Embed Size (px)
Citation preview
RSA
Cryptography
Get started:
Head to bit.ly/mickybullockrsa
Warm-up question:
You are chatting with a friend using an instant
messaging program. You want to play Heads or
Tails. How can this be done fairly?
Friend You
H
H
Heads or
Tails?
Tails
Customer Retailer LOCK ONLY
UNLOCK ONLY
LOCK ONLY LOCK ONLY
LOCK ONLY LOCK ONLY
LOCK ONLY LOCK ONLY
LOCK ONLY LOCK ONLY
Pierre de Fermat
Fermat’s Little Theorem
If a is an integer and p is a
prime and a is not divisible by
p, then 𝑎𝑝 ≡ 𝑎 (𝑚𝑜𝑑 𝑝)
Leonard Euler
Euler’s Totient Theorem
If n and a are coprime positive
integers, then
𝑎𝜑(𝑛) ≡ 1 (𝑚𝑜𝑑 𝑛)
where the Totient 𝜑(𝑛) is the
number of positive integers
less than n that are coprime
with n.
Simple cipher
A 10 P 25
B 11 Q 26
C 12 R 27
D 13 S 28
E 14 T 29
F 15 U 30
G 16 V 31
H 17 W 32
I 18 X 33
J 19 Y 34
K 20 Z 35
L 21 ! 1
M 22 ? 2
N 23 , 3
O 24 . 4
About MEI
• Registered charity committed to improving
mathematics education
• Independent UK curriculum development body
• We offer continuing professional development
courses, provide specialist tuition for students
and work with industry to enhance mathematical
skills in the workplace
• We also pioneer the development of innovative
teaching and learning resources
http://www.mickybullock.com/blog/wp-content/RSA_Cryptography
To
ssin
g a
co
in o
ve
r th
e I
nte
rne
t
Pri
me
Pri
me
(mo
d 4
)P
rim
eP
rim
e
(mo
d 4
)P
rim
eP
rim
e
(mo
d 4
)P
rim
eP
rim
e
(mo
d 4
)
22
79
31
91
33
11
35
22
94
57
76
13
17
94
39
68
3
33
83
31
93
13
13
11
32
33
46
17
69
71
91
44
36
91
51
89
11
97
13
17
11
72
41
50
97
73
11
19
94
63
71
9
73
97
11
99
33
31
32
92
57
52
17
97
19
21
14
67
72
7
11
31
01
12
11
33
37
13
72
69
54
18
09
23
22
34
79
73
9
13
11
03
32
23
33
47
34
12
77
55
78
21
31
22
74
87
74
3
17
11
07
32
27
33
49
15
32
81
56
98
29
43
23
94
91
75
1
19
31
09
12
29
13
53
16
12
93
57
78
53
47
25
14
99
78
7
23
31
13
12
33
13
59
37
33
13
59
38
57
59
26
35
03
81
1
29
11
27
32
39
33
67
38
93
17
60
18
77
67
27
15
23
82
3
31
31
31
32
41
13
73
19
73
37
61
38
81
71
28
35
47
82
7
37
11
37
12
51
33
79
31
01
34
96
17
92
97
93
07
56
38
39
41
11
39
32
57
13
83
31
09
35
36
41
93
78
33
11
57
18
59
43
31
49
12
63
33
89
11
13
37
36
53
94
11
03
33
15
87
86
3
47
31
51
32
69
13
97
11
37
38
96
61
95
31
07
34
75
99
88
3
53
11
57
12
71
34
01
11
49
39
76
73
97
71
27
35
96
07
88
7
59
31
63
32
77
14
09
11
57
40
16
77
99
71
31
36
76
19
90
7
61
11
67
32
81
14
19
31
73
40
97
01
10
09
13
93
79
63
19
11
67
31
73
12
83
34
21
11
81
42
17
09
10
13
15
13
83
64
39
19
71
31
79
32
93
14
31
31
93
43
37
33
10
19
16
34
19
64
79
47
73
11
81
13
07
34
33
11
97
44
97
57
10
21
16
74
31
65
99
67
ad in
fin
itu
mad
infi
nit
um
ad in
fin
itu
m
TAIL
S
Pri
me
s ≡
3 (
mo
d 4
)
HEA
DS
Pri
me
s ≡
1 (
mo
d 4
)
Tossing a coin over the Internet
Host 1. Select two prime numbers p & q.
They must both be equivalent to 1 mod 4 (HEADS), or both be equivalent to 3 mod 4 (TAILS).
2. Calculate 𝑁 = 𝑝𝑞. Communicate N to your opponent.
Keep p & q secret!
