Public Key (RSA) Encryption - Louisiana Tech University

Overview Needed Theorems RSA EncryptionPublic Key (RSA) EncryptionBernd SchröderBernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionEncryption and Decryptionlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce. “You”: Provider and client.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce. “You”: Provider and client. “They”:Hackers, identity thieves.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce. “You”: Provider and client. “They”:Hackers, identity thieves.3. Intelligence.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce. “You”: Provider and client. “They”:Hackers, identity thieves.3. Intelligence. “You”: Operative and correspondingintelligence agency.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce. “You”: Provider and client. “They”:Hackers, identity thieves.3. Intelligence. “You”: Operative and correspondingintelligence agency. “They”: Another intelligence agency.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce. “You”: Provider and client. “They”:Hackers, identity thieves.3. Intelligence. “You”: Operative and correspondingintelligence agency. “They”: Another intelligence agency.4. War.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce. “You”: Provider and client. “They”:Hackers, identity thieves.3. Intelligence. “You”: Operative and correspondingintelligence agency. “They”: Another intelligence agency.4. War. “You”: Field commander and central command.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionEncryption and Decryption1. Simple idea: “You” want to send communications that“they” won’t understand, even if the transmission isintercepted.2. Internet commerce. “You”: Provider and client. “They”:Hackers, identity thieves.3. Intelligence. “You”: Operative and correspondingintelligence agency. “They”: Another intelligence agency.4. War. “You”: Field commander and central command.“They”: Opposing army.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipherlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.3. Caesarian cipher: Scramble the letters of the alphabet.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.3. Caesarian cipher: Scramble the letters of the alphabet. Forexample, “hello” becomes “ygaap”.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.3. Caesarian cipher: Scramble the letters of the alphabet. Forexample, “hello” becomes “ygaap”.4. To send the message you need to know how to encode themessage:logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.3. Caesarian cipher: Scramble the letters of the alphabet. Forexample, “hello” becomes “ygaap”.4. To send the message you need to know how to encode themessage: h → y, e → g, l → a, o → p.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.3. Caesarian cipher: Scramble the letters of the alphabet. Forexample, “hello” becomes “ygaap”.4. To send the message you need to know how to encode themessage: h → y, e → g, l → a, o → p.5. To read the message you need to know how to decode it:logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.3. Caesarian cipher: Scramble the letters of the alphabet. Forexample, “hello” becomes “ygaap”.4. To send the message you need to know how to encode themessage: h → y, e → g, l → a, o → p.5. To read the message you need to know how to decode it:y → h, g → e, a → l, p → o.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.3. Caesarian cipher: Scramble the letters of the alphabet. Forexample, “hello” becomes “ygaap”.4. To send the message you need to know how to encode themessage: h → y, e → g, l → a, o → p.5. To read the message you need to know how to decode it:y → h, g → e, a → l, p → o.6. But for this one, as soon as you can encode, you candecode, too.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionCaesarian Cipher1. In Caesar’s times most people, including Romans, wereilliterate.2. But that did not make written communications safe. Therewere literate barbarians.3. Caesarian cipher: Scramble the letters of the alphabet. Forexample, “hello” becomes “ygaap”.4. To send the message you need to know how to encode themessage: h → y, e → g, l → a, o → p.5. To read the message you need to know how to decode it:y → h, g → e, a → l, p → o.6. But for this one, as soon as you can encode, you candecode, too.7. So sender and recipient must keep the code private, whichis why this is called “private key encryption”.Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionProblems With Private Key Encryptionlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProblems With Private Key Encryption1. If one of the owners of the key reveals the key, allcommunications are compromised.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProblems With Private Key Encryption1. If one of the owners of the key reveals the key, allcommunications are compromised.2. One captured centurion jeopardizes legions.