Public Key (RSA) Encryption Bernd Schr oder logo1 Bernd Schr - - PowerPoint PPT Presentation

logo1 Overview Needed Theorems RSA Encryption

Public Key (RSA) Encryption

Bernd Schr¨

• der

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce. “You”: Provider and client.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce. “You”: Provider and client. “They”:

Hackers, identity thieves.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce. “You”: Provider and client. “They”:

Hackers, identity thieves.

• 3. Intelligence.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce. “You”: Provider and client. “They”:

Hackers, identity thieves.

• 3. Intelligence. “You”: Operative and corresponding

intelligence agency.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce. “You”: Provider and client. “They”:

Hackers, identity thieves.

• 3. Intelligence. “You”: Operative and corresponding

intelligence agency. “They”: Another intelligence agency.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce. “You”: Provider and client. “They”:

Hackers, identity thieves.

• 3. Intelligence. “You”: Operative and corresponding

intelligence agency. “They”: Another intelligence agency.

• 4. War.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce. “You”: Provider and client. “They”:

Hackers, identity thieves.

• 3. Intelligence. “You”: Operative and corresponding

intelligence agency. “They”: Another intelligence agency.

• 4. War. “You”: Field commander and central command.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Encryption and Decryption

• 1. Simple idea: “You” want to send communications that

“they” won’t understand, even if the transmission is intercepted.

• 2. Internet commerce. “You”: Provider and client. “They”:

Hackers, identity thieves.

• 3. Intelligence. “You”: Operative and corresponding

intelligence agency. “They”: Another intelligence agency.

• 4. War. “You”: Field commander and central command.

“They”: Opposing army.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

• 3. Caesarian cipher: Scramble the letters of the alphabet.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

• 3. Caesarian cipher: Scramble the letters of the alphabet. For

example, “hello” becomes “ygaap”.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

• 3. Caesarian cipher: Scramble the letters of the alphabet. For

example, “hello” becomes “ygaap”.

• 4. To send the message you need to know how to encode the

message:

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

• 3. Caesarian cipher: Scramble the letters of the alphabet. For

example, “hello” becomes “ygaap”.

• 4. To send the message you need to know how to encode the

message: h → y, e → g, l → a, o → p.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

• 3. Caesarian cipher: Scramble the letters of the alphabet. For

example, “hello” becomes “ygaap”.

• 4. To send the message you need to know how to encode the

message: h → y, e → g, l → a, o → p.

• 5. To read the message you need to know how to decode it:

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

• 3. Caesarian cipher: Scramble the letters of the alphabet. For

example, “hello” becomes “ygaap”.

• 4. To send the message you need to know how to encode the

message: h → y, e → g, l → a, o → p.

• 5. To read the message you need to know how to decode it:

y → h, g → e, a → l, p → o.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

• 3. Caesarian cipher: Scramble the letters of the alphabet. For

example, “hello” becomes “ygaap”.

• 4. To send the message you need to know how to encode the

message: h → y, e → g, l → a, o → p.

• 5. To read the message you need to know how to decode it:

y → h, g → e, a → l, p → o.

• 6. But for this one, as soon as you can encode, you can

decode, too.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Caesarian Cipher

• 1. In Caesar’s times most people, including Romans, were

illiterate.

• 2. But that did not make written communications safe. There

were literate barbarians.

• 3. Caesarian cipher: Scramble the letters of the alphabet. For

example, “hello” becomes “ygaap”.

• 4. To send the message you need to know how to encode the

message: h → y, e → g, l → a, o → p.

• 5. To read the message you need to know how to decode it:

y → h, g → e, a → l, p → o.

• 6. But for this one, as soon as you can encode, you can

decode, too.

• 7. So sender and recipient must keep the code private, which

is why this is called “private key encryption”.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Problems With Private Key Encryption

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Problems With Private Key Encryption

• 1. If one of the owners of the key reveals the key, all

communications are compromised.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Problems With Private Key Encryption

• 1. If one of the owners of the key reveals the key, all

communications are compromised.

• 2. One captured centurion jeopardizes legions.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Problems With Private Key Encryption

• 1. If one of the owners of the key reveals the key, all

communications are compromised.