3. Your opponent will guess Heads or Tails.
Check they communicate their choice to you within the time limit.
4. Let them know whether they won or lost by revealing p & q.
Opponent 1. When you receive the host’s N, attempt to factorise it quickly.
2. Respond with a simple HEADS or TAILS.
3. The host will reveal the two prime factors of N. Note whether they both came from the
‘1’ list (HEADS) or both from the ‘3’ list (TAILS).
If you managed to factor N, you should win!
Lists of First Few Feasible Primes
RSA Encryption
Due to the constraint 𝑐 < 𝑁, the minimum feasible prime is the least of the smallest pair of consecutive primes whose product exceeds the greatest plaintext value as dictated by the simple cipher.
For example, if encoding a single character, Z is represented by the value 35. (7,11) is the first pair of consecutive primes whose product exceeds 35 so 7 is the first feasible prime.
If encoding a two-character password, ZZ takes the value 3535. (59,61) is the first consecutive pair of primes whose product exceeds 3535 so 59 is the first feasible prime.
There is no maximum feasible prime but a restriction is imposed for the sake of the activity. First Few Primes for encoding at most a single character (represented by 2 digits in simple cipher) 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 ...ad infinitum First Few Primes for encoding at most a two-character password (represented by 4 digits in the simple cipher) 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 211 223 227 229 233 239 241 251 257 263 269 271 277 281 283 293 307 311 313 317 331 337 347 349 353 359 367 373 379 383 389 397 401 409 419 421 431 433 439 443 449 457 461 463 467 479 487 491 499 503 509 521 523 541 547 557 563 569 571 577 587 ...ad infinitum First Few Primes for encoding at most a three-character password (represented by 6 digits in the simple cipher) 593 599 601 607 613 617 619 631 641 643 647 653 659 661 673 677 683 691 701 709 719 727 733 739 743 751 757 761 769 773 787 797 809 811 821 823 827 829 839 853 857 859 863 877 881 883 887 907 911 919 929 937 941 947 953 967 971 977 983 991 997 1009 1013 1019 1021 1031 1033 1039 1049 1051 1061 1063 1069 1087 1091 1093 1097 1103 1109 1117 1123 1129 1151 1153 1163 1171 1181 1187 1193 1201 1213 1217 1223 1229 1231 1237 1249 1259 1277 1279 1283 1289 1291 1297 1301 1303 1307 1319 1321 1327 1361 1367 1373 1381 1399 1409 1423 1427 1429 1433 1439 1447 1451 1453 1459 1471 1481 1483 1487 1489 1493 1499 1511 1523 1531 1543 1549 ...ad infinitum First Few Primes for encoding at most a four-character password (represented by 8 digits in the simple cipher) 5939 5953 5981 5987 6007 6011 6029 6037 6043 6047 6053 6067 6073 6079 6089 6091 6101 6113 6121 6131 6133 6143 6151 6163 6173 6197 6199 6203 6211 6217 6221 6229 6247 6257 6263 6269 6271 6277 6287 6299 6301 6311 6317 6323 6329 6337 6343 6353 6359 6361 6367 6373 6379 6389 6397 6421 6427 6449 6451 6469 6473 6481 6491 6521 6529 6547 6551 6553 6563 6569 6571 6577 6581 6599 6607 6619 6637 6653 6659 6661 6673 6679 6689 6691 6701 6703 6709 6719 6733 6737 6761 6763 6779 6781 6791 6793 6803 6823 6827 6829 6833 6841 6857 6863 6869 6871 6883 6899 6907 6911 6917 6947 6949 6959 6961 6967 6971 6977 6983 6991 6997 7001 7013 7019 7027 7039 7043 7057 7069 7079 7103 7109 7121 7127 7129 7151 7159 7177 7187 7193 7207 7211 7213 7219 7229 7237 7243 7247 7253 7283 7297 7307 7309 7321 7331 7333 7349 7351 7369 7393 7411 7417 7433 7451 7457 7459 7477 7481 7487 7489 7499 7507 7517 7523 7529 7537 7541 7547 7549 7559 7561 7573 7577 7583 7589 7591 7603 7607 7621 7639 7643 7649 7669 7673 7681 7687 7691 7699 7703 7717 7723 7727 7741 7753 7757 7759 7789 7793 7817 7823 7829 7841 7853 7867 7873 7877 7879 7883 7901 7907 7919 7927 7933 7937 7949 7951 7963 7993 8009 8011 8017 8039 8053 8059 8069 ...ad infinitum
RSA Process
Setup Choose a prime 𝑝 =
Choose a prime 𝑞 =
Calculate 𝑁 = 𝑝𝑞 = Calculate 𝜑(𝑁) = (𝑝 − 1)(𝑞 − 1) =
Prepare for Encryption Choose an encoding number 𝑒 = Prepare for Decryption Find decoding number 𝑑 = Open up for business
Publicise N and e.