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProblems With Private Key Encryption1. If one of the owners of the key reveals the key, allcommunications are compromised.2. One captured centurion jeopardizes legions. (“Windtalkers”.)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProblems With Private Key Encryption1. If one of the owners of the key reveals the key, allcommunications are compromised.2. One captured centurion jeopardizes legions. (“Windtalkers”.)3. One captured operative jeopardizes a spy network.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProblems With Private Key Encryption1. If one of the owners of the key reveals the key, allcommunications are compromised.2. One captured centurion jeopardizes legions. (“Windtalkers”.)3. One captured operative jeopardizes a spy network.4. It does not matter how sophisticated the private key codeis. From the encoding process, you can find the decodingprocess. (Enigma.)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProblems With Private Key Encryption1. If one of the owners of the key reveals the key, allcommunications are compromised.2. One captured centurion jeopardizes legions. (“Windtalkers”.)3. One captured operative jeopardizes a spy network.4. It does not matter how sophisticated the private key codeis. From the encoding process, you can find the decodingprocess. (Enigma.)5. But somehow, even though the encoding mechanism forinternet transactions is public, internet transactions areconsidered safelogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProblems With Private Key Encryption1. If one of the owners of the key reveals the key, allcommunications are compromised.2. One captured centurion jeopardizes legions. (“Windtalkers”.)3. One captured operative jeopardizes a spy network.4. It does not matter how sophisticated the private key codeis. From the encoding process, you can find the decodingprocess. (Enigma.)5. But somehow, even though the encoding mechanism forinternet transactions is public, internet transactions areconsidered safe???logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionPublic Key Encryptionlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionPublic Key Encryption1. The problems with private key encryption would beresolved if the decoding mechanism could not be (easily)obtained from the encoding mechanism.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionPublic Key Encryption1. The problems with private key encryption would beresolved if the decoding mechanism could not be (easily)obtained from the encoding mechanism.1.1 One captured centurion’s code would not reveal what theothers are sending (did not happen).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionPublic Key Encryption1. The problems with private key encryption would beresolved if the decoding mechanism could not be (easily)obtained from the encoding mechanism.1.1 One captured centurion’s code would not reveal what theothers are sending (did not happen).1.2 One captured operative would not be a problem (did nothappen until late 1970s).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionPublic Key Encryption1. The problems with private key encryption would beresolved if the decoding mechanism could not be (easily)obtained from the encoding mechanism.1.1 One captured centurion’s code would not reveal what theothers are sending (did not happen).1.2 One captured operative would not be a problem (did nothappen until late 1970s).1.3 Internet transmissions could be considered safe.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionPublic Key Encryption1. The problems with private key encryption would beresolved if the decoding mechanism could not be (easily)obtained from the encoding mechanism.1.1 One captured centurion’s code would not reveal what theothers are sending (did not happen).1.2 One captured operative would not be a problem (did nothappen until late 1970s).1.3 Internet transmissions could be considered safe. (We doconsider them as safe as can be.)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionPublic Key Encryption1. The problems with private key encryption would beresolved if the decoding mechanism could not be (easily)obtained from the encoding mechanism.1.1 One captured centurion’s code would not reveal what theothers are sending (did not happen).1.2 One captured operative would not be a problem (did nothappen until late 1970s).1.3 Internet transmissions could be considered safe. (We doconsider them as safe as can be.)2. But how do you get something like that?logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionPublic Key Encryption1. The problems with private key encryption would beresolved if the decoding mechanism could not be (easily)obtained from the encoding mechanism.1.1 One captured centurion’s code would not reveal what theothers are sending (did not happen).1.2 One captured operative would not be a problem (did nothappen until late 1970s).1.3 Internet transmissions could be considered safe. (We doconsider them as safe as can be.)2. But how do you get something like that?3. Make breaking the code depend on being able to solve ahard problem, like the factorization of a large number.