With RSA, you can encrypt sensitive information with a public key and a. Below is an online tool to perform RSA encryption and decryption as a RSA calculator. First, we require public and private keys for RSA encryption and decryption.
- Cryptography Tutorial
- Cryptography Useful Resources
- Selected Reading
Public Key Cryptography
Unlike symmetric key cryptography, we do not find historical use of public-key cryptography. It is a relatively new concept.
Symmetric cryptography was well suited for organizations such as governments, military, and big financial corporations were involved in the classified communication.
With the spread of more unsecure computer networks in last few decades, a genuine need was felt to use cryptography at larger scale. The symmetric key was found to be non-practical due to challenges it faced for key management. This gave rise to the public key cryptosystems.
The process of encryption and decryption is depicted in the following illustration −
The most important properties of public key encryption scheme are −
- Different keys are used for encryption and decryption. This is a property which set this scheme different than symmetric encryption scheme.
- Each receiver possesses a unique decryption key, generally referred to as his private key.
- Receiver needs to publish an encryption key, referred to as his public key.
- Some assurance of the authenticity of a public key is needed in this scheme to avoid spoofing by adversary as the receiver. Generally, this type of cryptosystem involves trusted third party which certifies that a particular public key belongs to a specific person or entity only.
- Encryption algorithm is complex enough to prohibit attacker from deducing the plaintext from the ciphertext and the encryption (public) key.
- Though private and public keys are related mathematically, it is not be feasible to calculate the private key from the public key. In fact, intelligent part of any public-key cryptosystem is in designing a relationship between two keys.
There are three types of Public Key Encryption schemes. We discuss them in following sections −
RSA Cryptosystem
This cryptosystem is one the initial system. It remains most employed cryptosystem even today. The system was invented by three scholars Ron Rivest, Adi Shamir, and Len Adleman and hence, it is termed as RSA cryptosystem.
We will see two aspects of the RSA cryptosystem, firstly generation of key pair and secondly encryption-decryption algorithms.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs to generate a pair of keys, namely public key and private key. The process followed in the generation of keys is described below −
- Generate the RSA modulus (n)
- Select two large primes, p and q.
- Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a minimum of 512 bits.
- Find Derived Number (e)
- Number e must be greater than 1 and less than (p − 1)(q − 1).
- There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words two numbers e and (p – 1)(q – 1) are coprime.
- Form the public key
- The pair of numbers (n, e) form the RSA public key and is made public.
- Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength of RSA.
- Generate the private key
- Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.
- Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less than (p - 1)(q - 1) such that when multiplied by e, it is equal to 1 modulo (p - 1)(q - 1).
- This relationship is written mathematically as follows −
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output.
Example
An example of generating RSA Key pair is given below. (For ease of understanding, the primes p & q taken here are small values. Practically, these values are very high).
- Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.
- Select e = 5, which is a valid choice since there is no number that is common factor of 5 and (p − 1)(q − 1) = 6 × 12 = 72, except for 1.
- The pair of numbers (n, e) = (91, 5) forms the public key and can be made available to anyone whom we wish to be able to send us encrypted messages.
- Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will be d = 29.
- Check that the d calculated is correct by computing −
- Hence, public key is (91, 5) and private keys is (91, 29).
Encryption and Decryption
Once the key pair has been generated, the process of encryption and decryption are relatively straightforward and computationally easy.
Interestingly, RSA does not directly operate on strings of bits as in case of symmetric key encryption. It operates on numbers modulo n. Hence, it is necessary to represent the plaintext as a series of numbers less than n.
RSA Encryption
- Suppose the sender wish to send some text message to someone whose public key is (n, e).
- The sender then represents the plaintext as a series of numbers less than n.
- To encrypt the first plaintext P, which is a number modulo n. The encryption process is simple mathematical step as −
- In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and then reduced modulo n. This means that C is also a number less than n.