Encryption Think of a numerical message 𝑤 =
Calculate the ciphertext 𝑐 = 𝑤𝑒 mod N =
Decryption
Calculate the original numerical message 𝑤 = 𝑐𝑑 mod N =
𝑒 and 𝜑(𝑁) coprime
𝑝 ≠ 𝑞
𝑒𝑑 = 1 (mod 𝜑(𝑁))
× 𝑑 = 1 (mod )
e φ(N)
send this
verify this
𝑤 < 𝑁
RSA Process
Setup Choose a prime 𝑝 =
Choose a prime 𝑞 =
Calculate 𝑁 = 𝑝𝑞 = Calculate 𝜑(𝑁) = (𝑝 − 1)(𝑞 − 1) =
Prepare for Encryption Choose an encoding number 𝑒 = Prepare for Decryption Find decoding number 𝑑 = Open up for business
Publicise N and e.
Encryption Think of a numerical message 𝑤 =
Calculate the ciphertext 𝑐 = 𝑤𝑒 mod N =
Decryption
Calculate the original numerical message 𝑤 = 𝑐𝑑 mod N =
𝑒 and 𝜑(𝑁) coprime
𝑝 ≠ 𝑞
𝑒𝑑 = 1 (mod 𝜑(𝑁))
× 𝑑 = 1 (mod )
e φ(N)
send this
verify this
𝑤 < 𝑁
Euler’s Totient Theorem
Statement
If n and a are coprime positive integers, then
𝑎𝜑(𝑛) ≡ 1 (𝑚𝑜𝑑 𝑛)
where the Totient 𝜑(𝑛) is the number of positive integers less than n that are coprime with
𝑛.
Proof
Let 𝑛 ∈ ℕ. This defines a set 𝑅 = {0, 1, 2, … , 𝑛 − 1} of unique residues (remainders).
Let 𝐹 be a proper subset of 𝑅 such that it contains only those elements of 𝑅 that are
coprime with 𝑛. [Note, therefore, that the cardinality of 𝐹 is 𝜑(𝑛)]
so let 𝐹 = {𝑟1, 𝑟2, 𝑟3, … , 𝑟𝜑(𝑛)}
Let 𝑎 ∈ ℕ such that 𝑎 and 𝑛 are coprime.
Consider the set 𝐺 = {𝑎𝑟1, 𝑎𝑟2, 𝑎𝑟3, … , 𝑎𝑟𝜑(𝑛)} and for each of the elements of 𝐺 consider
the residue 𝑚𝑜𝑑 𝑛, i.e. let 𝑎𝑟𝑖 𝑚𝑜𝑑 𝑛 = 𝑧𝑖 and consider the set 𝐺𝑧 = {𝑧1, 𝑧2, 𝑧3, … , 𝑧𝜑(𝑛)}.
Now, since 𝑎 and 𝑟𝑖 are coprime with 𝑛, 𝑧𝑖 must also be coprime with 𝑛 and therefore
𝑧𝑖 ∈ 𝐹. In other words, 𝑧𝑖 = 𝑟𝑗.
Uniqueness of 𝑧𝑖
Assume these 𝑧𝑖 are not unique, i.e. that 𝑧𝑖 = 𝑧𝑗 for some 𝑖 and 𝑗.
Then 𝑎𝑟𝑖 ≡ 𝑎𝑟𝑗 (𝑚𝑜𝑑 𝑛)
=> 𝑟𝑖 ≡ 𝑟𝑗 (𝑚𝑜𝑑 𝑛)
But the elements of 𝑅 are unique. This contradiction means the 𝑧𝑖 must be unique, i.e. that
the elements of 𝐺𝑧 are unique.
So, 𝐹 = 𝐺𝑧 (although the elements are in a different order).
Now, under 𝑚𝑜𝑑 𝑛, the product of all the elements of 𝐹 must be equivalent to the product
of all the elements of 𝐺, i.e.
𝑎𝑟1𝑎𝑟2𝑎𝑟3 … 𝑎𝑟𝜑(𝑛) ≡ 𝑟1𝑟2𝑟3 … 𝑟𝜑(𝑛) (𝑚𝑜𝑑 𝑛)
which reduces to 𝑎𝜑(𝑛) ≡ 1 (𝑚𝑜𝑑 𝑛).
Three-way Cryptography Race!
