Implementing the RSA cryptosystem with Maxima CAS - Facultad de ...

More documents

Recommendations

Info

The Electronic Journal of Mathematics and Technology, Volume 6, Number 1, ISSN 1933-28233.2 Public key cryptosystemsA revolution happened when the so called public key cryptosystems appeared, in the late seventies.These systems are based on the following fact: there are bijective (one-to-one and onto) functions forwhich the calculation of the inverse is very difficult, computationally impossible. Then, we can makepublicly available the keys used to encrypt messages whenever the keys used for decryption are to befound by one of these functions. One example is the factorization of a given number into a product ofprimes, and this fact is the foundation of the RSA method (see [7]).In a public key cryptosystem, each user has a public key, that is, an encryption function f pub , anda private key, a decryption function f pri , which are inverses one of another: f pri = f −1pub. Thus, ifa user A wants to send a message (say, “text”, translated to numbers as in the preceding section to“2052420”) to a user B, she must look in the public keys listing the one corresponding to B (say,fpub B ), apply it to the message (obtaining f pub B (2052420)), and send it to B. Even in the unfortunateevent that someone intercepts the ciphered text, only B knows the decryption function. Indeed, userB can read the original message by just applying fpri B = ( fpub) B −1to fBpub (2052420); thus:3.3 The RSA algorithmf B pri(fBpub (2052420) ) = ( f B pub) −1 (fBpub (2052420) ) = 2052420.As stated in the preceding subsection, to implement the RSA cryptosystem we only need to give thepair of functions (f pub , f pri ) for each user, A, of the system. The procedure is the following:1. User A chooses two large prime numbers, p A and q A .2. Calculate the product n A = p A · q A .3. Evaluate the totient function 2 on n A , Φ(n A )4. Choose a number e A ∈ {1, 2, ..., Φ(n A )}, coprime with Φ(n A ).With these choices, gcd(e A , Φ(n A )) = 1, so e A is an invertible element of the ring Z/Φ(n A )Z. Letd A be an integer such that its equivalence class is the inverse of that of e A , that is,e A · d A ≡ 1 (mod Φ(n A )).5. The encryption function, f A pub : Z/n AZ → Z/n A Z, is given byf A pub(m) = m e A(mod n A ).2 Note that in this case, with n A semiprime (that is, the product of two primes), we haveΦ(n A ) = (p A − 1) · (q A − 1) = n A − p A − q A − 1.41
The Electronic Journal of Mathematics and Technology, Volume 6, Number 1, ISSN 1933-28236. The decryption function, fpri, A is the inverse of fpub A , that is:f A pri(m) = m d A(mod n A ).It is instructive to check that these functions are indeed inverses of each other.Theorem 6 For every m ∈ Z/n A Z,f A pri(f A pub(m)) ≡ f A pri(m e A) ≡ m e A·d A≡ m (mod n A ).Proof. For simplicity, we will drop the subscripts A. We can assume that m is not divisible 3 by p.Then, by Fermat’s Little Theorem (1),m p−1 ≡ 1 (mod p).Let us take the power of q − 1 on both sides of this equation:m (p−1)·(q−1) = ( m p−1) q−1≡ 1 q−1 = 1 (mod p).A similar computation, interchanging p and q, givesm (p−1)·(q−1) = ( m q−1) p−1≡ 1 p−1 = 1 (mod q).We can apply the property 6 of modular arithmetic, to getNote that for any integer k we will also havem (p−1)·(q−1) = 1 (mod pq).m k·(p−1)·(q−1) = ( m (p−1)·(q−1)) k≡ 1 k = 1 (mod pq).Now, recall that e · d ≡ 1 (mod Φ(n) = (p − 1) · (q − 1)). That meansThus:e · d = 1 + k · (p − 1) · (q − 1).m e·d = m 1+k·(p−1)·(q−1) = m · m k·(p−1)·(q−1) ≡ m · 1 = m (mod pq),so m e·d ≡ m (mod n), as we intended to prove.Why is this method secure?. In the RSA cryptosystem, the public key of user A is the pair ofintegers (e A , n A ), while her private key is the pair (d A , n A ). To find the private key knowing thepublic key is equivalent to computing the integer d A knowing e A and n A . Thus, if we want to breakthe cryptosystem, we must first calculate Φ(n A ) = (p A − 1)(q A − 1), that is, we must factor n A as theproduct of two primes. This is an extremely difficult problem from the computational point of view;indeed, a joint effort of several researchers using hundreds of dedicated computers only could factora 232−digit number after two years of computation (see [3]). Note that this number corresponds toa 768−bit encryption, the problem of factoring a 1024−bit key is a thousand times harder! Thus,although breaking the RSA cryptosystem is theoretically possible, it is practically impossible withour current state of knowledge.3 That p divide m is highly improbable, given the magnitude order of the prime p.42
Page 1 and 2: The Electronic Journal of Mathemati
Page 7: The Electronic Journal of Mathemati

Implementing the RSA cryptosystem with Maxima CAS - Facultad de ...

Create successful ePaper yourself

Delete template?

Save as template?