- Returning to our Key Generation example with plaintext P = 10, we get ciphertext C −
RSA Decryption
- The decryption process for RSA is also very straightforward. Suppose that the receiver of public-key pair (n, e) has received a ciphertext C.
- Receiver raises C to the power of his private key d. The result modulo n will be the plaintext P.
- Returning again to our numerical example, the ciphertext C = 82 would get decrypted to number 10 using private key 29 −
RSA Analysis
The security of RSA depends on the strengths of two separate functions. The RSA cryptosystem is most popular public-key cryptosystem strength of which is based on the practical difficulty of factoring the very large numbers.
- Encryption Function − It is considered as a one-way function of converting plaintext into ciphertext and it can be reversed only with the knowledge of private key d.
- Key Generation − The difficulty of determining a private key from an RSA public key is equivalent to factoring the modulus n. An attacker thus cannot use knowledge of an RSA public key to determine an RSA private key unless he can factor n. It is also a one way function, going from p & q values to modulus n is easy but reverse is not possible.
If either of these two functions are proved non one-way, then RSA will be broken. In fact, if a technique for factoring efficiently is developed then RSA will no longer be safe.
The strength of RSA encryption drastically goes down against attacks if the number p and q are not large primes and/ or chosen public key e is a small number.
ElGamal Cryptosystem
Along with RSA, there are other public-key cryptosystems proposed. Many of them are based on different versions of the Discrete Logarithm Problem.
ElGamal cryptosystem, called Elliptic Curve Variant, is based on the Discrete Logarithm Problem. It derives the strength from the assumption that the discrete logarithms cannot be found in practical time frame for a given number, while the inverse operation of the power can be computed efficiently.
Let us go through a simple version of ElGamal that works with numbers modulo p. In the case of elliptic curve variants, it is based on quite different number systems.
Generation of ElGamal Key Pair
Each user of ElGamal cryptosystem generates the key pair through as follows −
- Choosing a large prime p. Generally a prime number of 1024 to 2048 bits length is chosen.
- Choosing a generator element g.
- This number must be between 1 and p − 1, but cannot be any number.
- It is a generator of the multiplicative group of integers modulo p. This means for every integer m co-prime to p, there is an integer k such that gk=a mod n.For example, 3 is generator of group 5 (Z5 = {1, 2, 3, 4}).
N | 3n | 3n mod 5 |
---|---|---|
1 | 3 | 3 |
2 | 9 | 4 |
3 | 27 | 2 |
4 | 81 | 1 |
- Choosing the private key. The private key x is any number bigger than 1 and smaller than p−1.
- Computing part of the public key. The value y is computed from the parameters p, g and the private key x as follows −
- Obtaining Public key. The ElGamal public key consists of the three parameters (p, g, y).For example, suppose that p = 17 and that g = 6 (It can be confirmed that 6 is a generator of group Z17). The private key x can be any number bigger than 1 and smaller than 71, so we choose x = 5. The value y is then computed as follows −
- Thus the private key is 62 and the public key is (17, 6, 7).
Encryption and Decryption
The generation of an ElGamal key pair is comparatively simpler than the equivalent process for RSA. But the encryption and decryption are slightly more complex than RSA.
ElGamal Encryption
Suppose sender wishes to send a plaintext to someone whose ElGamal public key is (p, g, y), then −
- Sender represents the plaintext as a series of numbers modulo p.
- To encrypt the first plaintext P, which is represented as a number modulo p. The encryption process to obtain the ciphertext C is as follows −
- Randomly generate a number k;
- Compute two values C1 and C2, where −
- Send the ciphertext C, consisting of the two separate values (C1, C2), sent together.
- Referring to our ElGamal key generation example given above, the plaintext P = 13 is encrypted as follows −
- Randomly generate a number, say k = 10
- Compute the two values C1 and C2, where −
- Send the ciphertext C = (C1, C2) = (15, 9).
ElGamal Decryption
- To decrypt the ciphertext (C1, C2) using private key x, the following two steps are taken −
- Compute the modular inverse of (C1)x modulo p, which is (C1)-x , generally referred to as decryption factor.