RSA Cryptography
Instructions The Retailer’s mission is receive coded messages (words) from the Customer and to decode and
decipher as many as possible within the time limit.
The Customer will be repeatedly transmitting coded messages to the Retailer. These need to come
thick and fast – don’t keep the Retailer waiting for more!
The Hacker will be intercepting these as they are transmitted and trying to decode them.
The Retailer’s score will be calculated by taking the number of messages they managed to
decode/decipher and subtracting the number of messages the Hacker managed to decode/decipher.
The timer will start when the first cryptosystem is publicised by the Retailer.
Retailer You will need:
Person(s) in charge of repeatedly setting up new cryptosystems and clearly publicising the
new N and e for each.
Person(s) in charge of recording coded messages sent by the Customer, along with the
values N and e.
Person(s) in charge of decoding these messages.
Person(s) in charge of deciphering decoded messages using the simple cipher.
Customer You will need:
Person(s) in charge of coming up with a series of plaintext words and using the simple cipher
to encipher them.
Person(s) in charge of encoding these ciphertexts using the Retailer’s N and e.
Person(s) in charge of ‘transmitting’ these coded messages to the Retailer. Label them clearly with the values of
N and e that were used to encode them.
Hacker You will need:
Person(s) in charge of recording coded messages sent by the Customer, along with the values N and e.
Person(s) in charge of trying to decompose N into its prime factors p and q, then calculating d if successful.
Person(s) in charge of decoding messages.
Person(s) in charge of deciphering decoded messages.
Simple cipher
A 10
B 11
C 12
D 13
E 14
F 15
G 16
H 17
I 18
J 19
K 20
L 21
M 22
N 23
O 24
P 25
Q 26
R 27
S 28
T 29
U 30
V 31
W 32
X 33
Y 34
Z 35
! 01
? 02
, 03
. 04
Three-way Cryptography Race!
RSA Cryptography
Retailer
𝑝 =______________
𝑞 =______________
𝑁 =_____________________
𝜑(𝑁) =___________________
𝑒 = 65537
𝑑 =_____________________
𝑝 =______________
𝑞 =______________
𝑁 =_____________________
𝜑(𝑁) =___________________
𝑒 = 65537
𝑑 =_____________________
𝑝 =______________
𝑞 =______________
𝑁 =_____________________
𝜑(𝑁) =___________________
𝑒 = 65537
𝑑 =_____________________
𝑝 =______________
𝑞 =______________
𝑁 =_____________________
𝜑(𝑁) =___________________
𝑒 = 65537
𝑑 =_____________________
Customer’s ciphertext
(c)
Customer’s plaintext
numerical string (w)
Customer’s
message
Customer’s ciphertext
(c)
Customer’s plaintext
numerical string (w)
Customer’s
message
Customer’s ciphertext
(c)
Customer’s plaintext
numerical string (w)
Customer’s
message
Customer’s ciphertext
(c)
Customer’s plaintext
numerical string (w)
Customer’s
message
Three-way Cryptography Race!
RSA Cryptography
Customer
𝑁 =______________________
𝑒 =_______________________
𝑁 =______________________
𝑒 =_______________________
𝑁 =______________________
𝑒 =_______________________
𝑁 =______________________
𝑒 =_______________________
Message Plaintext numerical
string (w) Ciphertext (c)
Message Plaintext numerical
string (w) Ciphertext (c)
Message Plaintext numerical
string (w) Ciphertext (c)
Message Plaintext numerical
string (w) Ciphertext (c)
Three-way Cryptography Race!
RSA Cryptography
Hacker
𝑁 =______________
𝑒 = 65537
𝑝 =_____________________
𝑞 =_____________________
𝜑(𝑁) =___________________
𝑑 =_____________________
𝑁 =______________
𝑒 = 65537
𝑝 =_____________________
𝑞 =_____________________
𝜑(𝑁) =___________________
𝑑 =_____________________
𝑁 =______________
𝑒 = 65537
𝑝 =_____________________
𝑞 =_____________________
𝜑(𝑁) =___________________
𝑑 =_____________________
𝑁 =______________
𝑒 = 65537
𝑝 =_____________________
𝑞 =_____________________
𝜑(𝑁) =___________________
𝑑 =_____________________
Customer’s ciphertext
(c)
Customer’s plaintext
numerical string (w)
Customer’s
message
Customer’s ciphertext
(c)
Customer’s plaintext
numerical string (w)
Customer’s
message
Customer’s ciphertext
(c)
Customer’s plaintext
numerical string (w)
Customer’s
message
Customer’s ciphertext
(c)
Customer’s plaintext
numerical string (w)
Customer’s
message
