Number Theory Section Summary: 7.5

The RSA algorithm

The RSA algorithm (developed by Rivest, Shamir, and Adleman in 1977) depends on the fact that

Computers can't quickly and efficiently factor humongous numbers.

So here are the steps:

• Come up with two large primes: p and q. Shhhh! Don't tell a soul your secret numbers!
• Your public modulus will be n=pq: you can tell that to anyone.
• Come up with a value for k such that (easy choice: a prime bigger than either p or q: since , k must be relatively prime to ; unfortunately, it could be horrendously large!).
• Publish (k,n) in the great big universal keybook - these are your public keys. Brag about them to your friends!
• Compute the decripting (or recovery) exponent j as the solution of

  

  To do this, the Euclidean algorithm is used: that is, solve

  

  for j. Alternatively, you can use the result of exercise #8(a), p. 139: if , then the linear congruence has the solution . Hence, in our case, we've got

  

• If CHAOS want to send you an encrypted message, they
  • Write their message as a number, M, using ASCII or some other coding (such as the one on page 148).

    Note: if the plaintext message number M is too long (larger than n), then you must break M into n-sized blocks before encoding. Otherwise, there's not a unique solution, and the RSA scheme will find the smallest congruent message (between 0 and n-1) - which will likely be utter nonsense!

  • Then send

    

• You decode the message as

  

whenever gcd(M,n)=1 (which is almost always, given the construction of n).

Suppose (WLOG) that p divides M (we're not worried about q dividing M too, since M<n). Then

Hence

Furthermore, , so that

Therefore

even if .

So once you've calculated j, you can throw away (eat, burn, etc.) p and q: the only secret needed to decode a message sent to you is j. Don't lose that! Put that in a safe place, because anyone can decode your messages given j.

Example: p=11, q=13 - two enormous primes!