- Obtain the plaintext by using the following formula −
- In our example, to decrypt the ciphertext C = (C1, C2) = (15, 9) using private key x = 5, the decryption factor is
- Extract plaintext P = (9 × 9) mod 17 = 13.
ElGamal Analysis
In ElGamal system, each user has a private key x. and has three components of public key − prime modulus p, generator g, and public Y = gx mod p. The strength of the ElGamal is based on the difficulty of discrete logarithm problem.
The secure key size is generally > 1024 bits. Today even 2048 bits long key are used. On the processing speed front, Elgamal is quite slow, it is used mainly for key authentication protocols. Due to higher processing efficiency, Elliptic Curve variants of ElGamal are becoming increasingly popular.
Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptography (ECC) is a term used to describe a suite of cryptographic tools and protocols whose security is based on special versions of the discrete logarithm problem. It does not use numbers modulo p.
ECC is based on sets of numbers that are associated with mathematical objects called elliptic curves. There are rules for adding and computing multiples of these numbers, just as there are for numbers modulo p.
ECC includes a variants of many cryptographic schemes that were initially designed for modular numbers such as ElGamal encryption and Digital Signature Algorithm.
It is believed that the discrete logarithm problem is much harder when applied to points on an elliptic curve. This prompts switching from numbers modulo p to points on an elliptic curve. Also an equivalent security level can be obtained with shorter keys if we use elliptic curve-based variants.
The shorter keys result in two benefits −
- Ease of key management
- Efficient computation
These benefits make elliptic-curve-based variants of encryption scheme highly attractive for application where computing resources are constrained.
RSA and ElGamal Schemes – A Comparison
Let us briefly compare the RSA and ElGamal schemes on the various aspects.
RSA | ElGamal |
---|---|
It is more efficient for encryption. | It is more efficient for decryption. |
It is less efficient for decryption. | It is more efficient for decryption. |
For a particular security level, lengthy keys are required in RSA. | For the same level of security, very short keys are required. |
It is widely accepted and used. | It is new and not very popular in market. |
This is part 1 of a series of two blog posts about RSA (part 2L1 will explain why RSA works). In this post, I am going to explain exactly how RSA public key encryption works. One of the 3 seminal events in cryptographyL2 of the 20th century, RSA opens the world to a host of various cryptographic protocols (like digital signatures, cryptographic voting etc). All discussions on this topic (including this one) are very mathematical, but the difference here is that I am going to go out of my way to explain each concept with a concrete example. The reader who only has a beginner level of mathematical knowledge should be able to understand exactly how RSA works after reading this post along with the examples.
PLEASE PLEASE PLEASE: Do not use these examples (specially the real world example) and implement this yourself. What we are talking about in this blog post is actually referred to by cryptographers as plain old RSA, and it needs to be randomly padded with OAEPL3 to make it secure. In fact, you should never ever implement any type of cryptography by yourself, rather use a library. You have been warned!
The Set Of Integers Modulo P
The set:
begin{equation} label{bg:intmod} mathbb{Z}_p = { 0,1,2,...,p-1 }end{equation}
Is called the set of integers modulo p (or mod p for short). It is a set that contains Integers from (0) up until (p-1).
Example: (mathbb{Z}_{10} ={0,1,2,3,4,5,6,7,8,9})
Integer Remainder After Dividing
When we first learned about numbers at school, we had no notion of real numbers, only integers. Therefore we were told that 5 divided by 2 was equal to 2 remainder 1, and not (2frac{1}{2}). It turns out that this type of math is vital to RSA, and is one of the reasons that secures RSA. A formal way of stating a remainder after dividing by another number is an equivalence relationship:
begin{equation} label{bg:mod} forall x,y,z,k in mathbb{Z}, x equiv y bmod z iff x = kcdot z + yend{equation}
Equation (ref{bg:mod}) states that if (x) is equivalent to the remainder (in this case (y)) after dividing by an integer (in this case (z)), then (x) can be written like so: (x = kcdot z + y) where (k) is an integer.
