RSA and its Correctness through Modular Arithmetic

Punita Meelu, and Sitender Malik

Citation: AIP Conference Proceedings 1324, 463 (2010);

View online: https://doi.org/10.1063/1.3526259
View Table of Contents: http://aip.scitation.org/toc/apc/1324/1
Published by the American Institute of Physics
 RSA and its Correctness through Modular Arithmetic
Punita Meelu*, Sitender Malik**
*N.C.College of Engineering/CSE, Israna Panipat, India
**N.C.College of Engineering/CSE, Israna Panipat, India
Abstract -- To ensure the security to the applications of business, the business sectors use Public Key Cryptographic Systems
(PKCS). An RSA system generally belongs to the category of PKCS for both encryption and authentication. This paper describes an
introduction to RSA through encryption and decryption schemes, mathematical background which includes theorems to combine
modular equations and correctness of RSA. In short, this paper explains some of the maths concepts that RSA is based on, and then
provides a complete proof that RSA works correctly. We can proof the correctness of RSA through combined process of encryption
and decryption based on the Chinese Remainder Theorem (CRT) and Euler theorem. However, there is no mathematical proof that
RSA is secure, everyone takes that on trust!

I. INTRODUCTION 2. Let n = pq
Public key Cryptography is one of the mathematical 3. Let m = (p-1)(q-1)
applications that are valuable in sending information 4. Choose a small number e, coprime to m
[2]. RSA is one of the oldest and most widely used 5. Find d, such that de % m = 1
public key cryptographic systems[8]. It was the first Publish e and n as the public key and keep d and n
algorithm known to be suitable for signing as well as the secret key
as encryption, and one of the first great advances in B. Encryption
public key cryptography. RSA is a public key C = Pe % n
cryptosystem for both encryption and C. Decryption
authentication; it was given by three scientists viz. P = Cd % n
Ron Rivest, Adi Shamir and Leonard Adleman[3]. x % y means the remainder of x divided by y.
This algorithm is much secure than any other This algorithm works are discussed in the
algorithm. The latest key size used for this mathematics because its security comes from the
encryption technique is 512 bits to 2048 bits[6]. computational difficulty of factoring large
RSA encryption uses the concept of two large prime numbers[1]. To be secure, very large numbers must
numbers, such that, their product could not be easily be used for p and q - 100 decimal digits at the very
factorized[3]. RSA is widely used in electronic least.
commerce protocols, and is believed to be secure
given sufficiently long keys.The RSA algorithm can
be used for both public key encryption and digital III. EXAMPLE
signatures. Its security is based on the difficulty of A. Key Generation
factoring large integers[7]. We can proof the 1. Generate two large prime numbers, p and q
correctness of RSA through combined process of To find random primes, we start at a random
encryption and decryption based on the Chinese number and go up ascending odd numbers until we
Remainder Theorem (CRT) and Euler theorem if we find a prime. Let p = 7 and q = 19
get the prime factors of modulus[7,9]. The
remainder of this paper is organized as follows. Un 2. Let n = pq
Section 2 presents the detailed steps of RSA n = 7 * 19
algorithm. Section 3 describes the operation of RSA = 133
algorithm with an example. Section 4 we briefly 3. Let m = (p - 1)(q - 1)
review the Modular arithmetic behind RSA. Section m = (7 - 1)(19 - 1)
5 shows the correctness of RSA. Finally, Section 6 = 6 * 18
gives conclusion remarks. = 108
4. Choose a small number, e coprime to m
II. OPERATION ‘e’ coprime to m, means that the largest number
The RSA algorithm involves three steps: key that can exactly divide both e and m (their greatest
generation, encryption and decryption. common divisor, or GCD) is 1. Euclid's algorithm is
A. Key Generation used to find the GCD of two numbers, but the
1. Generate two large prime numbers, p and q details are omitted here.
CREDIT LINE (BELOW) TO BE INSERTED ON THE FIRST PAGE OF EACH PAPER

CP1324, International Conference on Methods and Models in Science and Technology (ICM2ST-10)
edited by R. B. Patel and B. P. Singh
© 2010 American Institute of Physics 978-0-7354-0879-1/10/$30.00

