RSA

Mar 01, 2025 permanent    Cryptography  ComputerSecurity

RSA is a public-key encryption system based on the idea that two prime numbers are computationally easy to multiply together but very difficult to factor back into the original primes. Named after its three creators from MIT: Ronald Rivest, Adi Shamir, and Leonard Adleman.

In RSA and other public-key systems, there is a public key, which can encrypt messages and is freely available, and a private key, which can decrypt messages and is kept secret. We can use the keys to encrypt messages (using the recipient's public key so only they can decrypt) and digital signatures (using the sender's private key to prove authenticity).

However, RSA is a slow algorithm typically not used for directly encrypting user data; more often, it's used for transmitting shared keys for symmetric key cryptography (like AES), which is much faster for bulk encryption.

Algorithm

To create a private and public key, we use the following steps:

  1. Select two large prime numbers, pp and qq. (In practice, each should be hundreds or thousands of bits long—commonly 2048 bits or more—to ensure security.)
  2. Calculate N=p×qN = p \times q (the modulus).
  3. Calculate Euler's Totient Function: ϕ(N)=(p1)(q1)\phi(N) = (p-1)(q-1)
  4. Choose a public key ee that is relatively prime to ϕ(N)\phi(N). Two numbers are relatively prime when their greatest common divisor (GCD) is 1. (A common choice is e=65537e = 65537, a Fermat Prime. It has only two 1’s in its binary representation, greatly reducing exponentiation time.)
  5. Compute the private key dd where: (d×e)modϕ(N)=1(d \times e) \mod \phi(N) = 1

NN and ee are public key components, represented as (N,e)(N, e).

pp, qq, and dd are the private key components, although pp and qq are typically discarded, and it's represented as (N,d)(N, d).

Encryption and Decryption

Given ee and NN, we can encrypt messages: c=memodNc = m^e \mod N. Given dd, we can decrypt messages: m=cdmodNm = c^d \mod N.

Example

For a simple example (using small numbers for clarity):

  • Choose primes p=61p = 61 and q=53q = 53
  • Calculate N=61×53=3233N = 61 \times 53 = 3233
  • Calculate ϕ(N)=(611)×(531)=60×52=3120\phi(N) = (61-1) \times (53-1) = 60 \times 52 = 3120
  • Choose e=17e = 17 (relatively prime to 3120)
  • Calculate d=2753d = 2753 (since 17×2753mod3120=117 \times 2753 \mod 3120 = 1)

Public key: (N=3233,e=17)(N=3233, e=17)

Private key: (N=3233,d=2753)(N=3233, d=2753)

To encrypt message m=123m = 123: c=12317mod3233=855c = 123^{17} \mod 3233 = 855 To decrypt ciphertext c=855c = 855: m=8552753mod3233=123m = 855^{2753} \mod 3233 = 123

Security Considerations

  • If the value of NN is not large enough, an attacker could factorise it, effectively allowing them to solve for dd.
  • Modern RSA implementations use secure padding schemes (like PKCS#1 OAEP) to protect against various attacks, including chosen-ciphertext attacks.
  • Key sizes of at least 2048 bits are recommended for security through 2030.
  • Side-channel attacks can leak information about private keys during implementation, requiring additional countermeasures.

RSA's security relies on the computational difficulty of the factoring problem, but quantum computers running Shor's algorithm could break RSA encryption, driving research into post-quantum cryptography alternatives.