Example: If (y=4) and (z=10), then the following values of (x) will satisfy the above equation: (x=4, x=14, x=24,...). In fact, there are an infinite amount of values that (x) can take on to satisfy the above equation (that is why I used the equivalence relationship (equiv) instead of equals). Therefore, (x) can be written like so: (x = kcdot 10 + 4), where (k) can be any of the infinite amount of integers.
There are two important things to note:
- The remainder (y) stays constant, whatever value (x) takes on to satisfy equation (ref{bg:mod}).
- Due to the above fact, (y in mathbb{Z}_z) ((y) is in the set of integers modulo (z))
Multiplicative Inverse And The Greatest Common Divisor
A multiplicative inverse for (x) is a number that when multiplied by (x), will equal (1). The multiplicative inverse of (x) is written as (x^{-1}) and is defined as so:
The greatest common divisor (gcd) between two numbers is the largest integer that will divide both numbers. For example, (gcd(4,10) = 2).
The interesting thing is that if two numbers have a gcd of 1, then the smaller of the two numbers has a multiplicative inverse in the modulo of the larger number. It is expressed in the following equation:
begin{equation} label{bg:gcd} x in mathbb{Z}_p, x^{-1} in mathbb{Z}_p Longleftrightarrow gcd(x,p) = 1end{equation}
The above just says that an inverse only exists if the greatest common divisor is 1. An example should set things straight...
Example: Lets work in the set (mathbb{Z}_9), then (4 in mathbb{Z}_9) and (gcd(4,9)=1). Therefore (4) has a multiplicative inverse (written (4^{-1})) in (bmod 9), which is (7). And indeed, (4cdot 7 = 28 = 1 bmod 9). But not all numbers have inverses. For instance, (3 in mathbb{Z}_9) but (3^{-1}) does not exist! This is because (gcd(3,9) = 3 neq 1).
Prime Numbers
PrimeL4 numbers are very important to the RSA algorithm. A prime is a number that can only be divided without a remainder by itself and (1). For example, (5) is a prime number (any other number besides (1) and (5) will result in a remainder after division) while (10) is not a prime1.
This has an important implication: For any prime number (p), every number from (1) up to (p-1) has a (gcd) of 1 with (p), and therefore has a multiplicative inverse in modulo (p).
Euler's Totient
Euler's TotientL6 is the number of elements that have a multiplicative inverse in a set of modulo integers. The totient is denoted using the Greek symbol phi (phi). From (ref{bg:gcd}) above, we can see that the totient is just the count of the number of elements that have their (gcd) with the modulus equal to 1. This brings us to an important equation regarding the totient and prime numbers:
begin{equation} label{bg:totient} p in mathbb{P}, phi(p) = p-1end{equation}
Example: (phi(7) = left|{1,2,3,4,5,6}right| = 6)2.
With the above background, we have enough tools to describe RSA and show how it works. RSA is actually a set of two algorithms:
- Key Generation: A key generation algorithm.
- RSA Function Evaluation: A function (F), that takes as input a point (x) and a key (k) and produces either an encrypted result or plaintext, depending on the input and the key.
Key Generation
The key generation algorithm is the most complex part of RSA. The aim of the key generation algorithm is to generate both the public and the private RSA keys. Sounds simple enough! Unfortunately, weak key generation makes RSA very vulnerable to attack. So it has to be done correctly. Here is what has to happen in order to generate secure RSA keys:
- Large Prime Number Generation: Two large prime numbers (p) and (q) need to be generated. These numbers are very large: At least 512 digits, but 1024 digits is considered safe.
- Modulus: From the two large numbers, a modulus (n) is generated by multiplying (p) and (q).
- Totient: The totient of (n, phi(n)) is calculated.
- Public Key: A prime number is calculated from the range ([3,phi(n))) that has a greatest common divisor of (1) with (phi(n)).
