Main Site Discussion > Posts

The math behind the RSA encryption algorithm

(1/1)

**Dakusan**:

Original post for The math behind the RSA encryption algorithm can be found at https://www.castledragmire.com/Posts/The_math_behind_the_RSA_encryption_algorithm.

Originally posted on: 01/19/20

.RSAMath a { text-decoration:none; }.RSAMath pre { margin:0; }.RSAMath .VarNames tr>* { border:1px solid black; }.RSAMath b { color:red; }I’ve always thought that the RSA and Diffie–Hellman public key encryption algorithm systems are beautiful in their complex simplicity. While there are countless articles out there explaining how to implement them, I have never really found one that I think describes the math behind then in a simple way, so I thought I’d give a crack at it.Both algorithms are derived from 3 math axioms:

* This is called Modular exponentiation (hereby referred to as modexp). In the following, x is a prime numbers and p is an integer less than x.

* p^(x ) mod x = p (e.x. 12^(17 ) mod 17 = 12)

* p^(x-1) mod x = 1 (e.x. 12^(17-1) mod 17 = 1 )

* A further derivation from the above formulas shows that we can combine primes and they work in the same manner. In the following, x and y are prime numbers and p is an integer less than x*y.

* p^((x-1)*(y-1) ) mod (x*y) = 1 (e.x. 12^((13-1)*(17-1) ) mod (13*17) = 1 )Note: This formula is not used in RSA but it helps demonstrate how the formulas from part 1 becomes formula 2b.

Due to how modexp works with primes, values of p that are multiples of x or y do not work with 2a.

* p^((x-1)*(y-1)+1) mod (x*y) = p (e.x. 12^((13-1)*(17-1)+1) mod (13*17) = 12)

* The final axiom is how modexp can be split apart the same way as in algebra where (x^a)^b === x^(a*b). For any integers p, x, y, and m:(p^(x*y) mod m) === ((p^x mod m)^y mod m)With these 3 axioms we have everything we need to explain how RSA works. To execute an RSA exchange, encrypted from Bob and decrypted by Alice, the following things are needed.

The variableVariable nameWho has itWho uses itDescriptionPrime Numbers 1 and 2Prime1, Prime2AliceAliceAlice will use these to derive variables PubKey, PrivKey, and Modulo. In our examples we use small numbers, but in reality, very large primes will be used, generally of at least 256 bit size.Public keyPubKeyAlice, BobBobAlice sends this to Bob so he can encrypt data to her. Bob uses it as an exponent in a modexp.Private keyPrivKeyAliceAliceAlice uses this to decrypt what Bob sends her. Alice uses it as an exponent in a modexp.ModuloModuloBob, AliceBob, AliceAlice sends this to Bob. They both use it as a modulo in a modexpPayload DataPayloadThe data bob starts with and turns into EncryptedPayload. Alice derives Payload back from EncryptedPayload

Now, let’s start with axiom 2b:Payload^((Prime1-1)*(Prime2-1)+1) mod (Prime1*Prime2) = Payload

Let’s change this up so the exponent is just 2 multiplications so we can use axiom 3 on it. We need to find 2 integers to become PubKey and PrivKey such that:PubKey*PrivKey=(Prime1-1)*(Prime2-1)+1

And Modulo is Prime1*Prime2.

So we now have:Payload^(PubKey*PrivKey) mod Modulo = Payload

Now, using axiom 3, we can turn it into this:(Payload^PubKey mod Modulo)^PrivKey mod Modulo = Payload

Now, we can split this up into:

Bob calculates and sends to Alice: Payload^PubKey mod Modulo=EncryptedPayload

Alice uses the received EncryptedPayload and performs: EncryptedPayload^PrivKey mod Modulo = Payload

And the process is complete!

However, there is 1 caveat that I didn’t cover which makes the encryption that what we currently have weak. The calculation of PubKey and PrivKey from Prime1 and Prime2 needs to follow some rather specific complex rules to make the keys strong. Without this, an attacker may be able to figure out Prime1 and Prime2 from the Modulo and PubKey, and could then easily derive PrivKey from it. I generally see the PubKey as 65535, or another power of 2 minus 1.

Navigation

[0] Message Index

Go to full version