All secret key algorithms  & hash algorithms do the same thing but public key algorithms look very different from each other.

The thing that is common among all of them is that each participant has two  keys, public and private, and most of them are based on modular arithmetic.

x mod n is the remainder of x when divided by n.

e.g., 8 mod 10 = 8,        18 mod 10 = 8,         24 mod 10 = 4
        8 mod 7 = 1,          18 mod 7 = 4,           24 mod 7 = 3

• Addition:

Example: addition mod 10
   8 + 8 = 6, 1 + 9 = 0, 7 + 6 = 3

See  Fig. 6-1 for addition  mod 10 Table:

Addition  mod 10 can be used for encryption of digits:
add k (between 1-9) to each digit,  k is the secret key.

Example:  if k = 7, then 1987 is encrypted to 8654.

decryption is done by adding the -k, the additive inverse of k,
to each digit.
An additive inverse of x is the number you'd have to add to x to get 0.

Example:  if k = 7, then -k is 3 since 7+3 = 0 and thus
8654 will is decrypted to 1987.


In the above table (Fig. 6-1), each "0" is the intersection of k and -k, e.g., 0 is the intersection of 3 and 7.





• Multiplication:

Example: multiplication mod 10
   8 x 8 = 4, 1 x 9 = 9 , 7 x 6 = 2

See  Fig. 6-2 for multiplication  mod 10 Table:

Multiplication by 1, 3, 7 and 9 works as a cipher since it performs 1-1 mapping.

Example:  if k = 7, then 1987 is encrypted to 7369

decryption is done by multiplying each digit by  k^-1 , the multiplicative inverse of k. A multiplicative inverse of k is the number to multiply by k to get 1.

Example:  if k = 7, then k^-1 is 3 since 7x3 = 1

In the above table (Fig. 6-2), each "1" is the intersection of k and k^-1.
Only the numbers {1,3,7,9} have multiplicative inverse mod 10.

Euclide's Algorithm: efficiently find multiplicative inverses mod n.
Given x and n, it finds a number y such that x.y mod n = 1
 (if there is such y).

What is so special about the set {1,3,7,9}?


These numbers are relatively prime to 10, i.e., they do not share with 10 any common factors other than 1.
Note that 9 is not a  prime number but it is relatively prime to 10.

How many numbers less than n are relatively prime to n?
This quantity is referred to as Ø(n) and is called the totient function.

• If n is prime:
  

• If  n = p.q where p and q are two distinct primes,
  

Example:  for n = 10 = 2.5, Ø(10) =(2-1).(5-1)=1.4=4,
which is the set {1,3,7,9}.

• Exponentation:

Example:  exponentiation mod 10

      4 ² = 6, 8 ⁸ = 6, 1⁹  = 9 , 7⁶  = 9

See Fig. 6-3  for exponentiation  mod 10 Table:





Amazing fact about Ø(n):

x ^m mod n = x ^{m mod Ø(n)}  mod n

e.g., 3rd = 7th =11th & 1st=5th=9th=11th & 2nd=6th=10th.
 

Special case: if m = 1 mod Ø(n),  then  for any number x,

x ^mmod n = x mod n.

Example:  For n =10, Ø(10)=4:

m = 5 = 1 mod 4:   x = 3:  3⁵mod 10 = 3 &  x = 6:  6⁵mod 10 = 6 &
                                 in general:  x⁵mod 10 = x mod 10
m = 9 = 1 mod 4:   x = 3:  3⁹mod 10 = 3 &  x = 6:  6⁹mod 10 = 6 &
                                 in general: x⁹mod 10 = x mod 10


 

An exponentiative  inverse of e is the number  d  such that:


e.d = 1 mod Ø(n)


Example: For n= 10, Ø(10)=4:

• To encrypt m:  compute  c = m^e mod n
• To decrypt c:   compute  m = c^d mod n

Example: 

• To sign m: compute s = m^d mod n
• To verify s: compute m = s^e mod n

Example:

      verify  s=2:  m = 2³ = 8

In public cryptography:
 

<e, n> is public key  &  <d,n> is  private key

Key length: variable (long for security, short for efficiency),
 most common value is 512 bits.
Block size:  plain text is variable less than  key length &
 cipher text length  equals key length.

Thus RSA is used for encrypting small   amount of data like secret key & then we use secret key cryptography for encrypting/decrypting
large  amount of data.

RSA Algorithm:

generate public & private keys pair:

1.  choose two  large primes p and q.
     (typically 256 bits each & keep them secret).
2.  compute n = p.q & Ø(n) = (p-1)(q-1).
     (it is very hard to factor n into p & q).
3.  choose a number e that is relatively prime to Ø(n).
4.  find a number d that is the multiplicative inverse of
     e mod Ø(n),   i.e., e.d = 1 mod Ø(n).
5.  your  public key:  <e,n>  &   private key:  <d,n>.