463
e = 2 => GCD(e, 108) = 2 (no) And that matches the plaintext we put in at the
e = 3 => GCD(e, 108) = 3 (no) beginning, so the algorithm worked!
e = 4 => GCD(e, 108) = 4 (no) This explains some of the maths concepts that RSA
e = 5 => GCD(e, 108) = 1 (yes!) is based on, and then provides a complete proof that
5 Find d, such that de % m = 1 RSA works correctly.
This is equivalent to finding d which satisfies de = 1
+ nm where n is any integer. We can rewrite this as IV. MODULAR ARITHMETIC
d = (1 + nm) / e. Now we work through values of n RSA uses modular arithmetic. This is similar to
until an integer solution for e is found: conventional arithmetic, but only uses positive
n = 0 => d = 1 / 5 (no) integers that are less than a chosen value, called the
n = 1 => d = 109 / 5 (no) modulus. Addition, subtraction and multiplication
n = 2 => d = 217 / 5 (no) work like regular maths, but there is no division. We
n = 3 => d = 325 / 5 can use any value for the modulus; the diagram uses
= 65 (yes!) 13, so counting goes 0, 1, 2, ..., 11, 12, 0, 1, 2 ... The
notation used for expressions involving modular
To do this with big numbers, a more sophisticated arithmetic is: x = y (mod m) which reads as "x is
algorithm called extended Euclid must be used. equivalent to y, modulo m"[2,6]. This means is that
Public Key n = 133 and e = 5 x and y leave the same remainder when divided by
Secret Key n = 133 and d = 65 m. For example, 7 = 23 (mod 8) and 22 = 13 (mod
9). The following statement is a basic principle of
B. Encryption modular arithmetic:
The message must be a number less than the smaller a + kp = a (mod p)
of p and q. However, at this point we don't know p We can visualise this through the Fig 1 shown
or q, so in practice a lower bound on p and q must below - each time we add p we go round the circle,
be published. This can be somewhat below their true back to where we started. It doesn't matter where we
value and so isn't a major security concern. For this start, how big the circle is, or how many times we
example, lets use the message "6". do it, it's always true.
C = Pe % n
= 65 % 133 Primality and Coprimality
= 7776 % 133 A number is prime if the only numbers that exactly
= 62 divide it are 1 and itself. e.g. 17 is prime, but 15
isn't, because it's divisible by 3 and 5[7]. A pair of
C. Decryption numbers are coprime if the largest number that
This works very much like encryption, but involves exactly divides both of them is 1. The numbers
a larger exponentiation, which is broken down into themselves don't have to be prime. e.g. 8 and 9 are
several steps. coprime, but 8 and 10 are not, because they're both
divisible by 2. If we have a pair of distinct prime
P = Cd % n numbers, they will always be coprime to each other.
= 6265 % 133
= 62 * 6264 % 133
= 62 * (622)32 % 133
= 62 * 384432 % 133
= 62 * (3844 % 133)32 % 133
= 62 * 12032 % 133
We now repeat the sequence of operations that
reduced 6265 to 12032 to reduce the exponent down
to 1.
= 62 * 3616 % 133 Figure 1. shows Modulus of 13
= 62 * 998 % 133
= 62 * 924 % 133 A. Chinese Remainder Theorem
= 62 * 852 % 133 This theorem provides a way to combine two
= 62 * 43 % 133 modular equations that use different moduli.
= 2666 % 133
=6 Theorem: x = y (mod p)
x = y (mod q) with p and q coprime

