RSA+Third+week

Now that we've played with RSA, let's see in detail why the process works.

We need one theorem from Number Theory, Fermat's (Little) Theorem. //For prime p such that p does not divide a, a^(p-1) = 1 (mod p).//

The proof of this theorem would be in MS309, a prerequisite for this course. So we can skip the proof! Let's do a few bite-sized examples to see how this theorem works. What class is MS309? I don't remember doing this proof and I could not find 309 on the list of courses.user:TrevorBarton MS309 is Number Theory. We have not offered it in years. Jasho will be offering it soon. user:mcdaniel30

5 is prime and 5 does not divide 12. 12^4 = 20736, which is obviously 1 higher than a multiple of 5. So, 20736 = 1 (mod 5).

17 is prime and 17 does not divide 6. 6^16 = 2821109907456 2821109907456 = 165947641615*17 + 1 So, 2821109907456 = 1 (mod17).

Now, let's lay out the steps for RSA again, copied right from RSA Second Day. We'll explain why the decoding works. Step 1. You select, but do not divulge, two distinct prime numbers. Call them P1, P2. Step 2. Multiply them. This product becomes public knowledge. Call this C1. Step 3. Subtract 1 from each prime and multiply, (P1 - 1)(P2-1) = **K**. Then select a number which is mutually prime with this number. Call this N1. Step 4. Write down the equation N1*m - **K** *y = 1 and find a solution.

Step 5. Now create a small string of numbers to stand for your message. Your message must be smaller than C1. Step 6.Compute message^N1 mod C1. This is an RSA encrypted version of your original message.Call it M. Step 7. Compute M^m mod C1. This should be your original message.

Now, as you read the steps, the selection of N1 sounds as if we're getting ready for use of Fermat's Little Theorem. Then Step 6 comes along we see the M^m mod C1, which looks like another almost use of Fermat's as well. There is a major hassle: C1 is a product of two primes, not just a prime number. We shall see that the decryption can be considered using one factor of C1 at a time. Now, let's look at the math in detail, one prime factor of C1 at a time. That means, we'll watch what happens for P1 first.

M = message^N1 (mod C1), which means message ^N1 = C1*q + M where q is some integer that I really don't care about. C1*q + M = P1*P2 *q + M. Now, let's hit the message^N1 with mod P1. message^N1 (mod P1) = (P1*P2*q + M) (mod P1) = M (mod P1). That should be obvious.

Now raise both sides to the m power.

(message^N1 (mod P1) )^m = (M (mod P1))^m = M^m (mod P1) this last move uses the product of the mods is mod of the product. We chose m from Step 4 to have the special property that N1*m = 1 + K*y. Now substitute and simplify (see homework problem 2,3 ) to get message * message^(K*(P1 - 1)) = M^m (mod P1) Dave and I disagree with this. Using the numbers from what I was doing below: 18 * 18^(72*6) = A ridiculously large number which does not equal 44^317 mod 7 = 4, which is also not my original message. user:LauraShuman user:D_Sweeney This response is impossible to follow. You're clearly refering to an example. You have the message is 18. Who are 72 and 6? And, yes, you're supposed to get gigantic numbers. That's what makes the system secure. I assume you're not using a calculator anymore, are you?user:mcdaniel30

P1 is prime. message^(K*(P1 - 1)) = 1 (modP1) by Fermat's Little Theorem.

So, the original message times 1 is all we get, modP1. Pretty darn nifty.

There are a few gaps in the explanation. Filling the gaps are this week's homework.

Homework for September 14 1. Prove that the product of the mods is the mod of the product. More precisely, if p = a (mod N) and q = b (mod N), prove (a*b) (mod N) = p*q (mod n).

p = a (mod N) and q = b (mod N) p is the remainder of a/N and q is the remainder of b/N, or a = Nx+p and b = Ny+q (great!) where x,y are the greatest integers x or y*N in a,b. (not sure how to discribe that) So a*b(modN) = (Nx+p)(Ny+q)(modN) = (N^2*xy+Npy+Nqx+pq)(modN). yes. Since N^2*xy, Npy and Nqx are all even multiples of N, they are = 0 in modN. All that is left is pq. Therefore, ab(modN) = pq(modN) user:wrighann Super, Anna. user:mcdaniel30