To encrypt a message m (<n):

c = m^e mod n

& To decrypt c: m = c^d mod n

This works since:
c^d mod n = (m^e)^d mod n
               = m^e.d mod n
                = m mod  n    // since e.d = 1 mod Ø(n)
                = m                // since m < n

sign/verify:

To sign a message m (<n):

s = m^d mod n

& To verify s: m = s^e mod n
This also works since: s^e mod n = m^e.d mod n = m mod n = m

Why is RSA Secure:
 

Every one  knows the public key:  <e, n>.
To find the private key <d,n>  you  need to know Ø(n) since
e.d = 1 mod Ø(n).
To know Ø(n) you need  to  p and q since Ø(n) = (p-1).(q-1).
Thus to break RSA you should know how to factor n to find  p and q.
Factoring a big number like  n is hard.
(the best technique  to factor 512 bit number will take 30,000 MIPS-years!)

Exponentiation

How to compute 123⁵⁴ mod 678?

123² = 123.123 = 15129 = 213 mod 678
123³ = 123.213 = 26199 = 435 mod 678
123⁴ = 123.435 = 53505 = 621 mod 678
......
123⁵⁴ =     ......                 = 87  mod 678

This requires 54  small number multiplications and 54 small number divisions.
 

How to compute 123³² mod 678?

123²   = 123.123 = 15129     =  213 mod 678
123⁴    = 213.213 = 45369     =  621 mod 678
123⁸    = 621.621 = 385641   =  537 mod 678
123¹⁶  = 537.537 = 288369   =  219 mod 678
123³²  = 219.219 = 47961     =  501 mod 678

This requires 5  multiplications and 5 divisions instead of 32.

To efficiently compute  123⁵⁴ : 54 is represented in binary as:

1         1                  0              1                1              0

 
This requires 8  multiplications and 8 divisions instead of 32.
Each 1 requires two multipliactions and two divisions
and each 0 requires one multipliaction and one division.
Thus in the above we have three 1s and two 0s that yeilds 3.2+2.1=8
(we ignore the leading 1).

Another example:  y¹⁴ , 14 is represented in binary as:
 

       1              1                 1                  0
                  |             |              |
   ((             ( y²) y            )²y               )²
 
 

This requires 5  multiplication's and 5 divisions instead of 32.

• Finding big prime number:

Choose  a random number  n and test  if it is a prime.
(for a 100 digit number the chances of success is 1 in 230).

test: pick a < n
     if   (a^n-1 mod n)   !=  1
     then
              n is not prime
     else
              n is prime   // the probability of being wrong is 1 in 10¹³
 

• Finding d, n & e:

Finding e:


Instead of selecting p, q and then e (see RSA algorithm ),
we will select e first then p and q.

Two popular values for e are: 3 and 65537 (2¹⁶ + 1).
These makes public key operations on message m faster
(encryption and signature verification is m^e):

m³ requires 2 multiplications  & 2 divisions.
m⁶⁵⁵³⁷ requires 17 multiplactions & 17 divisions (binary value of e  is 1. 15 0s .1).

If e = 3:
how to choose p & q so that 3 is relatively prime to Ø(n) = (p-1)(q-1)?
Choose random numbers x and y then:


             p = (2x+1)*3+2 &
             q = (2y+1)*3+2


Why?

To ensure that (p-1) relatively prime to 3 we choose
(p-1) = 1 mod 3 or   p = 2 mod 3.
Hence choose p as k*3+2 and to make sure that p is odd let k=2x+1.
Thus p = (2x+1)*3 + 2.

If e = 65537:  randomly choose p and q and and make sure that
they are not 1 mod 65537 (the probability of rejection  is 1 in 2¹⁶).
 

Once we selected p and q, then n = p.q and Ø(n) = (p-1)(q-1).


Finding d:

How to fine d such that e.d = 1 mod Ø(n) ?
Use Euclid algorithm (see Section 7.4, page 187 of textbook).


The RSA keys:

  public key:  <3|65537, n>     private key: <d , n>.
 

    Alice and Bob agree on:  p (large prime) &  g < p.
 

             Alice                                                               Bob

Pick S_A  (512-bit random number)                 Pick S_B  (512-bit random number)
Compute T_A = ( gS_A) mod p                           Compute T_B = (gS_B) mod p

                     T_{A                         >>>}          <<<                    T_B   

Compute  X =     T_B S_A mod p                      Compute Y = T_A ^SB mod p 

X is the same as Y! why?

       X =  T_B^SA  = g^SB^SA
       Y =  T_A^SB  = g^SA^SB

No one can compute  g ^(SA^SB ⁾ by knowing  g ^(SA ⁾  & g ^(SB ⁾

                    Alice                           Mr. X                             Bob

                 Pick S_A                         Pick S_X                          Pick S_B

Compute:     T_A = g^SA mod p                T_X = g^SX mod p                     T_B = g^SB mod p

                     T_{A            >>}             T_{A  ..} T_{X             >>}             T_X
                     T_{X            <<}             T_{X  ..} T_{B             <<}             T_B

Compute:  K_AX  =  T_X ^SA mod p        K_AX  =  T_A ^SX mod p             K_BX  =  T_X ^SB mod p
                                                          K_BX  =  T_B ^SX mod p

Possible Defense
 

Each person i picks S_i   and computes  T_i = g^Si _{mod p}
and Keeps  S_i  private and  makes  T_i  public

If Alice like to communicate with Bob,
she finds T_B and computes:
                                   K_AB = T_B ^SA _{mod p}
Then tells Bob she likes to communicate with him.
Bob finds T_A   and hen   computes:
                                   K_BA = T_A ^SB _{mod p}

This requires PKI  (public Key Infrastructure) to manage  T_i