464
 x = y (mod pq) M' = Med (mod n)
Proof: x = y (mod p) d and e are generated so that de = k(p-1)(q-1)
+1
x = y + kp
x - y = kp M' = Mk(p-1)(q-1) + 1 (mod n)
p divides (x - y) M' = M . Mk(p-1)(q-1) (mod n) (1)
k(p-1)(q-1)
by a similar route, q divides (x - y) Consider X = M (mod p)
as p and q are coprime, pq divides (x - y) X = (M(p-1))k(q-1) (mod p)
the Fermat/Euler theorem tells us that M(p-1) = 1
x - y = l(pq)
(mod p)
x = y (mod pq)
X = 1k(q-1) (mod p)
B. Fermat/Euler Theorem X = 1 (mod p)
This theorem is a surprising identity that relates the by a similar route, X = 1 (mod q) as p and q are
exponent to the modulus. distinct primes, we can combine these with the
Theorem : xp-1 = 1 (mod p) if p is prime and x 0 Chinese remainder theorem
(mod p). X = 1 (mod pq)
Proof : Consider the set Q, of numbers 1, 2, ... p- Mk(p-1)(q-1) = 1 (mod n)
1 as p is prime, these numbers are coprime to p and finally, we substitute this back into the equation (1)
0 is not coprime to p.
M' = M .1 (mod n)
Q includes all the numbers in (mod p) coprime M' = M (mod n)
to p.Now consider the set U, obtained by
multiplying each element of Q by x (mod p) both x
and each element of Q are coprime to p.
VI. CONCLUSION
The security of RSA comes from the computational
each element of U is coprime to p, also each difficulty of factoring large numbers. The factors of
element of U is distinct, which we prove by the public key n, that is, p and q should be large
contradiction. enough so that its not easy to factorize n[7]. So,
Start by assuming two elements are not distinct: largest prime numbers should be used. In general,
xQi = xQj (mod p) with i j the order of the primes should be 160 (512 bits)
Qi = Qj (mod p) as x 0 digits to 640 (2048 bits) digits. No algorithm is
available that could factorize a number of the
but elements of Q are distinct, so this is a
mentioned order in reasonable amount of time. One
contradiction
has to use brute-force to factorize n. The algorithms
elements of U are distinct to factorize n have a running time exponential with
U uses all the numbers in (mod p) that are coprime respect to the length of n[1,3]. Still the existence of
to p, just like Q a faster algorithm, to factorize n, is very remote. So
U is a permutation of Q the RSA algorithm is defended by the non-
U1.U2 ... Up-1 = Q1.Q2 ... Qp-1 (mod p) availability of such algorithms.
xQ1.xQ2 ... xQp-1 = Q1.Q2 ... Qp-1 (mod p)
and if we cancel Q1.Q2 ... Qp-1 REFERENCES
[1] Thomsan D.Bruce D.Arjen L. and Mark M. “On the
xp-1 = 1 (mod p) Factoring of RSA”,(169),pp.166-174 ,1994.
[2] Diffie W and Hellman M, “New Direction in Cryptography,
IEEE Transaction on Information Theory, IT-22(6): 644-654,
V. RSA CORRECTNESS 1976.
Here we prove that the combined process of [3] Okamoto T and Uchiyama S "A New Public Key
encrypting and decrypting a message correctly Cryptosystem as Secure as Factoring", in Proceedings of
Europcrypt'98, LNCS 1403, Springer Verlag, pp.308-318, 1998.
results in the original message.
[4] J. Gordon, “Strong RSA Keys”, Electronics Letters, 20,(12),
Theorem : C = Me (mod n) 1984, pp. 514-516.
M' = Cd (mod n) [5] Douglas R. Stinson “Cryptography Theory and Practice”,
Chapman & Hall/CRC Press, 3rd Edition, pp. 211-214, 2006.
M' = M (mod n)
[6] Pointcheval D "New Public Key Cryptosystem Based on the
where (d, e, n) is a valid RSA key, with n = pq and 0 Dependent-RSA Problem", in proceedings of Euorcrypt'99,
< M < minimum(p,q) LNCS 1592, Springer Verlag, pp. 239-254, 1999.
Proof: First we combine the two exponentiations:

465
[7] M. Ogiwara, “A Method for Generating Cryptographically
Strong Primes”, IEICE Trans., E73,(6), 1990, pp. 985-994.
[8] Rivest R, Shamir A and Adelman L, “A Method for
Obtaining Digital Signature and Public Key Cryptosystems”,
Communications of the ACM, 21, pp. 120-126, 1978.
[9] S. Yen, S. Kim, S. Lim and S. Moon, “RSA Speedup with
Chinese Remainder Theorem Immune against Hardware Fault
Cryptanalysis”, IEEE Transaction on Computers, Vol. XX, No.
Y, pp. 461-472, 2003.

466