Public Key Cryptography 2 RSA Lemma 1 l
Public Key Cryptography 2 RSA
Lemma 1 l Let s and t be relatively prime. Then l Proof: Let be given by First we show that actually maps Then we show is an isomorphism.
Example l Let s = 8, t = 15, so that st = 120. l (83) = (83 mod 8, 83 mod 15) = (3, 8) l (29) = (29 mod 8, 29 mod 15) = (5, 14) l (83 • 29) = (7, 7) = (3 • 5 mod 8, 8 • 14 mod 15) = (83) • (29)
l Choose any x in U(st). Then gcd(x, st) = 1. There exist integers a, b with ax + bst = 1. Then 1 is a linear combination of x and s, so gcd(x, s) =1. Hence x mod s is in U(s). Similarly x mod t is in U(t).
is one-to-one l Suppose (x) = (y) where 0 ≤ x ≤ y < st. Then (x mod s, x mod t) = (y mod s, y mod t) So x mod s = y mod s and x mod t = y mod t Hence s and t both divide y–x. But s, t are relatively prime, so st divides y–x as well. Also 0 ≤ y–x < st, so y–x = 0. It follows that is one-to-one.
is onto l Choose any (xs, xt) in There exist integers a, b with as + bt = 1. gcd(x, st) Let x = (btxs + asxt ) mod st. =1 In moment, we will show that x is in U(st). Then x = btxs + asxt + stn for some n. So x mod s = (1 • xs + 0 • xt + 0 • n) mod s = xs x mod t = (0 • xs + 1 • xt + 0 • n) mod t = xt So (x) = (xs, xt), and is onto.
Example: The inverse of l (x) = (x mod 8, x mod 15) l Suppose (x) = (3, 8). Find x. l First write 2 • 8+(-1) • 15 = 1 l Then x = (-1 • 15)(3) + (2 • 8)(8) = -45 + 128 = 83
To show gcd(x, st) = 1: l Given xs in U(s), xt in U(t), x = (btxs + asxt) where as+bt = 1. Set y = (btxs-1+ asxt-1). Now xy = (btxs + asxt)(btxs-1+ asxt-1), so xy mod s = (1 • xs+ 0)(1 • xs-1 + 0) mod s = 1. xy mod t = (0 + 1 • xt)(0 + 1 • xt-1) mod t = 1. Now s | xy– 1, t |xy– 1, and gcd(s, t)=1 implies st | xy– 1, so xy mod st = 1. Hence x and st are relatively prime.
is Operation Preserving l (x) (y) = (x mod s, x mod t)(y mod s, y mod t) = (xy mod s, xy mod t) = (xy) l Since is one-to-one, onto, and operation preserving, is an isomorphism. l Therefore,
Theorem: (Gauss) l Let p be an odd prime, n > 0. l Corollary 1. For odd prime p, l Corollary 2. Let p and q be odd primes. Proof:
RSA Recipe l Choose (large) odd primes p, q l Let N = p • q, m = lcm(p-1, q-1) Public Key is E, N l Choose E relatively prime to m l Let D = E-1 in U(m) l To encode message M: C = ME mod N l To decode message C: M = CD mod N Private Key is D, N
Will RSA work? l. M = lcm(p-1, q-1) = h(p-1) = k(q-1) for some integers h, k. ED + s. M = 1 for some integer s. So, ED mod (p-1) = ED mod (q-1) = 1 l Also, isomorphism l Let. Then.
Will RSA work? l. M = lcm(p-1, q-1) = h(p-1) = k(q-1) for some integers h, k. l We claim Let be an isomorphism. Operation Say. Preserving Then So as required. One-to-One
Encoding, Decoding are inverses l Recall that E and D are inverses mod M. So ED = 1+s. M for some integer s. Let x in U(N) be a message. In U(N), y = x. E is the encrypted message. The decrypted message is z = y. D = x. ED = x 1+s. M = x • (x. M)s = x RSA works!
How to break RSA l Everyone is given E, N. l Factor N into p • q ¡ Note p and q are large. Let M = lcm(p-1, q-1) = (p-1)(q-1) gcd(p-1, q-1) Let D = E-1 mod M Euclidean Algorithm
- Slides: 15