• 2. One captured centurion jeopardizes legions. (“Wind

talkers”.)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Problems With Private Key Encryption

• 1. If one of the owners of the key reveals the key, all

communications are compromised.

• 2. One captured centurion jeopardizes legions. (“Wind

talkers”.)

• 3. One captured operative jeopardizes a spy network.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Problems With Private Key Encryption

• 1. If one of the owners of the key reveals the key, all

communications are compromised.

• 2. One captured centurion jeopardizes legions. (“Wind

talkers”.)

• 3. One captured operative jeopardizes a spy network.
• 4. It does not matter how sophisticated the private key code
• is. From the encoding process, you can find the decoding
• process. (Enigma.)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Problems With Private Key Encryption

• 1. If one of the owners of the key reveals the key, all

communications are compromised.

• 2. One captured centurion jeopardizes legions. (“Wind

talkers”.)

• 3. One captured operative jeopardizes a spy network.
• 4. It does not matter how sophisticated the private key code
• is. From the encoding process, you can find the decoding
• process. (Enigma.)
• 5. But somehow, even though the encoding mechanism for

internet transactions is public, internet transactions are considered safe

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Problems With Private Key Encryption

• 1. If one of the owners of the key reveals the key, all

communications are compromised.

• 2. One captured centurion jeopardizes legions. (“Wind

talkers”.)

• 3. One captured operative jeopardizes a spy network.
• 4. It does not matter how sophisticated the private key code
• is. From the encoding process, you can find the decoding
• process. (Enigma.)
• 5. But somehow, even though the encoding mechanism for

internet transactions is public, internet transactions are considered safe???

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Public Key Encryption

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Public Key Encryption

• 1. The problems with private key encryption would be

resolved if the decoding mechanism could not be (easily)

• btained from the encoding mechanism.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Public Key Encryption

• 1. The problems with private key encryption would be

resolved if the decoding mechanism could not be (easily)

• btained from the encoding mechanism.

1.1 One captured centurion’s code would not reveal what the

• thers are sending (did not happen).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Public Key Encryption

• 1. The problems with private key encryption would be

resolved if the decoding mechanism could not be (easily)

• btained from the encoding mechanism.

1.1 One captured centurion’s code would not reveal what the

• thers are sending (did not happen).

1.2 One captured operative would not be a problem (did not happen until late 1970s).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Public Key Encryption

• 1. The problems with private key encryption would be

resolved if the decoding mechanism could not be (easily)

• btained from the encoding mechanism.

1.1 One captured centurion’s code would not reveal what the

• thers are sending (did not happen).

1.2 One captured operative would not be a problem (did not happen until late 1970s). 1.3 Internet transmissions could be considered safe.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Public Key Encryption

• 1. The problems with private key encryption would be

resolved if the decoding mechanism could not be (easily)

• btained from the encoding mechanism.

1.1 One captured centurion’s code would not reveal what the

• thers are sending (did not happen).

1.2 One captured operative would not be a problem (did not happen until late 1970s). 1.3 Internet transmissions could be considered safe. (We do consider them as safe as can be.)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Public Key Encryption

• 1. The problems with private key encryption would be

resolved if the decoding mechanism could not be (easily)

• btained from the encoding mechanism.

1.1 One captured centurion’s code would not reveal what the

• thers are sending (did not happen).

1.2 One captured operative would not be a problem (did not happen until late 1970s). 1.3 Internet transmissions could be considered safe. (We do consider them as safe as can be.)

• 2. But how do you get something like that?

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Public Key Encryption

• 1. The problems with private key encryption would be

resolved if the decoding mechanism could not be (easily)

• btained from the encoding mechanism.

1.1 One captured centurion’s code would not reveal what the

• thers are sending (did not happen).

1.2 One captured operative would not be a problem (did not happen until late 1970s). 1.3 Internet transmissions could be considered safe. (We do consider them as safe as can be.)

