233 mod 30 = 17.
Q: What if had to figure out 2316 mod 30.
Same way tedious: need to multiply 15
times. Is there a better way?

L13 9
 Fast Modular Exponentiation
A: Better way. Notice that 16 = 2·2·2·2 so that
2316 = 232·2·2·2 = (((232)2)2)2
Therefore:
2316 mod 30  (((-72)2)2)2 (mod 30)
 (((49)2)2)2 (mod 30)  (((-11)2)2)2 (mod 30)
 ((121)2)2 (mod 30)  ((1)2 )2 (mod 30)
 (1)2 (mod 30)  1(mod 30)
Which implies that 2316 mod 30 = 1.
Q: How ‘bout 2325 mod 30 ?
L13 10
 Fast Modular Exponentiation
A: The previous method of repeated squaring
works for any exponent that’s a power of 2.
25 isn’t. However, we can break 25 down as a
sum of such powers: 25 = 16 + 8 + 1. Apply
repeated squaring to each part, and multiply
the results together. Previous calculation:
238 mod 30 = 2316 mod 30 = 1
Thus: 2325 mod 30  2316+8+1 (mod 30) 

L13 11
 Fast Modular Exponentiation
A: The previous method of repeated squaring
works for any exponent that’s a power of 2.
25 isn’t. However, we can break 25 down as a
sum of such powers: 25 = 16 + 8 + 1. Apply
repeated squaring to each part, and multiply
the results together. Previous calculation:
238 mod 30 = 2316 mod 30 = 1
Thus: 2325 mod 30  2316+8+1 (mod 30) 
2316·238·231 (mod 30)  1·1·23 (mod 30)
Final answer: 2325 mod 30 = 23

L13 12
 Fast Modular Exponentiation
Q: How could we have figured out the
decomposition 25 = 16 + 8 + 1 from
the binary (unsigned) representation of
25?

L13 13
 Fast Modular Exponentiation
A: 25 = (11001)2 This means that
25 = 1·16+1·8+0·4+0·2+1·1 = 16+8+1
Can tell which powers of 2 appear by
where the 1’s are. This follows from
the definition of binary representation.

L13 14