RSA: Rivest

Shamir
Adleman
1

RSA: Rivest Shamir

Adleman

RSA is one of the first practical public-key

algorithm and is widely used for secure data
transmission.
Of all the public-key algorithms proposed over the
years, RSA is by far the easiest to understand and
implement.
The algorithm is named after the three inventors
Ron Rivest, Adi Shamir, and Leonard Adleman
The RSA algorithm was publicly described in 1977
by Rivest, Shamir, and Adleman at MIT

RSA: Algorithm
Just like the public key cryptography, in RSA the encryption
key is public and the decryption key is private, which is
kept secret. In RSA, this asymmetry is based on the
practical difficulty of factoring the product of two
large prime numbers.
RSA gets its security from the difficulty of factoring
large numbers. The public and private keys are functions
of a pair of large prime numbers (100 to 200 digits or even
larger).
A user of RSA creates and then publishes a public key
based on the two large prime numbers, along with an
auxiliary value. The prime numbers must be kept secret.
Anyone can use the public key to encrypt a message, but
with currently published methods. If the public key is large
enough, only someone with knowledge of the prime
numbers can feasibly decode the message.

RSA: Algorithm
The RSA algorithm can be analyzed in three
phases:
1.
2.
3.
4.

Getting the Message Ready

Key generation
Message Encryption
Message Decryption

RSA: Getting Ready

In RSA we represent a message by its equivalent integer
value.
1. We can represent a message as a binary bit pattern.
2. And a bit pattern can be uniquely represented by a decimal
integer number.
3. Thus we can consider that encrypting a message is equivalent
to encrypting its corresponding decimal integer number.
4. Example: Let we want to encrypt the message m
5. Now we know m= 10010001 . So this message can be
uniquely represented by the decimal number 145 which
is equal to (10010001)2 .
6. To encrypt m, we encrypt the corresponding number
145, which gives a new number (the cyphertext).
5

RSA: Key Generation

1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose encryption key e (with e<n) that has no common
factors with z. (that is e and z are relatively prime).
4. Calculate decryption key d such that ed-1 is exactly
divisible by z. (in other words: ed mod z = 1 implies
d=e-1 mod z
5. Public key is (n,e). Private key is (n,d).
+

KB

KB
6

RSA: Encryption &

Decryption
Given public key (n,e) and private key (n,d)
1. To encrypt message m (<n), compute
c = m e mod n
2. To decrypt received bit pattern, c, compute
m = c d mod n
Magic
d
m = (m e mod n) mod n
happens!
c
7

How RSA Works?

Analyze: Key
Generation

To generate the two keys, choose two random large

prime numbers, p and q. For maximum security,
choose p and q of equal length. Then compute the
products.
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)

Then randomly choose the encryption key, e, such

that e and z=(p - 1)(q - 1) are relatively prime.
Finally, use the extended Euclidean algorithm to
compute the decryption key, d, such that ed-1 is
exactly divisible by z. That is ed mod z = 1 or d=e9-1

RSA Example:
Consider that Alice wants to a message whose
equivalent binary bit pattern is 00001100 to Alice
Now Alice chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
Encrypting 8-bit messages.
encrypt:

bit pattern

me

00001100

12

24832

c = me mod n
17

Given 00001100=12 as plaintext, Alice send its ciphertext

17 to Bob
10

RSA Example:
Now at the receiver end Bob receives 17 as the
ciphertext. Then Bob decrypt the ciphertext to
recover the plaintext.
decrypt:

c
17

d
c

m = cd mod n
481968572106750915091411825223071697
12

Upon receiving 17 as ciphertext Bob decrypts it to

recover the plaintext 00001100=12

11

RSA Example

Why does RSA work?

We have to show that cd mod n = m , where c = me mod n
Now we know that: for any x and y
xy mod n = x(y mod z) mod n , where n= pq
and z = (p-1)(q-1)
Then cd mod n = (me mod n)d mod n [ as c = me mod n ]
= med mod n
= m(ed mod z) mod n
[For d we have
ed mod z =1]

= m1 mod n
=m
13

Attacks Against RSA

There are a number of attacks against plain RSA as
described below:
When encrypting with low encryption exponents
(e.g., e = 3) and small values of the m, ciphertexts
can be easily decrypted
If the same clear text message is sent to bob or more
recipients and the receivers share the same
exponent e, but different p, q, and n, then it is easy
to decrypt the original clear text message via the
Chinese remainder theorem
It is vulnerable to chosen plaintext attack.

14

References
http://en.wikipedia.org/wiki/
Applied Cryptography by Bruce Schneier; 10th
Anniversary edition

Md. Shakhawat Hossain

Student of Department of Computer Science &
Engineering
University of Rajshahi
E-mail: mshimul86@gmail.com

16