Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Wiles's proof of Fermat's Last Theorem wikipedia , lookup
Large numbers wikipedia , lookup
Georg Cantor's first set theory article wikipedia , lookup
Elementary mathematics wikipedia , lookup
Collatz conjecture wikipedia , lookup
List of prime numbers wikipedia , lookup
3.6 RSA Cryptography Cryptography is the science of coding and decoding messages. Over the years many methods for coding messages have been developed. Many of them involve converting the text to numbers and using some algebraic method for coding the corresponding numbers. Quite a few of these methods involve modular arithmetic. In this section we look at the RSA cryptography method developed in the 1970's and named after Ron Rivest, Adi Shamir and Leonard Adleman. 3.6.1 The Method RSA cryptography is very simple in principle. It is based on powers and roots mod p. If someone wants to send a message to you, they convert the text to a sequence m1, m2 …mR of numbers, raise each number to a power e and mod by another number n. (1) cj = (mj)e mod n j = 1, 2, …, R The coded message is then this new sequence of c1, c2 …cR of number which they send to you. To decode the message, you take the eth root of each of the cj, i.e. mj = e cj mod n = (cj)1/e mod n j = 1, 2, …, R It turns out that the operation of taking eth roots mod n is equivalent to raising to a complementary power d that depends on the factorization of n. If n = pq where p and q are primes then d is the reciprocal of e mod (p-1)(q-1). To summarize, to decode the message, raise each of the numbers c1, c2 …cR in the coded message to the complementary power d and mod by the same number n. (2) mj = (cj)d mod n j = 1, 2, …, R The result is the original sequence m1, m2 …mR of numbers that you convert back to the original text. The numbers n and e are not arbitrary. You begin by choosing two primes p and q and forming the number n = pq as the product of p and q. In practice, the primes are very large. Currently they each need to be at least 200 digits long. Then you choose the power e to be a number that has no factor in common with p – 1 and q – 1. Also e should be less than (p – 1)(q – 1). Finally, the complementary power d is the inverse of e mod (p – 1)(q – 1) 3.6.1 - 1 d = e-1 mod (p - 1)(q – 1) You tell the world n and e. There is no secret to n and e. However, you keep the factorization of n as n = pq a secret. You also keep d a secret. With current factoring methods there is no way someone else can find the factorization of n and hence d in a reasonable amount of time. If someone wants to send you a confidential message, they convert the message to a sequence of numbers each less than n. Then they use (1) to code the sequence and send the coded sequence to you. They don't have to keep the coded sequence a secret either. When you receive the message, you decode it using (2). No one else can decode it since they don't know d. Example 1. Let's do an example with small numbers to illustrate this. To begin with you need to choose two primes p and q. Since we are using small numbers, let's take p = 3 and q = 11. Then n = pq = (3)(11) = 33. Next we need to choose the power e so that it has no factor in common with p – 1 and q - 1. Here p – 1 = 2 and q - 1 = = 10. So e should have no factor in common with 2 and 10. In other words e should not have 2 or 5 as a factor. We can choose e = 3. Finally we choose d to be the inverse of e mod (p – 1)(q – 1). In this case (p - 1)(q - 1) = (2)(10) = 20. So d is the inverse of 3 mod 20. Thus d satisfies 3d mod 20 = 1. Ordinarily we would use the Euclidean algorithm to find d. However, in this case we can see that d = 7 since (3)(7) = 21 and 21 mod 20 = 1. We also have to decide on a method for converting the text of a message to numbers. Since this is just an illustrative example, let's do this as simply as possible. We convert each letter in the message to the number which is its position in the alphabet. Thus a is converted to 1, b to 2, and so on with z being converted to 26. Let's convert a space to 27. We tell the world n = 33, d = 3 and this method to convert text to a sequence of numbers. Now suppose someone wants to send you a confidential message. For example, suppose Sue wants to send you the message (3) go blue First she converts each letter to its position in the alphabet with a space being converted to 27. This gives the following sequence of numbers (4) m1, m2, m3, m4, m5, m6, m7 = 7, 15, 27, 2, 12, 21, 5 Next she codes each number mj using (1). For example 3.6.1 - 2 c1 = (m1)e mod n = 73 mod 33 = 343 mod 33 = 13 After doing this the sequence (4) is converted to (5) c1, c2, c3, c4, c5, c6, c7 = 13, 9, 15, 8, 12, 21, 26 This sequence of numbers is the coded message which she sends to you. When you receive it you decode it by first decoding each number cj using (2). For example, m1 = (c1)d mod n = 137 mod 33 = 62748517 mod 33 = 7 After doing this the sequence (5) is converted back to (2) which you then convert back to the text (3). Why does RSA work? The reason why RSA works relies on some elementary properties of mod and one not as elementary property of mod. Here is what happens with the first letter of the above message convert to number letter g code decode 73 mod 33 = 18 7 187 mod 33 = 7 convert back to letter g If we disregard the conversions between letters and numbers, then what we have is the following number m code me mod n = c decode cd mod n So in order for the decoding to give the original number m we need (6) (me mod n)d mod n = m Recalling the algebraic properties of mod from section 3.4, in particular formula (6) in Propostion 1, then (6) is equivalent to med mod n = m Since d is the reciprocal of e mod (p – 1)(q – 1) one has ed = 1 + k(p – 1)(q – 1) 3.6.1 - 3 for some integer k. So we need to show (7) m1 + k(p – 1)(q – 1) mod n = m The starting point for showing this is Fermat's little theorem. Theorem 1. If p is a prime then (8) p-1 m 1 mod p = 0 if m is not divisible by p if m is divisible by p We postpone the proof until the end. However, let's look at a few examples. Example 2. Verify (8) if p = 5. Solution. In this case p – 1 = 4, so (8) says m4 mod 5 = 1 if m is not divisible by 5. One has 14 mod 5 = 1 mod 5 = 1 24 mod 5 = 16 mod 5 = 1 34 mod 5 = 81 mod 5 = 1 44 mod 5 = 256 mod 5 = 1 It follows form (8) that k(p-1)(q-1) m 1 mod p = 0 if m is not divisible by p if m is divisible by p m mod p m1 + k(p-1)(q-1) mod p = 0 if m is not divisible by p if m is divisible by p = m mod p By symmetry it follows that m1 + k(p-1)(q-1) mod q = m mod q The remaining ingredient in the proof (7) is the Chinese Remainder Theorem 3.6.1 - 4 Theorem 2. If p and q are primes and a is a number between 0 and p – 1 and b is a number between 0 and q – 1, then there is a unique number m between 0 and pq – 1 such that both of the following hold. m mod p = a m mod q = b Before showing this, let's do an example. Example 3. Find m between 0 and 32 shuch that m mod 3 = 2 m mod 11 = 6 Solution. Since 3.6.1 - 5