- Private Key: Because the prime in step 4 has a gcd of 1 with (phi(n)), we are able to determine it's inverse with respect to (bmod phi(n)).
After the five steps above, we will have our keys. Lets go over each step.
Large Prime Number Generation
It is vital for RSA security that two very large prime numbers be generated that are quite far apart. Generating composite numbers, or even prime numbers that are close together makes RSA totally insecure.
How does one generate large prime numbers? The answer is to pick a large random number (a very large random number) and test for primeness. If that number fails the prime test, then add 1 and start over again until we have a number that passes a prime test. The problem is now: How do we test a number in order to determine if it is prime?
The answer: An incredibly fast prime number tester called the Rabin-Miller primality testerL8 is able to accomplish this. Give it a very large number, it is able to very quickly determine with a high probability if its input is prime. But there is a catch (and readers may have spotted the catch in the last sentence): The Rabin-Miller test is a probability test, not a definite test. Given the fact that RSA absolutely relies upon generating large prime numbers, why would anyone want to use a probabilistic test? The answer: With Rabin-Miller, we make the result as accurate as we want. In other words, Rabin-Miller is setup with parameters that produces a result that determines if a number is prime with a probability of our choosing. Normally, the test is performed by iterating (64) times and produces a result on a number that has a (frac{1}{2^{128}}) chance of not being prime. The probability of a number passing the Rabin-Miller test and not being prime is so low, that it is okay to use it with RSA. In fact, (frac{1}{2^{128}}) is such a small number that I would suspect that nobody would ever get a false positive.
So with Rabin-Miller, we generate two large prime numbers: (p) and (q).
Modulus
Once we have our two prime numbers, we can generate a modulus very easily:
begin{equation} label{rsa:modulus}n=pcdot qend{equation}
RSA's main security foundation relies upon the fact that given two large prime numbers, a composite number (in this case (n)) can very easily be deduced by multiplying the two primes together. But, given just (n), there is no known algorithm to efficiently determining (n)'s prime factors. In fact, it is considered a hard problem. I am going to bold this next statement for effect: The foundation of RSA's security relies upon the fact that given a composite number, it is considered a hard problem to determine it's prime factors.
The bold-ed statement above cannot be proved. That is why I used the term 'considered a hard problem' and not 'is a hard problem'. This is a little bit disturbing: Basing the security of one of the most used cryptographic atomics on something that is not provably difficult. The only solace one can take is that throughout history, numerous people have tried, but failed to find a solution to this.
Totient
With the prime factors of (n), the totient can be very quickly calculated:
begin{equation} label{RSA:totient}phi(n) = (p-1)cdot (q-1)end{equation}
This is directly from equation (ref{bg:totient}) above. It is derived like so:
$$phi(n) = phi(pcdot q) = phi(p) cdot phi(q) = (p-1)cdot (q-1)$$
The reason why the RSA becomes vulnerable if one can determine the prime factors of the modulus is because then one can easily determine the totient.
Public Key
Next, the public key is determined. Normally expressed as (e), it is a prime number chosen in the range ([3,phi(n))). The discerning reader may think that (3) is a little small, and yes, I agree, if (3) is chosen, it could lead to security flaws. So in practice, the public key is normally set at (65537). Note that because the public key is prime, it has a high chance of a gcd equal to (1) with (phi(n)). If this is not the case, then we must use another prime number that is not(65537), but this will only occur if (65537) is a factor of (phi(n)), something that is quite unlikely, but must still be checked for.
An interesting observation: If in practice, the number above is set at (65537), then it is not picked at random; surely this is a problem? Actually, no, it isn't. As the name implies, this key is public, and therefore is shared with everyone. As long as the private key cannot be deduced from the public key, we are happy. The reason why the public key is not randomly chosen in practice is because it is desirable not to have a large number. This is because it is more efficient to encrypt with smaller numbers than larger numbers.
