Public Key Cryptography 2

1
Public Key Cryptography 2

• RSA

2
Lemma 1

• Let s and t be relatively prime. Then
• Proof Let
• be given by
• First we show that ? actually maps
• Then we show ? is an isomorphism.

3
Example

• Let s 8, t 15, so that st 120.
• ?(83) (83 mod 8, 83 mod 15)
• (3,8)
• ?(29) (29 mod 8, 29 mod 15)
• (5,14)
• ?(8329) ?(7) (7,7)
• (35 mod 8, 814 mod 15)
• ?(83)?(29)

4

• Choose any x in U(st). Then gcd(x,st) 1.
• There exist integers a, b with ax bst 1.
• Then 1 is a linear combination of x and s,
• so gcd(x,s) 1.
• Hence x mod s is in U(s).
• Similarly x mod t is in U(t).

5
? is one-to-one

• Suppose ?(x) ?(y) where 0 x y lt st.
• Then (x mod s,x mod t) (y mod s,y mod t)
• So x mod s y mod s and x mod t y mod t
• Hence s and t both divide yx.
• But s, t are relatively prime, so
• st divides yx as well.
• Also 0 yx lt st, so yx 0.
• It follows that ? is one-to-one.

6
? is onto

• Choose any (xs,xt) in
• There exist integers a, b with as bt 1.
• Let x (btxs asxt ) mod st.
• In moment, we will show that x is in U(st).
• Then x btxs asxt stn for some n. So
• x mod s (1xs 0xt 0n) mod s xs
• x mod t (0xs 1xt 0n) mod t xt
• So ?(x) (xs, xt), and ? is onto.

gcd(x,st) 1
7
Example The inverse of ?

• ?(x) (x mod 8, x mod 15)
• Suppose ?(x) (3,8). Find x.
• First write 28(-1)15 1
• Then x (-115)(3) (28)(8) -45 128
• 83

8
To show gcd(x,st) 1

• Given xs in U(s), xt in U(t), x (btxs asxt)
• where asbt 1.
• Set y (btxs-1 asxt-1).
• Now xy (btxs asxt)(btxs-1 asxt-1), so
• xy mod s (1xs 0)(1 xs-1 0) mod s 1.
• xy mod t (0 1xt)(0 1xt-1) mod t 1.
• Now s xy1, t xy1, and gcd(s,t)1
• implies st xy1, so xy mod st 1.
• Hence x and st are relatively prime.

9
? is Operation Preserving

• ?(x)?(y)
• (x mod s,x mod t)(y mod s,y mod t)
• (xy mod s,xy mod t)
• ?(xy)
• Since ? is one-to-one, onto, and operation
  preserving, ? is an isomorphism.
• Therefore,

10
Theorem (Gauss)

• Let p be an odd prime, n gt 0.
• Corollary 1. For odd prime p,
• Corollary 2. Let p and q be odd primes.
• Proof

11
RSA Recipe

• Choose (large) odd primes p,q
• Let N pq, m lcm(p-1,q-1)
• Choose E relatively prime to m
• Let D E-1 in U(m)
• To encode message M C ME mod N
• To decode message C M CD mod N

Public Key is E, N
Private Key is D, N
12
Will RSA work?

• M lcm(p-1,q-1) h(p-1) k(q-1) for some
  integers h, k.
• ED sM 1 for some integer s.
• So, ED mod (p-1) ED mod (q-1) 1
• Also, isomorphism
• Let . Then
  .

13
Will RSA work?

• M lcm(p-1,q-1) h(p-1) k(q-1) for some
  integers h, k.
• We claim
• Let be an
  isomorphism.
• Say .
• Then
• So as required.

Operation Preserving
One-to-One
14
Encoding, Decoding are inverses

• Recall that E and D are inverses mod M.
• So ED 1sM for some integer s.
• Let x in U(N) be a message. In U(N),
• y xE is the encrypted message.
• The decrypted message is
• z yD xED x1sM x(xM)s x
• RSA works!

15
How to break RSA

• Everyone is given E, N.
• Factor N into pq
• Note p and q are large.
• Let M lcm(p-1,q-1)
• (p-1)(q-1)
• gcd(p-1,q-1)
• Let D E-1 mod M

Euclidean Algorithm