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m). But then A := { [xy] m : y = 1,...,m − 1 }has m − 1 distinct elementslogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m). But then A := { [xy] m : y = 1,...,m − 1 }has m − 1 distinct elements and [0] m is not one of them.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m). But then A := { [xy] m : y = 1,...,m − 1 }has m − 1 distinct elements and [0] m is not one of them. Thereare exactly m − 1 equivalence classes modulo m that are not[0] m .logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m). But then A := { [xy] m : y = 1,...,m − 1 }has m − 1 distinct elements and [0] m is not one of them. Thereare exactly m − 1 equivalence classes modulo m that are not[0] m . So A = { [z] m : z = 1,...,m − 1 }logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m). But then A := { [xy] m : y = 1,...,m − 1 }has m − 1 distinct elements and [0] m is not one of them. Thereare exactly m − 1 equivalence classes modulo m that are not[0] m . So A = { [z] m : z = 1,...,m − 1 } and [1] m ∈ A.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m). But then A := { [xy] m : y = 1,...,m − 1 }has m − 1 distinct elements and [0] m is not one of them. Thereare exactly m − 1 equivalence classes modulo m that are not[0] m . So A = { [z] m : z = 1,...,m − 1 } and [1] m ∈ A. Hence thereis a y ∈ {1,...,m − 1} so that [x] m · [y] m = [1] mlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m). But then A := { [xy] m : y = 1,...,m − 1 }has m − 1 distinct elements and [0] m is not one of them. Thereare exactly m − 1 equivalence classes modulo m that are not[0] m . So A = { [z] m : z = 1,...,m − 1 } and [1] m ∈ A. Hence thereis a y ∈ {1,...,m − 1} so that [x] m · [y] m = [1] m , that is, so thatxy ≡ 1 (mod m).Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionProposition. Let x,m ∈ N have no common factors. Then for allc ∈ N that are not divisible by m, we have that cx ≢ 0 (mod m).Moreover, there is a y ∈ N so that xy ≡ 1 (mod m).Proof. Let b ∈ N be so that bx ≡ 0 (mod m). Then m|bx.Because x and m do not have any common factors, m|b. Hence,if c is not divisible by m, then cx ≢ 0 (mod m).Now consider {xy : y = 1,...,m − 1}. For any two distincty 1 ,y 2 ∈ {1,...,m − 1} with y 1 < y 2 we have that m ∤ (y 2 − y 1 ).Hence, x(y 2 − y 1 ) ≢ 0 (mod m), which means thatxy 1 ≢ xy 2 (mod m). But then A := { [xy] m : y = 1,...,m − 1 }has m − 1 distinct elements and [0] m is not one of them. Thereare exactly m − 1 equivalence classes modulo m that are not[0] m . So A = { [z] m : z = 1,...,m − 1 } and [1] m ∈ A. Hence thereis a y ∈ {1,...,m − 1} so that [x] m · [y] m = [1] m , that is, so thatxy ≡ 1 (mod m).Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof.Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N.Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) pBernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p p ( p= ∑ ak)k 1 p−kk=0Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =p ( p∑ k)k=0a k 1 p−k = 1 + a p +p−1∑k=1( pk)a kBernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =p ( p∑ k)k=0≡ 1 + a p (mod p)a k 1 p−k = 1 + a p +p−1∑k=1( pk)a kBernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =p ( p∑ ak)k 1 p−k = 1 + a p p−1+ ∑k=0k=1≡ 1 + a p (mod p) ≡ 1 + a (mod p)( pk)a kBernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =Now let a ∈ N be so that p ∤ a.p ( p∑ ak)k 1 p−k = 1 + a p p−1+ ∑k=0k=1≡ 1 + a p (mod p) ≡ 1 + a (mod p)( pk)a kBernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =p ( p∑ ak)k 1 p−k = 1 + a p p−1+ ∑k=0k=1≡ 1 + a p (mod p) ≡ 1 + a (mod p)Now let a ∈ N be so that p ∤ a. There is a b ∈ N withab ≡ 1 (mod p).( pk)a kBernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =p ( p∑ ak)k 1 p−k = 1 + a p p−1+ ∑k=0k=1≡ 1 + a p (mod p) ≡ 1 + a (mod p)Now let a ∈ N be so that p ∤ a. There is a b ∈ N withab ≡ 1 (mod p). Hence a p ≡ a (mod p)( pk)a kBernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =p ( p∑ ak)k 1 p−k = 1 + a p p−1+ ∑k=0k=1≡ 1 + a p (mod p) ≡ 1 + a (mod p)Now let a ∈ N be so that p ∤ a. There is a b ∈ N withab ≡ 1 (mod p). Hence a p ≡ a (mod p) impliesa p b ≡ ab (mod p)Bernd SchröderPublic Key (RSA) Encryption( pk)a klogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =p ( p∑ ak)k 1 p−k = 1 + a p p−1+ ∑k=0k=1≡ 1 + a p (mod p) ≡ 1 + a (mod p)Now let a ∈ N be so that p ∤ a. There is a b ∈ N withab ≡ 1 (mod p). Hence a p ≡ a (mod p) impliesa p b ≡ ab (mod p), which implies a p−1 ≡ 1 (mod p).Bernd SchröderPublic Key (RSA) Encryption( pk)a klogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionTheorem. Fermat’s Little Theorem. Let p be a prime number.Then for every a ∈ N we have that a p ≡ a (mod p). Moreover,for every a ∈ N that is not divisible by p we have thata p−1 ≡ 1 (mod p).Proof. Let a ∈ N. We prove a p ≡ a (mod p) by induction on a.Base step a = 1: obvious.Induction step.