The public key is actually a key pair of the exponent (e) and the modulus (n) and is present as follows
Private Key
Because the public key has a gcd of (1) with (phi(n)), the multiplicative inverse of the public key with respect to (phi(n)) can be efficiently and quickly determined using the Extended Euclidean AlgorithmL9. This multiplicative inverse is the private key. The common notation for expressing the private key is (d). So in effect, we have the following equation (one of the most important equations in RSA):
begin{equation} label{RSA:ed} ecdot d = 1 bmod phi(n) end{equation}
Just like the public key, the private key is also a key pair of the exponent (d) and modulus (n):
One of the absolute fundamental security assumptions behind RSA is that given a public key, one cannot efficiently determine the private key. I have written a follow up to this post explaining why RSA worksL1, in which I discuss why one can't efficiently determine the private key given a public keyL10.
RSA Function Evaluation
This is the process of transforming a plaintext message into ciphertext, or vice-versa. The RSA function, for message (m) and key (k) is evaluated as follows:
begin{equation} F(m,k) = m^k bmod nend{equation}
There are obviously two cases:
- Encrypting with the public key, and then decrypting with the private key.
- Encrypting with the private key, and then decrypting with the public key.
The two cases above are mirrors. I will explain the first case, the second follows from the first
Encryption: (F(m,e) = m^e bmod n = c), where (m) is the message, (e) is the public key and (c) is the cipher.
Decryption: (F(c,d) = c^d bmod n = m).
Decryption: (F(c,d) = c^d bmod n = m).
And there you have it: RSA!
This is the part that everyone has been waiting for: an example of RSA from the ground up. I am first going to give an academic example, and then a real world example.
Calculation of Modulus And Totient
Lets choose two primes: (p=11) and (q=13). Hence the modulus is (n = p times q = 143). The totient of n (phi(n) = (p-1)cdot (q-1) = 120).
Key Generation
For the public key, a random prime number that has a greatest common divisor (gcd) of 1 with (phi(n)) and is less than (phi(n)) is chosen. Let's choose (7) (note: both (3) and (5) do not have a gcd of 1 with (phi(n)). So (e=7), and to determine (d), the secret key, we need to find the inverse of (7) with (phi(n)). This can be done very easily and quickly with the Extended Euclidean Algorithm, and hence (d=103). This can be easily verified: (ecdot d = 1 bmod phi(n)) and (7cdot 103 = 721 = 1 bmod 120).
Encryption/Decryption
Lets choose our plaintext message, (m) to be (9):
Encryption:
Decryption:
$$c^d bmod n = 48^{103} bmod 143 = 9 = m$$
A Real World Example
Now for a real world example, lets encrypt the message 'attack at dawn'. The first thing that must be done is to convert the message into a numeric format. Each letter is represented by an ascii character, therefore it can be accomplished quite easily. I am not going to dive into converting strings to numbers or vice-versa, but just to note that it can be done very easily. How I will do it here is to convert the string to a bit array, and then the bit array to a large number. This can very easily be reversed to get back the original string given the large number. Using this method, 'attack at dawn' becomes 1976620216402300889624482718775150 (for those interested, hereL11 is the code that I used to make this conversion).
