Applications of Number

Theory
CS 202
Epp section 10.4
Aaron Bloomfield

About this lecture set

I want to introduce RSA
The most commonly used cryptographic algorithm
today

Much of the underlying theory we will not be able

to get to
Its beyond the scope of this course

Much of why this all works wont be taught

Its just an introduction to how it works
2

Private key cryptography

The function and/or key to encrypt/decrypt is a
secret
(Hopefully) only known to the sender and recipient

The same key encrypts and decrypts

How do you get the key to the recipient?

Public key cryptography

Everybody has a key that encrypts and a
separate key that decrypts
They are not interchangable!

The encryption key is made public

The decryption key is kept private

Public key cryptography goals

Key generation should be relatively easy
Encryption should be easy
Decryption should be easy
With the right key!

Cracking should be very hard

Is that number prime?

Use the Fermat primality test
Given:
n: the number to test for primality
k: the number of times to test (the certainty)

The algorithm is:

repeat k times:
pick a randomly in the range [1, n1]
if an1 mod n 1 then return composite

return probably prime

Is that number prime?

The algorithm is:
repeat k times:
pick a randomly in the range [1, n1]
if an1 mod n 1 then return composite

return probably prime

Let n = 105
Iteration 1: a = 92: 92104 mod 105 = 1
Iteration 2: a = 84: 84104 mod 105 = 21
Therefore, 105 is composite

Is that number prime?

The algorithm is:
repeat k times:
pick a randomly in the range [1, n1]
if an1 mod n 1 then return composite

return probably prime

Let n = 101

Iteration 1: a = 55: 55100 mod 101 = 1

Iteration 2: a = 60: 60100 mod 101 = 1
Iteration 3: a = 14: 14100 mod 101 = 1
Iteration 4: a = 73: 73100 mod 101 = 1
At this point, 101 has a ()4 = 1/16 chance of still
8
being composite

More on the Fermat primality test

Each iteration halves the probability that the number is a
composite
Probability = ()k
If k = 100, probability its a composite is () 100 = 1 in 1.2 1030
that the number is composite
Greater chance of having a hardware error!

Thus, k = 100 is a good value

However, this is not certain!

There are known numbers that are composite but will always
report prime by this test

Source: http://en.wikipedia.org/wiki/Fermat_primality_test

Googles recruitment campaign

10

RSA
Stands for the inventors: Ron Rivest, Adi Shamir
and Len Adleman
Three parts:
Key generation
Encrypting a message
Decrypting a message

11

Key generation steps

1. Choose two random large prime numbers p q, and
n = p*q
2. Choose an integer 1 < e < n which is relatively prime to
(p-1)(q-1)
3. Compute d such that d * e 1 (mod (p-1)(q-1))

Rephrased: d*e mod (p-1)(q-1) = 1

4. Destroy all records of p and q

12

Key generation, step 1

Choose two random large prime numbers p q

In reality, 2048 bit numbers are recommended

Thats 617 digits

From last lecture: chance of a random odd 2048 bit

number being prime is about 1/710

We can compute if a number is prime relatively quickly via

the Fermat primality test

We choose p = 107 and q = 97

Compute n = p*q
n = 10379
13

Key generation, step 1

Java code to find a big prime number:
BigInteger prime = new BigInteger
(numBits, certainty, random);

The number of
bits of the prime

Certainty that the

number is a prime

The random number

generator

14

Key generation, step 1

Java code to find a big prime number:
import java.math.*;
import java.util.*;
class BigPrime {
static int numDigits = 617;
static int certainty = 100;
static final double LOG_2 = Math.log(10)/Math.log(2);
static int numBits = (int) (numDigits * LOG_2);
public static void main (String args[]) {
Random random = new Random();
BigInteger prime = new BigInteger (numBits, certainty,
random);
System.out.println (prime);
}
}

15

Key generation, step 1

How long does this take?
Keep in mind this is Java!
These tests done on a 850 Mhz Pentium machine
Average of 100 trials (certainty = 100)
200 digits (664 bits): about 1.5 seconds
617 digits (2048 bits): about 75 seconds

16

Key generation, step 1

Practical considerations
p and q should not be too close together
(p-1) and (q-1) should not have small prime factors
Use a good random number generator

18

Key generation, step 2

Choose an integer 1 < e < n which is relatively
prime to (p-1)(q-1)
There are algorithms to do this efficiently
We arent going over them in this course

Easy way to do this: make e be a prime number

It only has to be relatively prime to (p-1)(q-1), but can
be fully prime
19

Key generation, step 2

Recall that p = 107 and q = 97
(p-1)(q-1) = 106*96 = 10176 = 26*3*53

We choose e = 85
85 = 5*17
gcd (85, 10176) = 1
Thus, 85 and 10176 are relatively prime

20

Key generation, step 3

Compute d such that:
d * e 1 (mod (p-1)(q-1))
Rephrased: d*e mod (p-1)(q-1) = 1

There are algorithms to do this efficiently

We arent going over them in this course

We choose d = 4669
4669*85 mod 10176 = 1

Use the script at

http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow
21

Key generation, step 3

Java code to find d:
import java.math.*;
class FindD {
public static void main (String args[]) {
BigInteger pq = new BigInteger("10176");
BigInteger e = new BigInteger ("85");
System.out.println (e.modInverse(pq));
}
}

Result: 4669
22

Key generation, step 4

Destroy all records of p and q
If we know p and q, then we can compute the
private encryption key from the public decryption
key
d * e 1 (mod (p-1)(q-1))

23

The keys
We have n = p*q = 10379, e = 85, and d = 4669
The public key is (n,e) = (10379, 85)
The private key is (n,d) = (10379, 4669)
Thus, n is not private
Only d is private

In reality, d and e are 600 (or so) digit numbers

Thus n is a 1200 (or so) digit number

24

Encrypting messages

To encode a message:
1. Encode the message m into a number
2. Split the number into smaller numbers m < n
3. Use the formula c = me mod n

c is the ciphertext, and m is the message

Java code to do the last step:

m.modPow (e, n)
Where the object m is the BigInteger to encrypt

25

Encrypting messages example

1.