• 2. But how do you get something like that?
• 3. Make breaking the code depend on being able to solve a

hard problem, like the factorization of a large number.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Proposition.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m). Proof.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m). But then A :=

• [xy]m : y = 1,...,m−1
• has m−1 distinct elements

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m). But then A :=

• [xy]m : y = 1,...,m−1
• has m−1 distinct elements and [0]m is not one of them.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m). But then A :=

• [xy]m : y = 1,...,m−1
• has m−1 distinct elements and [0]m is not one of them. There

are exactly m−1 equivalence classes modulo m that are not [0]m.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m). But then A :=

• [xy]m : y = 1,...,m−1
• has m−1 distinct elements and [0]m is not one of them. There

are exactly m−1 equivalence classes modulo m that are not [0]m. So A =

• [z]m : z = 1,...,m−1
• Bernd Schr¨
• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m). But then A :=

• [xy]m : y = 1,...,m−1
• has m−1 distinct elements and [0]m is not one of them. There

are exactly m−1 equivalence classes modulo m that are not [0]m. So A =

• [z]m : z = 1,...,m−1
• and [1]m ∈ A.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m). But then A :=

• [xy]m : y = 1,...,m−1
• has m−1 distinct elements and [0]m is not one of them. There

are exactly m−1 equivalence classes modulo m that are not [0]m. So A =

• [z]m : z = 1,...,m−1
• and [1]m ∈ A. Hence there

is a y ∈ {1,...,m−1} so that [x]m ·[y]m = [1]m

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m). But then A :=

• [xy]m : y = 1,...,m−1
• has m−1 distinct elements and [0]m is not one of them. There

are exactly m−1 equivalence classes modulo m that are not [0]m. So A =

• [z]m : z = 1,...,m−1
• and [1]m ∈ A. Hence there

is a y ∈ {1,...,m−1} so that [x]m ·[y]m = [1]m, that is, so that xy ≡ 1 (mod m).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proposition. Let x,m ∈ N have no common factors. Then for all

c ∈ N that are not divisible by m, we have that cx ≡ 0 (mod m). Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).

• Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.

Because x and m do not have any common factors, m|b. Hence, if c is not divisible by m, then cx ≡ 0 (mod m). Now consider {xy : y = 1,...,m−1}. For any two distinct y1,y2 ∈ {1,...,m−1} with y1 < y2 we have that m ∤ (y2 −y1). Hence, x(y2 −y1) ≡ 0 (mod m), which means that xy1 ≡ xy2 (mod m). But then A :=

• [xy]m : y = 1,...,m−1
• has m−1 distinct elements and [0]m is not one of them. There

are exactly m−1 equivalence classes modulo m that are not [0]m. So A =

• [z]m : z = 1,...,m−1
• and [1]m ∈ A. Hence there

is a y ∈ {1,...,m−1} so that [x]m ·[y]m = [1]m, that is, so that xy ≡ 1 (mod m).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Theorem.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p). Proof.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

≡ 1+ap (mod p)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

≡ 1+ap (mod p) ≡ 1+a (mod p)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

≡ 1+ap (mod p) ≡ 1+a (mod p) Now let a ∈ N be so that p ∤ a.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

≡ 1+ap (mod p) ≡ 1+a (mod p) Now let a ∈ N be so that p ∤ a. There is a b ∈ N with ab ≡ 1 (mod p).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

≡ 1+ap (mod p) ≡ 1+a (mod p) Now let a ∈ N be so that p ∤ a. There is a b ∈ N with ab ≡ 1 (mod p). Hence ap ≡ a (mod p)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

≡ 1+ap (mod p) ≡ 1+a (mod p) Now let a ∈ N be so that p ∤ a. There is a b ∈ N with ab ≡ 1 (mod p). Hence ap ≡ a (mod p) implies apb ≡ ab (mod p)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

≡ 1+ap (mod p) ≡ 1+a (mod p) Now let a ∈ N be so that p ∤ a. There is a b ∈ N with ab ≡ 1 (mod p). Hence ap ≡ a (mod p) implies apb ≡ ab (mod p), which implies ap−1 ≡ 1 (mod p).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Theorem. Fermat’s Little Theorem. Let p be a prime number.

Then for every a ∈ N we have that ap ≡ a (mod p). Moreover, for every a ∈ N that is not divisible by p we have that ap−1 ≡ 1 (mod p).

• Proof. Let a ∈ N. We prove ap ≡ a (mod p) by induction on a.