Key Generation
Now to pick two large primes, (p) and (q). These numbers must be random and not too close to each other. Here are the numbers that I generated:using Rabin-Miller primality tests:
p
12131072439211271897323671531612440428472427633701410925634549312301964373042085619324197365322416866541017057361365214171711713797974299334871062829803541
12131072439211271897323671531612440428472427633701410925634549312301964373042085619324197365322416866541017057361365214171711713797974299334871062829803541
q
12027524255478748885956220793734512128733387803682075433653899983955179850988797899869146900809131611153346817050832096022160146366346391812470987105415233
12027524255478748885956220793734512128733387803682075433653899983955179850988797899869146900809131611153346817050832096022160146366346391812470987105415233
With these two large numbers, we can calculate n and (phi(n))
n
145906768007583323230186939349070635292401872375357164399581871019873438799005358938369571402670149802121818086292467422828157022922076746906543401224889672472407926969987100581290103199317858753663710862357656510507883714297115637342788911463535102712032765166518411726859837988672111837205085526346618740053
145906768007583323230186939349070635292401872375357164399581871019873438799005358938369571402670149802121818086292467422828157022922076746906543401224889672472407926969987100581290103199317858753663710862357656510507883714297115637342788911463535102712032765166518411726859837988672111837205085526346618740053
(phi(n))
145906768007583323230186939349070635292401872375357164399581871019873438799005358938369571402670149802121818086292467422828157022922076746906543401224889648313811232279966317301397777852365301547848273478871297222058587457152891606459269718119268971163555070802643999529549644116811947516513938184296683521280
145906768007583323230186939349070635292401872375357164399581871019873438799005358938369571402670149802121818086292467422828157022922076746906543401224889648313811232279966317301397777852365301547848273478871297222058587457152891606459269718119268971163555070802643999529549644116811947516513938184296683521280
e - the public key
(65537) has a gcd of 1 with (phi(n)), so lets use it as the public key. To calculate the private key, use extended euclidean algorithm to find the multiplicative inverse with respect to (phi(n)).
(65537) has a gcd of 1 with (phi(n)), so lets use it as the public key. To calculate the private key, use extended euclidean algorithm to find the multiplicative inverse with respect to (phi(n)).
d - the private key
89489425009274444368228545921773093919669586065884257445497854456487674839629818390934941973262879616797970608917283679875499331574161113854088813275488110588247193077582527278437906504015680623423550067240042466665654232383502922215493623289472138866445818789127946123407807725702626644091036502372545139713
89489425009274444368228545921773093919669586065884257445497854456487674839629818390934941973262879616797970608917283679875499331574161113854088813275488110588247193077582527278437906504015680623423550067240042466665654232383502922215493623289472138866445818789127946123407807725702626644091036502372545139713
Encryption/Decryption
Encryption: 197662021640230088962448271877515(0^e bmod n)
35052111338673026690212423937053328511880760811579981620642802346685810623109850235943049080973386241113784040794704193978215378499765413083646438784740952306932534945195080183861574225226218879827232453912820596886440377536082465681750074417459151485407445862511023472235560823053497791518928820272257787786
Decryption:
35052111338673026690212423937053328511880760811579981620642802346685810623109850235943049080973386241113784040794704193978215378499765413083646438784740952306932534945195080183861574225226218879827232453912820596886440377536082465681750074417459151485407445862511023472235560823053497791518928820272257787786(^d bmod n)
1976620216402300889624482718775150 (which is our plaintext 'attack at dawn')
This real world example shows how large the numbers are that is used in the real world.
RSA is the single most useful tool for building cryptographic protocols (in my humble opinion). In this post, I have shown how RSA works, I will follow this upL1 with another post explaining why it works.
Links
- http://doctrina.org/Why-RSA-Works-Three-Fundamental-Questions-Answered.html
- http://doctrina.org/The-3-Seminal-Events-In-Cryptography.html
- http://en.wikipedia.org/wiki/OAEP
- http://en.wikipedia.org/wiki/Prime_number
- http://en.wikipedia.org/wiki/Composite_number
- http://en.wikipedia.org/wiki/Euler%27s_totient_function
- http://en.wikipedia.org/wiki/Cardinality
- http://en.wikipedia.org/wiki/Rabin-Miller
- http://en.wikipedia.org/wiki/Extended_euclidean_algorithm
- http://doctrina.org/Why-RSA-Works-Three-Fundamental-Questions-Answered.html#wruiwrtt
- https://gist.github.com/4184435#file_convert_text_to_decimal.py
- A CompositeL5 number is the formal name given to a number that is not prime. ↩
- In set theory, anything between |{...}| just means the amount of elements in {...} - called cardinalityL7 for those who are interested ↩
Thank you for printing this article. Please do not forget to come back to http://doctrina.org for fresh articles.