Encode the message into a number

String is Go Cavaliers!!
Modified ASCII codes:

2.

41 81 02 37 67 88 67 78 75 71 84 85 03 03

Split the number into numbers < n

3.

Recall that n = 10379

4181 0237 6788 6778 7571 8485 0303

Use the formula c = me mod n

418185 mod 10379 = 4501

023785 mod 10379 = 2867
678885 mod 10379 = 4894
Etc

Encrypted message:

4501 2867 4894 0361 3630 4496 6720

26

Encrypting RSA messages

Formula

is c = me mod n

27

Decrypting messages
1. Use the formula m = cd mod n on each number
2. Split the number
character numbers

into

individual

ASCII

3. Decode the message into a string

28

Decrypting messages example

Encrypted message:

1.

4501 2867 4894 0361 3630 4496 6720

Use the formula m = cd mod n on each number

2.

45014669 mod 10379 = 4181

28674669 mod 10379 = 0237
48944669 mod 10379 = 6788
Etc

Split the numbers into individual characters

3.

41 81 02 37 67 88 67 78 75 71 84 85 03 03

Decode the message into a string

Modified ASCII codes:

41 81 02 37 67 88 67 78 75 71 84 85 03 03

Retrieved String is Go Cavaliers!!

29

modPow computation
1. How to compute c = me mod n or m = cd mod n?

Example: 45014669 mod 10379 = 4181

Use the script at

http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow

Other means:

Java: use the BigInteger.modPow() method

Perl: use the bmodpow function in the BigInt library
Etc
30

Why this works

m = cd mod n
c = me mod n

cd (me)d med (mod n)

Recall that:
ed 1 (mod p-1)
ed 1 (mod q-1)

Thus,
med m (mod p)
med m (mod q)

med m (mod pq)

med m (mod n)

31

Cracking a message
In order to decrypt a message, we must compute m = cd
mod n
n is known (part of the public key)
c is known (the ciphertext)
e is known (the encryption key)

Thus, we must compute d with no other information

Recall: choose an integer 1 < e < n which is relatively prime to
(p-1)(q-1)
Recall: Compute d such that: d*e mod (p-1)(q-1) = 1

Thus, we must factor the composite n into its component

primes
There is no efficient way to do this!
We can, very easily, tell that n is composite, but we cant tell what
its factors are

Once n is factored into p and q, we compute d as above

Then we can decrypt c to obtain m

32

Cracking a message example

In order to decrypt a message, we must compute m = cd

mod n
n = 10379
c is the ciphertext being cracked
e = 85

In order to determine d, we need to factor n

d*e mod (p-1)(q-1) = 1
We factor n into p and q: 97 and 107
This would not have been feasible with two large prime
factors!!!
d * 85 (mod (96)(106)) = 1

We then compute d as above, and crack the message

33

Signing a message
Recall that we computed:
d*e mod (p-1)(q-1) = 1
Note that d and e are interchangable!
You can use either for the encryption key

You can encrypt with either key!

Thus, you must use the other key to decrypt

34

Signing a message

To sign a message:
1. Write a message, and determine the MD5 hash
2. Encrypt the hash with your private (encryption) key
3. Anybody can verify that you created the message
because ONLY the public (encryption) key can
decrypt the hash
4. The hash is then verified against the message

35

PGP and GnuPG

Two applications which implement the RSA
algorithm
GnuPG Is open-source (thus its free)
PGP was first, and written by Phil Zimmerman
The US govt didnt like PGP

36

The US govt and war

munitions

37

How to crack PGP

Factoring n is not feasible
Thus, cracking PGP is done by other means
Intercepting the private key
Hacking into the computer, stealing the computer, etc.

Man-in-the-middle attack (next 2 slides)

Etc.

38

Man-in-the-middle attack:
Normal RSA communication
What is your public key?
My public key is 12345
What is your public key?
My public key is 67890
Heres message encrypted with 12345
Heres a response encrypted with 67890
39

What is your public key?

My public key is abcde
What
Blackishas
yourthe
public key?
private decryption
My
key is 67890
keypublic
for abcde

What is your public key?

My public key is 12345
What is your public key?

My public key is vwxyz

Heres message encrypted w/ abcde

Black has the

Decrypts message with correspondingprivate
privatedecryption
key to abcde;
key for
re-encrypts message with blues public
keyvwxyz
(12345)
Heres message encrypted w/ 12345
Heres response encrypted w /vwxyz
Decrypts message with corresponding private key to vwxyz;
re-encrypts message with yellows public key (67890)

Heres response encrypted w/ 67890

40

Other public key encryption

methods
Modular logarithms
Developed by the US government, therefore not
widely trusted

Elliptic curves

41

Quantum computers
A quantum computer could (in principle) factor n in
reasonable time
This would make RSA obsolete!
Shown (in principle) by Peter Shor in 1993
You would need a new (quantum) encryption algorithm to encrypt your
messages

This is like saying, in principle, you could program a

computer to correctly predict the weather
A few years ago, IBM created a quantum computer that
successfully factored 15 into 3 and 5
I bet the NSA is working on such a computer, also
42

Sources
Wikipedia article has a lot of info on RSA and the
related algorithms
Those articles use different variable names
Link at http://en.wikipedia.org/wiki/RSA

43