RSA+made+plain

Your homework is to justify each step. Due October 7, 2009

Given: We have primes P1 and P2. their product is called C1 = P1*P2. Given: We have K = (P1 -1)*(P2 - 1). Given: We have e (or N1) mutually prime with K. Given: We find m and y such that mN1 - Ky = 1. we need Fermat's Little Theorem: for P a prime and N mutually prime with P, N^(P - 1) mod P = 1. We have a message M which is not a multiple of C1.

Let's prove RSA works as claimed. We must prove:

(M^N1 mod C1)^m mod C1 = M.

We will proceed using P1 alone. The proof is started. The opportunities for justification will be marked in purple.

(M^N1 mod P1)^m mod P1 = (M^N1)^m mod P1 Because This is true because of basic division properties. ex. (345^5 mod 13)^33 mod 13) = ((345^5)^33 mod 13) = 8 since MOD is just the remainder of a division problem it can be moved through the problem as long as the rest of the parts are connected through multiplication or an exponent. user:TrevorBarton Good enough. product of the modded factors is mod of the product.user:mcdaniel30

​ (M^N1)^m = (M^(N1*m)) Because This is one of the basic properties of exponents; ex: (M^2)^4 = (M^2) (M^2) (M^2) (M^2) So M^2x4 or M^8. This same Idea is used here where (M^N1)^m is (M^N1)x(M^N1)x(M^N1). . . multiplied m times This can be simplified as M^N1xm user:D_Sweeney Gooduser:mcdaniel30

(M^(N1*m)) = (M^(Ky +1)) Because This comes from the equation mN1 - ky=1 Solving for mN1 the equation yields mN1= 1+ky Because of this equality, it is a matter of substitution; M^(mN1)=M^(1+ky) user:D_Sweeney good user:mcdaniel30

(M^(Ky+1)) = M*M^Ky Because M*M^Ky = M^1 * M^Ky When multiplying two numbers of the same base together, you add the exponents. (ex. 2^2 * 2^3 = 2^5) So M^1 * M^Ky = M^(Ky+1) user:LauraShuman gooduser:mcdaniel30

M^Ky = M^((P1 - 1)(P2-1)y) Because K = (P1-1)(P2-1) by definition in RSA, so it is just a matter of substitution. user:LauraShuman gooduser:mcdaniel30

M^((P1 - 1)(P2-1)y) = (M^((P2-1)y))^(P1 - 1) Because the (P1-1) exponent can be distributed back into (M^((P2-1)y)) by multiplying it by the exponent in parenthesis. user:wrighann The distributive property has nothing to do with it. user:mcdaniel30 This uses the same properties as the second step with the properties of exponents but in reverse order. M^(ab)=(M^a)^buser:TrevorBarton That's more like it. Good.user:mcdaniel30

(M^((P2-1)y))^(P1 - 1) mod P1 = 1 Because M^((P2-1)y)) is mutually prime with P1, so by Fermat's Little Theorem we have (M^(P2-1)y)^(P1-1) mod P1 = 1 user:LauraShuman I have been waiting for weeks. Somebody FINALLY noticed when Fermat's Little Theorem kicks in. Thank you, Laura. user:mcdaniel30

So, the decryption of the encryption, (M^N1 mod P1)^m mod P1 = M Because Fermat's Little Theorem kills off all but one power of M. user:mcdaniel30

The same exact argument works for P2 because You can choose (P2-1) to get the: M^((P1-1)(P2-1)y) = M^((P1-1)y^(P2-1)) and follow the rest of the steps with P2. user:LauraShuman The choice of P1 was arbitrary.user:mcdaniel30

And now, the big ending. The decryption of the encryption works using C1 in place of P1 because P1*P2=C1 has to be mutually prime with the message or the RSA process fails. Each step of this proof works just as well with C1 instead of P1. user:mcdaniel30