2. Fill in the missing steps of the substitution and some simplification in the red ink part above.

3. Fill in the steps between the red ink and the blue ink above.

3. The same argument holds for P2, so we get the message back again, mod P2. But why does the message still come back when we mod by C1 (the product of the P1 and P2)? I believe this is because of the fact that because C1 is a product of both P1 and P2, in terms of P2 C1 is just a multiple or scalar, therefore not prime. Since P2 is prime, it must be written as such by dividing C1 by P1, and the message is still the same. The same argument also holds for P1. user:D_Sweeney There is more to say. With the mods being applied, the answer is more than just C1 has two prime factors.user:mcdaniel30

4. In last week's homework, we saw how easy it was to crack an RSA if we factor C1. I have a message which I have RSA encrypted using C1 = 28470419 and N1 = 1723. The encrypted message is 13748088. This encrypted message is sent in the clear and you have intercepted it. Just try decoding this one! Write down how you tried and failed. If you succeed, you're reading ahead! Nice one!

I almost got it but the numbers were too large..... C1 = 28470419 N1 = 1723 P1=3221 P2=8839 (P1-1)(P2-1)=28458360=K N1*m-K*y=1 m=66067 y=4

M=Encrypted message M^m mod C1 13748088^66067 mod 28470416 = Original message. The numbers were too large to do on my calculator and m is prime so it could not be split up. I failed. user:TrevorBarton Trevor has successfully factored C1. He should have been able to decrypt my message. But he is still using a calculator. There are computers all over the place. Use one! user:mcdaniel30 Hey, I got a copy of maple and I think I figured this out. I believe your original message was 15033840.user:TrevorBarton Incorrect. Try again. user:mcdaniel30

It can be split up a little bit: 13748088^66067 mod 28470416 = 13748088*13748088^66066 mod 28470416. I tried to break it down, thinking that it could be taken down in steps, but I did't get too far before I realized that it wasn't much more practical: 13748088*(13728088^2)^33033 mod 28470416. Since the front half is a product, I worked with the stuff in parenthesis first, figuring the remaider could be multiplied in in it's place. 13728088^2 mod 28470416; (13748088^2/288470461 = 6638818.472....) 13728088^2 mod 28470416 = 13447450, which really isn't much of an improvement: 13748088*(13447450^33033) mod 28470416. user:wrighann

I want to scold myself for the incorrect use of the phrase "in the clear." When text is sent in the clear, it means the text was sent unencrypted. I should have written, "This encrypted message is sent over a non-secure medium and you have intercepted it." But I just love using the phrase, "in the clear." I live for the day when somebody is supposed to send me a coded message but he makes a mistake and sends the message unencrypted. Then I can get all annoyed and say, "You sent the message in the clear! You have jeopardized the entire operation." Also, the history of cryptography has many examples of a bungler sending a message in the clear, followed by the same message encrypted, just to see if the system is working. Eavesdroppers love that sort of stupidity. 4a. Good question for you: would you be able to recover the P1 and P2 if a short message was intercepted both encrypted and unencrypted?user:mcdaniel30

5. Write up another RSA encryption/decryption, easy numbers again. This time, pay attention to the proof as you decrypt. Write down when Fermat's Little Theorem gets used. P1 = 7 P2 = 13 C1 = 91 (P1-1) * (P2-1) = 6*12 = 72 = K 5 = N1 5*m – 72*y = 1 m = 317, y = 22 Message = 18 18^5 mod 91 = 44 = M So - the bold is where the message gets decrypted. And since I suck at this stuff - I don't understand where or how Fermat's Little Theorem comes into play. Probably should've mentioned that earlier this week. I'll see you soon McDaniel. user:LauraShuman
 * M^m mod C1 = 44^317 mod 91** = 18

P1=7 P2=3 C1=21 (P1-1)(P2-1)=12=K N1=5 This is the first place where Fermat's Theorem can be seen: 5 is in fact prime, and does not divide 12 12^(5-1)=20736 which is in fact 1(mod5) 5m-12y=1 y=2 and m=5 Message:16 16^5 mod21=4 And to decrypt: M^m mod21=4^5 mod21= 16 user:D_Sweeney Look, I want EVERYBODY to do this: step by tiny step, do what Laura has done, but follow the text above to see what specific math applies. There are several places where a mathematical move takes place in order for something certain to happen. RSA is not just SOME STUFF.

I am not seeing much work this week. I will give low numbers. Independent study does not mean automatic A. user:mcdaniel30