(a + 1) p =p ( p∑ ak)k 1 p−k = 1 + a p p−1+ ∑k=0k=1≡ 1 + a p (mod p) ≡ 1 + a (mod p)Now let a ∈ N be so that p ∤ a. There is a b ∈ N withab ≡ 1 (mod p). Hence a p ≡ a (mod p) impliesa p b ≡ ab (mod p), which implies a p−1 ≡ 1 (mod p).Bernd SchröderPublic Key (RSA) Encryption( pk)a klogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionRSA Encryptionlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-126logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numberslogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numbers3. n := pq (must be hard to factor, so large, proprietary primenumbers are used)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numbers3. n := pq (must be hard to factor, so large, proprietary primenumbers are used)4. ϕ(n) := (p − 1)(q − 1)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numbers3. n := pq (must be hard to factor, so large, proprietary primenumbers are used)4. ϕ(n) := (p − 1)(q − 1)5. e ∈ { 2,...,ϕ(n) − 1 } must be so that ( e,ϕ(n) ) = 1logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numbers3. n := pq (must be hard to factor, so large, proprietary primenumbers are used)4. ϕ(n) := (p − 1)(q − 1)5. e ∈ { 2,...,ϕ(n) − 1 } must be so that ( e,ϕ(n) ) = 1 (thereis an efficient algorithm to check e)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numbers3. n := pq (must be hard to factor, so large, proprietary primenumbers are used)4. ϕ(n) := (p − 1)(q − 1)5. e ∈ { 2,...,ϕ(n) − 1 } must be so that ( e,ϕ(n) ) = 1 (thereis an efficient algorithm to check e)6. d is so that de ≡ 1 ( mod ϕ(n) ) ,logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numbers3. n := pq (must be hard to factor, so large, proprietary primenumbers are used)4. ϕ(n) := (p − 1)(q − 1)5. e ∈ { 2,...,ϕ(n) − 1 } must be so that ( e,ϕ(n) ) = 1 (thereis an efficient algorithm to check e)6. d is so that de ≡ 1 ( mod ϕ(n) ) , (there is an efficientalgorithm to find d)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numbers3. n := pq (must be hard to factor, so large, proprietary primenumbers are used)4. ϕ(n) := (p − 1)(q − 1)5. e ∈ { 2,...,ϕ(n) − 1 } must be so that ( e,ϕ(n) ) = 1 (thereis an efficient algorithm to check e)6. d is so that de ≡ 1 ( mod ϕ(n) ) , (there is an efficientalgorithm to find d)7. (n,e) is the public key (disseminated)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionRSA Encryption1. R. Rivest, A. Shamir, L. Adleman, (1978) A Method forObtaining Digital Signatures and Public-KeyCryptosystems, Communications of the ACM 21, 120-1262. p, q: fixed, distinct prime numbers3. n := pq (must be hard to factor, so large, proprietary primenumbers are used)4. ϕ(n) := (p − 1)(q − 1)5. e ∈ { 2,...,ϕ(n) − 1 } must be so that ( e,ϕ(n) ) = 1 (thereis an efficient algorithm to check e)6. d is so that de ≡ 1 ( mod ϕ(n) ) , (there is an efficientalgorithm to find d)7. (n,e) is the public key (disseminated)8. d is the private key (kept secret)Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionSending Messageslogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers). Group letters in blocks and encodethem with numbers.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers). Group letters in blocks and encodethem with numbers. Make sure a cryptoquote styleapproach is unlikely to break the code.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers). Group letters in blocks and encodethem with numbers. Make sure a cryptoquote styleapproach is unlikely to break the code.2. Encrypted message: c :≡ m e (mod n) (use the positiverepresentative smaller than n for convenience).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers). Group letters in blocks and encodethem with numbers. Make sure a cryptoquote styleapproach is unlikely to break the code.2. Encrypted message: c :≡ m e (mod n) (use the positiverepresentative smaller than n for convenience).3. Decrypted message: Representative of [ c d] that is inn{0,...,n − 1}.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers). Group letters in blocks and encodethem with numbers. Make sure a cryptoquote styleapproach is unlikely to break the code.2. Encrypted message: c :≡ m e (mod n) (use the positiverepresentative smaller than n for convenience).3. Decrypted message: Representative of [ c d] that is inn{0,...,n − 1}.Why does this work?logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers). Group letters in blocks and encodethem with numbers. Make sure a cryptoquote styleapproach is unlikely to break the code.2. Encrypted message: c :≡ m e (mod n) (use the positiverepresentative smaller than n for convenience).3. Decrypted message: Representative of [ c d] that is inn{0,...,n − 1}.Why does this work?Theorem.Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers). Group letters in blocks and encodethem with numbers. Make sure a cryptoquote styleapproach is unlikely to break the code.2. Encrypted message: c :≡ m e (mod n) (use the positiverepresentative smaller than n for convenience).3. Decrypted message: Representative of [ c d] that is inn{0,...,n − 1}.Why does this work?Theorem. RSA encryption.Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionSending Messages1. The message is a large number m smaller than n (or astring of numbers). Group letters in blocks and encodethem with numbers. Make sure a cryptoquote styleapproach is unlikely to break the code.2. Encrypted message: c :≡ m e (mod n) (use the positiverepresentative smaller than n for convenience).3. Decrypted message: Representative of [ c d] that is inn{0,...,n − 1}.Why does this work?Theorem. RSA encryption. With notation as above, ifc ≡ m e (mod n), then c d ≡ m (mod n).Bernd SchröderPublic Key (RSA) Encryptionlogo1Louisiana Tech University, College of Engineering and Science

Overview Needed Theorems RSA EncryptionProof.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c dlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) dlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) .logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtainlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c dlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m edlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x mlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenc dlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenc d ≡ m edlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenc d ≡ m ed ≡ 0 edlogo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenc d ≡ m ed ≡ 0 ed ≡logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenc d ≡ m ed ≡ 0 ed ≡ 0 ≡logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenc d ≡ m ed ≡ 0 ed ≡ 0 ≡ m (mod p).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenc d ≡ m ed ≡ 0 ed ≡ 0 ≡ m (mod p).Similarly, we prove that c d ≡ m (mod q), which impliesc d ≡ m (mod n).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionProof. c d ≡ (m e ) d ≡ m ed (mod n).Now, de ≡ 1 ( mod (p − 1)(q − 1) ) , so de ≡ 1 ( mod p − 1 ) andde ≡ 1 ( mod q − 1 ) . That is, there are x and y so thated = 1 + x(p − 1) = 1 + y(q − 1).Case 1: p ∤ m. By Fermat’s Little Theorem, used in the last step,we obtain c d ≡ m ed = m 1+x(p−1) = ( m p−1) x m ≡ m (mod p).Case 2: p|m. If m is a multiple of p, thenc d ≡ m ed ≡ 0 ed ≡ 0 ≡ m (mod p).Similarly, we prove that c d ≡ m (mod q), which impliesc d ≡ m (mod n).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).3. ϕ(n) can be generated from p and q.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).3. ϕ(n) can be generated from p and q.4. p and q can in principle be obtained from n.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).3. ϕ(n) can be generated from p and q.4. p and q can in principle be obtained from n. But that’s thekey to safety.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).3. ϕ(n) can be generated from p and q.4. p and q can in principle be obtained from n. But that’s thekey to safety. Factoring large numbers is hard.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).3. ϕ(n) can be generated from p and q.4. p and q can in principle be obtained from n. But that’s thekey to safety. Factoring large numbers is hard.5. There might be fast factorization algorithms (that wouldwin a Clay Millennium Prize).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).3. ϕ(n) can be generated from p and q.4. p and q can in principle be obtained from n. But that’s thekey to safety. Factoring large numbers is hard.5. There might be fast factorization algorithms (that wouldwin a Clay Millennium Prize).6. Quantum computers could do it (but we can’t build themyet).logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).3. ϕ(n) can be generated from p and q.4. p and q can in principle be obtained from n. But that’s thekey to safety. Factoring large numbers is hard.5. There might be fast factorization algorithms (that wouldwin a Clay Millennium Prize).6. Quantum computers could do it (but we can’t build themyet).7. So for the time being, public key encryption is safe.logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption

Overview Needed Theorems RSA EncryptionWhy Is It Safe?1. To break the code, an attacker would need d.2. d can be generated from e and ϕ(n).3. ϕ(n) can be generated from p and q.4. p and q can in principle be obtained from n. But that’s thekey to safety. Factoring large numbers is hard.5. There might be fast factorization algorithms (that wouldwin a Clay Millennium Prize).6. Quantum computers could do it (but we can’t build themyet).7. So for the time being, public key encryption is safe. (In myopinion, it will be a while.)logo1Bernd SchröderLouisiana Tech University, College of Engineering and SciencePublic Key (RSA) Encryption