Base step a = 1: obvious. Induction step. (a+1)p =

p

∑

k=0

p k

• ak1p−k = 1+ap +

p−1

∑

k=1

p k

• ak

≡ 1+ap (mod p) ≡ 1+a (mod p) Now let a ∈ N be so that p ∤ a. There is a b ∈ N with ab ≡ 1 (mod p). Hence ap ≡ a (mod p) implies apb ≡ ab (mod p), which implies ap−1 ≡ 1 (mod p).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers
• 3. n := pq (must be hard to factor, so large, proprietary prime

numbers are used)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers
• 3. n := pq (must be hard to factor, so large, proprietary prime

numbers are used)

• 4. ϕ(n) := (p−1)(q−1)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers
• 3. n := pq (must be hard to factor, so large, proprietary prime

numbers are used)

• 4. ϕ(n) := (p−1)(q−1)
• 5. e ∈
• 2,...,ϕ(n)−1
• must be so that
• e,ϕ(n)
• = 1

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers
• 3. n := pq (must be hard to factor, so large, proprietary prime

numbers are used)

• 4. ϕ(n) := (p−1)(q−1)
• 5. e ∈
• 2,...,ϕ(n)−1
• must be so that
• e,ϕ(n)
• = 1 (there

is an efficient algorithm to check e)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers
• 3. n := pq (must be hard to factor, so large, proprietary prime

numbers are used)

• 4. ϕ(n) := (p−1)(q−1)
• 5. e ∈
• 2,...,ϕ(n)−1
• must be so that
• e,ϕ(n)
• = 1 (there

is an efficient algorithm to check e)

• 6. d is so that de ≡ 1
• mod ϕ(n)
• ,

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers
• 3. n := pq (must be hard to factor, so large, proprietary prime

numbers are used)

• 4. ϕ(n) := (p−1)(q−1)
• 5. e ∈
• 2,...,ϕ(n)−1
• must be so that
• e,ϕ(n)
• = 1 (there

is an efficient algorithm to check e)

• 6. d is so that de ≡ 1
• mod ϕ(n)
• , (there is an efficient

algorithm to find d)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers
• 3. n := pq (must be hard to factor, so large, proprietary prime

numbers are used)

• 4. ϕ(n) := (p−1)(q−1)
• 5. e ∈
• 2,...,ϕ(n)−1
• must be so that
• e,ϕ(n)
• = 1 (there

is an efficient algorithm to check e)

• 6. d is so that de ≡ 1
• mod ϕ(n)
• , (there is an efficient

algorithm to find d)

• 7. (n,e) is the public key (disseminated)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

RSA Encryption

• 1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method for

Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21, 120-126

• 2. p, q: fixed, distinct prime numbers
• 3. n := pq (must be hard to factor, so large, proprietary prime

numbers are used)

• 4. ϕ(n) := (p−1)(q−1)
• 5. e ∈
• 2,...,ϕ(n)−1
• must be so that
• e,ϕ(n)
• = 1 (there

is an efficient algorithm to check e)

• 6. d is so that de ≡ 1
• mod ϕ(n)
• , (there is an efficient

algorithm to find d)

• 7. (n,e) is the public key (disseminated)
• 8. d is the private key (kept secret)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers). Group letters in blocks and encode them with numbers.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers). Group letters in blocks and encode them with numbers. Make sure a cryptoquote style approach is unlikely to break the code.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers). Group letters in blocks and encode them with numbers. Make sure a cryptoquote style approach is unlikely to break the code.

• 2. Encrypted message: c :≡ me (mod n) (use the positive

representative smaller than n for convenience).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers). Group letters in blocks and encode them with numbers. Make sure a cryptoquote style approach is unlikely to break the code.

• 2. Encrypted message: c :≡ me (mod n) (use the positive

representative smaller than n for convenience).

• 3. Decrypted message: Representative of
• cd

n that is in

{0,...,n−1}.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers). Group letters in blocks and encode them with numbers. Make sure a cryptoquote style approach is unlikely to break the code.

• 2. Encrypted message: c :≡ me (mod n) (use the positive

representative smaller than n for convenience).

• 3. Decrypted message: Representative of
• cd

n that is in

{0,...,n−1}. Why does this work?

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers). Group letters in blocks and encode them with numbers. Make sure a cryptoquote style approach is unlikely to break the code.

• 2. Encrypted message: c :≡ me (mod n) (use the positive

representative smaller than n for convenience).

• 3. Decrypted message: Representative of
• cd

n that is in

{0,...,n−1}. Why does this work? Theorem.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers). Group letters in blocks and encode them with numbers. Make sure a cryptoquote style approach is unlikely to break the code.

• 2. Encrypted message: c :≡ me (mod n) (use the positive

representative smaller than n for convenience).

• 3. Decrypted message: Representative of
• cd

n that is in

{0,...,n−1}. Why does this work?

• Theorem. RSA encryption.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Sending Messages

• 1. The message is a large number m smaller than n (or a

string of numbers). Group letters in blocks and encode them with numbers. Make sure a cryptoquote style approach is unlikely to break the code.

• 2. Encrypted message: c :≡ me (mod n) (use the positive

representative smaller than n for convenience).

• 3. Decrypted message: Representative of
• cd

n that is in

{0,...,n−1}. Why does this work?

• Theorem. RSA encryption. With notation as above, if

c ≡ me (mod n), then cd ≡ m (mod n).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Proof.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• .

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then cd

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then cd ≡ med

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then cd ≡ med ≡ 0ed

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then cd ≡ med ≡ 0ed ≡

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then cd ≡ med ≡ 0ed ≡ 0 ≡

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then cd ≡ med ≡ 0ed ≡ 0 ≡ m (mod p).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then cd ≡ med ≡ 0ed ≡ 0 ≡ m (mod p). Similarly, we prove that cd ≡ m (mod q), which implies cd ≡ m (mod n).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

• Proof. cd ≡ (me)d ≡ med (mod n).

Now, de ≡ 1

• mod (p−1)(q−1)
• , so de ≡ 1
• mod p−1
• and

de ≡ 1

• mod q−1
• . That is, there are x and y so that

ed = 1+x(p−1) = 1+y(q−1). Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step, we obtain cd ≡ med = m1+x(p−1) =

• mp−1x m ≡ m (mod p).

Case 2: p|m. If m is a multiple of p, then cd ≡ med ≡ 0ed ≡ 0 ≡ m (mod p). Similarly, we prove that cd ≡ m (mod q), which implies cd ≡ m (mod n).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).
• 3. ϕ(n) can be generated from p and q.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).
• 3. ϕ(n) can be generated from p and q.
• 4. p and q can in principle be obtained from n.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).
• 3. ϕ(n) can be generated from p and q.
• 4. p and q can in principle be obtained from n. But that’s the

key to safety.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).
• 3. ϕ(n) can be generated from p and q.
• 4. p and q can in principle be obtained from n. But that’s the

key to safety. Factoring large numbers is hard.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).
• 3. ϕ(n) can be generated from p and q.
• 4. p and q can in principle be obtained from n. But that’s the

key to safety. Factoring large numbers is hard.

• 5. There might be fast factorization algorithms (that would

win a Clay Millennium Prize).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).
• 3. ϕ(n) can be generated from p and q.
• 4. p and q can in principle be obtained from n. But that’s the

key to safety. Factoring large numbers is hard.

• 5. There might be fast factorization algorithms (that would

win a Clay Millennium Prize).

• 6. Quantum computers could do it (but we can’t build them

yet).

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).
• 3. ϕ(n) can be generated from p and q.
• 4. p and q can in principle be obtained from n. But that’s the

key to safety. Factoring large numbers is hard.

• 5. There might be fast factorization algorithms (that would

win a Clay Millennium Prize).

• 6. Quantum computers could do it (but we can’t build them

yet).

• 7. So for the time being, public key encryption is safe.

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption

logo1 Overview Needed Theorems RSA Encryption

Why Is It Safe?

• 1. To break the code, an attacker would need d.
• 2. d can be generated from e and ϕ(n).
• 3. ϕ(n) can be generated from p and q.
• 4. p and q can in principle be obtained from n. But that’s the

key to safety. Factoring large numbers is hard.

• 5. There might be fast factorization algorithms (that would

win a Clay Millennium Prize).

• 6. Quantum computers could do it (but we can’t build them

yet).

• 7. So for the time being, public key encryption is safe. (In my
• pinion, it will be a while.)

Bernd Schr¨

• der

Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption