1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong

1

The RSA Algorithm

Supplementary Notes

Prepared by Raymond WongPresented by Raymond Wong

2

e.g.1 (Page 3)

Consider f3(x) = x.73

f3(1) = 1.73 = 3

f3(2) = 2.73 = 6

f3(3) = 3.73 = 2

Consider each non-zero x in Z7 {0, 1, 2, 3, 4, 5, 6}

f3(4) = 4.73 = 5

f3(5) = 5.73 = 1

f3(6) = 6.73 = 4

x=1

x=2

x=3

x=4

x=5

x=6

1

2

3

4

5

6

3

6

2

5

1

4

A permutation of {1, 2, 3, 4,

5, 6}

Why?

This is because 7 is a primenumber.

S T

123456

123456

3

e.g.1

Illustration of Lemma 2.20Lemma 2.20: 7 is a prime number. Consider a value 3 which is in Z7. the function f3(x) = x.

73 is 1-to-1. In particular, f3(1), f3(2), f3(3), f3(4), f3(5), f3(6) (or 1.

73, 2.73, 3.

73, 4.73, 5.

73, 6.73)

are a permutation of the set {1, 2, 3, …., 6}.

Why is it correct?

S T

123456

123456

4

Lemma 2.20: 7 is a prime number. Consider a value 3 which is in Z7. the function f3(x) = x.


73, 2.73, 3.

73, 4.73, 5.

73, 6.73)


We prove by contradiction.Suppose that f3(x) is not 1-to-1.

That is, there exist two integers x, y such that x yand f3(x) = f3(y)

S T

x

y

…

v

…

…

…

Since 7 is a prime number, by Corollary 2.17, we know that 3 has a multiplicative inverse in Z7 (denoted by 3-1) (i.e., 3.

73-1 = 1)

Consider x = x.

71 = x.

7(3.73-

1) = (x.73).

73-1

= f3(x).73-1

= f3(y).73-1

=(y.73).

73-1

=y.7(3.

73-

1)=y.71

=y

Thus, we have x = yThis leads to acontradiction!

5

e.g.2 (Page 5)

Private-key cryptosystems

S T

123456

123456

x Encryption Decryptionyy x

f3(x) = x.73

key Encryption function

a=3

fa(x)

e.g. 4 e.g. 5

key Decryption function

a=3

f-1a(x)

e.g. 5 e.g. 4

Suppose that the encryption and decryption functions are known to the public.

But the key is kept privately. Then, we can ensure that the encryption/decryption is secure.

6

e.g.2

Private-key cryptosystems

S T

123456

123456


f3(x) = x.73

key Encryption function

a=3

fa(x)

e.g. 4 e.g. 5

key Decryption function

a=3

f-1a(x)

e.g. 5 e.g. 4

I know that f3(x) is one-to-one.

Given x, we can compute y = f3(x) efficiently.

Since function f3(x) is a one-to-onefunction, f3(x) must have an inverse f-1

3(x).

However, knowing that the inverse f-13(x) exists does not

help in finding x (given y).

Thus, given y, it might be hard to calculate (at the attacker side).

Suppose that I am the attacker.

However, knowing y does not provideenough information to recover x efficiently.Thus, we say that f3(x) is a one-way function.

7

e.g.2

Public-key cryptosystems


Public key Encryption function

Secretkey Decryption function

Suppose that the encryption and decryption functions are known to the public.

But the secret-key is kept privately. Then, we should ensure that the encryption/decryption is secure.

Suppose that the public key is known to the public.

This secret key has some relationships with the public key.

How can we ensurethis statement?

If we can ensure the following, we are confident to say that the encryption/decryption is secure. Given (1) the encryption function, (2) the decryption function and (3) the public key, it is difficult to derive the secret-key (at the attacker side) (i.e., it is not efficient to derive the secret-key).In this lecture, we will illustrate this concept forThe public-key cryptosystem.

8

e.g.3 (Page 8)

E.g.,

If 7 Z11, then

75 mod 11 = 7.117.

117.117.

117

Lemma 2.3:(a.b) mod 11 = ((a mod 11) . (b mod 11)) mod 11 = ((a mod 11) . b) mod 11

Note that 73 mod 11

= (7.7.7) mod 11= ((7.7).7) mod 11

= ([(7.7) mod 11].7) mod 11

= ((7.117) .7) mod 11

= (7.117) .

117

= 7.117 .

117

9

e.g.4 (Page 10)

Illustration of Lemma 2.19Lemma 2.19:

(32 mod 7) .7 (34 mod 7) = 32+4 mod 7

(34 mod 7)2 = 34x2 mod 7

32.34 = 32+4

(34)2 = 34x2

10

e.g.5 (Page 12) If a = 3,

please find the following a0 mod 7 a1 mod 7 a2 mod 7 a3 mod 7 a4 mod 7 a5 mod 7 a6 mod 7 a7 mod 7 a8 mod 7 a9 mod 7 a10 mod 7 a11 mod 7 a12 mod 7

1

3

26451

3

26451

The pattern re-appear for every group of 6 elements

11

e.g.6 (Page 12) If a = 5,

please find the following a0 mod 7 a1 mod 7 a2 mod 7 a3 mod 7 a4 mod 7 a5 mod 7 a6 mod 7 a7 mod 7 a8 mod 7 a9 mod 7 a10 mod 7 a11 mod 7 a12 mod 7

1

5

46231

5

46231

The pattern re-appear for every group of 6 elements

We observe that a6 mod 7 = 1

or a7-1 mod 7 = 1

12

e.g.7 (Page 13)

Illustration of Theorem 2.21Theorem 2.21 (Fermat’s Little Theorem):7 is a prime number. Then, for any non-zero a Z7, a7-1 mod 7 = 1

Why is it correct?

13

e.g.7

Theorem 2.21 (Fermat’s Little Theorem):7 is a prime number. Then, for any non-zero a Z7, a7-1 mod 7 = 1

Lemma 2.20: 7 is a prime number. Consider a value 3 which is in Z7. the function f3(x) = x.


73, 2.73, 3.

73, 4.73, 5.

73, 6.73)


Consider Lemma 2.20

We know that 1.73, 2.

73, 3.73, 4.

73, 5.73, 6.

73(we call Group A)are a permutation of 1, 2, 3, 4, 5, 6(we call Group B).

S T

123456

123456

Thus, we have the product of all numbers in Group A= the product of all numbers in Group B

(1.73) .

7 (2.73) .

7 (3.73) .

7 (4.73) .

7 (5.73) .

7 (6.73) = 1 .

7 2 .7 3 .

7 4 .7 5 .

7 6

the product of all numbers in Group A (mod 7) = the product of all numbers in Group B (mod 7)

Illustrate with a = 3.

14

e.g.7


Consider Lemma 2.20

We know that 1.73, 2.

73, 3.73, 4.

73, 5.73, 6.

73(we call Group A)are a permutation of 1, 2, 3, 4, 5, 6(we call Group B).

S T

123456

123456

Thus, we have the product of all numbers in Group A= the product of all numbers in Group B

(1.73) .

7 (2.73) .

7 (3.73) .

7 (4.73) .

7 (5.73) .

7 (6.73) = 1 .

7 2 .7 3 .

7 4 .7 5 .

7 6

the product of all numbers in Group A (mod 7) = the product of all numbers in Group B (mod 7)

1 .73 .

7 2 .73 .

7 3 .73 .

7 4 .73 .

7 5 .73 .

7 6 .73 = 1 .

7 2 .7 3 .

7 4 .7 5

.7 61 .

72 .7 3 .

74 .7 5 .

76 .7 3 .

73 .7 3 .

73 .7 3 .

73 = 1 .7 2 .

7 3 .7 4 .

7 5 .7 6(1 .72 .

7 3 .74 .

7 5 .76) .

7 (3 .73 .

7 3 .73 .

7 3 .73) = 1 .

7 2 .7 3 .

7 4 .7

5 .7 6

Let x = 1 .72 .

7 3 .74 .

7 5 .76

We have x .7 (37-1 mod 7) =

x

(1 .72 .

7 3 .74 .

7 5 .76) .

7 (37-1 mod 7) = 1 .7 2 .

7 3 .7 4 .

7 5 .7 6

Since 7 is a prime number, x has a multiplicative inverse x-1 in Z7.

Consider x .7 (37-1 mod 7) =

x x-1 .7 x .

7 (37-1 mod 7) = x-1 .7 x

(x-1 .7 x) .

7 (37-1 mod 7) = x-1 .7

x 37-1 mod 7 = 1

Illustrate with a = 3.

15

e.g.8 (Page 14)

Illustration of Corollary 2.22


Corollary 2.22 (Fermat’s Little Theorem, Version 2):7 is a prime number. Then, for any positive integer a thatis not a multiple of 7, a7-1 mod 7 = 1

Why is it correct?Consider a7-1 mod 7

= (a . a . a . a . a . a) mod 7

= [(a mod 7) . (a mod 7) . (a mod 7) . (a mod 7) . (a mod 7) . (a mod 7)] mod 7

= (a mod 7)7-1 mod 7

If (a mod 7) is non-zero in Z7,

we have (a mod 7)7-1 mod 7 = 1i.e., a7-1 mod 7 = 1

a is not a multiple of 7.

Note that (a mod 7) Z7

16

e.g.9 (Page 15)

Illustration of Corollary 2.X1Corollary 2.X1 (Fermat’s Little Theorem, Version 2):7 is a prime number. Consider a non-negative integer 15.Then, for any positive integer a that is not a multiple of 7, a15 mod 7 = a15 mod (7-1) mod 7

e.g., a15 mod 7 = a15 mod (7-1) mod 7

= a15 mod 6 mod 7

= a3 mod 7 If a = 5, we have

515 mod 7 = 53 mod 7

= 6

Why is it correct?

This proof is skipped.You can prove it byyourself.

17

e.g.10 (Page 19)

1. Choose 2 large prime numbers p and q

2. Set n = pq and T = (p-1)(q-1)

3. Choose e1 so that gcd(e, T) = 1

4. Calculate d = e-1 mod T (i.e., the multiplicative inverse of e in ZT)

5. Publish e, n as public key

6. Keep d as secret key

Choose p = 5 q = 11We can calculate

n = 5.11 = 55T = (5-1)(11-1) = 4.10 = 40

Choose e = 7(Note: gcd(7, 40) = 1)

We can find d = 7-1 mod 40We can use Extended GCD algorithm to find d = 23.

Public key : (e, n) = (7, 55) Secret key : d =

23

Public key : (e, n) = (7, 55)Secret key : d = 23

p, q primen = pqT = (p-1)(q-1)e s.t. gcd(e, T) = 1d = e-1 mod T

18

e.g.11 (Page 20)




(e, n) = (7, 55)

d = 23y = xe mod n x = yd mod

n



12

y = 127 mod 55= 35831808 mod 55 = 23

23

19

e.g.11




(e, n) = (7, 55)


n



12

x = 2323 mod 55

x = 20880467999847912034355032910567 mod 55 = 12

23 23 12

20

e.g.11




(e, n) = (7, 55)


n

Can the encrypted value y be decrypted correctly?

Is the following correct? “(xe mod n)d mod n = x”

Is the following correct? “xed mod n = x”



21

e.g.12 (Page 21)


22

e.g.12


p, q primen = pqT = (p-1)(q-1)e s.t. gcd(e, T) = 1d = e-1 mod TWe want to prove the following

1. Prove that, for all x, x mod p = xed mod p 2. Prove that, for all x, x mod q = xed mod q 3. Prove that, if 0 x < n, x = xed mod n (by (1) and (2))

Consider d = e-1 mod T

We can re-write it as follows.

ed mod T = 1We can further re-write it as follows.

ed = Tk + 1 where k is an integerConsider xed mod p= xTk+1 mod p

= xTkx mod p= x(p-1)(q-1)kx mod p= (x(q-1)k)p-1x mod p

= [((x(q-1)k)p-1 mod p) . (x mod p)] mod p

Corollary 2.22 (Fermat’s Little Theorem, Version 2):p is a prime number. Then, for any positive integer a thatis not a multiple of p,

ap-1 mod p = 1

We consider two cases.

(a) x(q-1)k is not a multiple of p

(b) x(q-1)k is a multiple of p

23

e.g.12




Consider xed mod p

= [((x(q-1)k)p-1 mod p) . (x mod p)] mod p

We consider two cases.




ap-1 mod p = 1

24

e.g.12




Consider xed mod p= [((x(q-1)k)p-1 mod p) . (x mod p)] mod p We consider two cases.




ap-1 mod p = 1

= [1 . (x mod p)] mod p

= (x mod p) mod p

= x mod p

25

e.g.12




Consider xed mod p= [((x(q-1)k)p-1 mod p) . (x mod p)] mod p We consider two cases.



We deduce that x(q-1)k mod p = 0

= [((x(q-1)k mod p)p-1 mod p) . (x mod p)] mod p

= [((0)p-1 mod p) . (x mod p)] mod p

= [0 . (x mod p)] mod p

= 0

We know that x(q-1)k is a multiple of p.Since p is prime, x is also a multiple of p.

e.g. x1000 is a multiple of 7Since 7 is prime, x is also a multiple of 7.It can be shown by proof

by contradiction.

Since x is also a multiple of p, we have x mod p = 0 Thus, x mod p = xed mod p

26

e.g.12




The second proof is similar to the first proof.

27

e.g.12




Before we prove this statement, we want to give some properties of prime numbers.

If p and q are both prime numbers and both divides z,then pq divides z. e.g., p = 3, q = 11, z = 99

3, 11 both divides 99. We know that 33 (=pq) also divides 99.

If p and q are not prime numbers and both divides z,then pq may not divide z.

e.g., p = 6, q = 15, z = 606, 15 both divides 60. We know that 90 (=pq) does not divide 60.

28

e.g.12




If p and q are both prime numbers and both divides z,then pq divides z.

From (1), we know that x mod p = xed mod p

It can be re-written as follows.xed =ip+x where i is an integer.

It can further be re-written as follows.xed – x =ip

From (2), we know that x mod q = xed mod q

It can be re-written as follows.xed =jq+x where j is an integer.

It can further be re-written as follows.xed – x =jq

Let z = xed - xWe have z = ip ………………..(*) Thus, p divides z.

Note that xed – x (which is equal to z)We have z = jq ………………..(**) Thus, q divides z.

Since p and q are both prime numbers andboth divides z, pq divides z.

29

e.g.12




Let z = xed - x

Since p and q are both prime numbers andboth divides z, pq divides z.

30

e.g.12




Let z = xed - xSince p and q are both prime numbers andboth divides z, pq divides z. We can write as follows.

z = pqk where k is an integerz = nk

xed-x = nkxed= nk + x

Since 0 x < n, we can re-write the above as follows. xed mod n = x

31

e.g.13 (Page 31)




(e, n) = (7, 55)


n

Can the encrypted value y be decrypted correctly?

Is the following correct? “(xe mod n)d mod n = x”




Yes

32

e.g.13 (Page 31)




(e, n) = (7, 55)


n

Why is this RSA algorithm secure?



Note that the public key, the encryption function and the decryption functionis known to the public.

If I am the attacker, after reading value y, I want to know the original value x.How can I derive the original value x?

33

e.g.13




(e, n) = (7, 55)


n






First Way for Attack:Since I know that the formula y = xe mod n,

if I have value y, I will try to calculate the e-th root (mod n)

i.e., (xe mod n)1/e mod n

Slow Operation!

34

e.g.13




(e, n) = (7, 55)


n






Second Way for Attack:Since I know value n (in thepublic key) and n = pq, I will try to factorize value nto find p and q such that n = pq.

With p and q, I can derive d easily. With d, I can decrypt y by the decryption function.

Factorization is a Slow Operation!

Nobody know how to factor a number quickly!

35

e.g.14 (Page 38)

If we only consider 1 only (not 0 in the base 2/binary representation),

50 is equal to 1.25+1.24+1.21

5010 (in base 10) = 1100102 (in base 2) (e5e4e3e2e1e0)

50 is equal to 1.25+1.24+0.23+0.22+1.21+0.20

36

e.g.15 (Page 39)

Second approach e-1 multiplications

Third approach 2 log2 e multiplications

If e = 10120, thene-1 = 10120

If e = 10120, then2 log2 e = 796

37

e.g.16 (Page 43)S

01234567891011121314

T

(0, 0)(0, 1)(0, 2)(0, 3)(0, 4)(1, 0)(1, 1)(1, 2)(1, 3)(1, 4)(2, 0)(2, 1)(2, 2)(2, 3)

(2, 4)

x (x mod 3, x mod 5)

15 elements

15 elements

38

e.g.17 (Page 44)

Illustration of Theorem 2.24Theorem 2.24: Since 3 and 5 are relatively prime integers, then the equations x mod 3 = 2and x mod 5 = 4have one and only one solution for an integer x between 0 and 3.5-1 (= 14)

These equations have the solution x = 14.

Why is it correct?

39

e.g.17

Theorem 2.24: Since 3 and 5 are relatively prime integers, then the equations x mod 3 = 2and x mod 5 = 4have one and only one solution for an integer x between 0 and 3.5-1 (= 14)

Now, we want to see how to construct a value of y such that (a) this value can be either in [0, 14] or not,(b) this value satisfies the equations “y mod 3 = 2” and “y mod 5 = 4”.

We want to do the following.1. Given the equations “x mod 3 = 2” and “x mod 5 = 4”, there is at least one solution for these two equations.

2. This solution is one and only one.

In the following, we want to construct a value of x such that (a) this value is between 0 and 14.(b) this value satisfies the equations “x mod 3 = 2” and “x mod 5 = 4”.

Since 3 and 5 are relatively prime, we have gcd(3, 5) = 1. 3 has a multiplicative inverse 3-1 in Z5 (i.e., 3.3-1 mod 5= 1)

5 has a multiplicative inverse 5-1 in Z3. (i.e., 5.5-1 mod 3 = 1)

3.3-1 mod 5= 1

5.5-1 mod 3 = 1

40

e.g.17






3.3-1 mod 5= 1

5.5-1 mod 3 = 1

We set y = 2.5.5-1 + 4.3.3-1

This value satisfies the equations. Why? Consider y mod 3 = (2.5.5-1 + 4.3.3-1)

mod 3= [(2.5.5-1 mod 3) + (4.3.3-1 mod 3) ] mod 3= [(2.1 mod 3) + 0 ] mod 3= 2

Ok!

41

e.g.17






3.3-1 mod 5= 1

5.5-1 mod 3 = 1

We set y = 2.5.5-1 + 4.3.3-1

This value satisfies the equations. Why? Consider y mod 5 = (2.5.5-1 + 4.3.3-1)

mod 5= [(2.5.5-1 mod 5) + (4.3.3-1 mod 5) ] mod 5= [0+ (4.1 mod 5) ] mod 5= 4

Ok! Ok!

42

e.g.17






3.3-1 mod 5= 1

5.5-1 mod 3 = 1

We set y = 2.5.5-1 + 4.3.3-1

If we set x = (y mod 15) (NOTE: 15 = 3.5),then x is between 0 and 14and x satisfies the equations “x mod 3 = 2” and “x mod 5 = 4”.

We want to show that x must be between 0 and 14.

43

e.g.17






If we set x = (y mod 15) (NOTE: 15 = 3.5),then x is between 0 and 14and x satisfies the equations “x mod 3 = 2” and “x mod 5 = 4”.

Since y mod 3 = 2,

Now, we know that there is a value of y such that (a) this value can be either in [0, 14] or not,(b) this value satisfies the equations “y mod 3 = 2” and “y mod 5 = 4”.

we can rewrite it as y = 3q1 +2 where q1 is an integer.

Since y mod 5 = 4, we can rewrite it as y = 5q2 +4 where q2 is an integer.

y = 3q1 +2

y = 5q2 +4

44

e.g.17






If we set x = (y mod 15) (NOTE: 15 = 3.5),then x is between 0 and 14and x satisfies the equations “x mod 3 = 2” and “x mod 5 = 4”. Now, we know that there is a value of y such that

(a) this value can be either in [0, 14] or not,(b) this value satisfies the equations “y mod 3 = 2” and “y mod 5 = 4”.

Since x = (y mod 15),we can rewrite it as y = 15q3 +x where q3 is an integer.

y = 3q1 +2

y = 5q2 +4

x = y - 15q3

= (3q1 + 2) - 15q3

= 3q1 + 2 - 15q3

= 3(q1 - 5q3) + 2

We can re-write as follows. x mod 3 = 2

Ok!

45

e.g.17






If we set x = (y mod 15) (NOTE: 15 = 3.5),then x is between 0 and 14and x satisfies the equations “x mod 3 = 2” and “x mod 5 = 4”. Now, we know that there is a value of y such that

(a) this value can be either in [0, 14] or not,(b) this value satisfies the equations “y mod 3 = 2” and “y mod 5 = 4”.

Since x = (y mod 15),we can rewrite it as y = 15q3 +x where q3 is an integer.

y = 3q1 +2

y = 5q2 +4

x = y - 15q3

= (5q2 + 4) - 15q3

= 5q2 + 4 - 15q3

= 5(q2 - 3q3) + 4

We can re-write as follows. x mod 5 = 4

Ok! Ok!

46

e.g.17




Before we go to the proof, we illustrate a concept.

S

012

T

012

Consider a function f(x) from S to T where S and T has the same sizes.

Suppose that, given a single value y, I know how to find the corresponding value x.x y

Suppose that, given any value y, I know how to find the corresponding value x.

This function must be a bijection function.

47

e.g.17




S

012

121314

T

(0, 0)(0, 1)(0, 2)

(2, 2)(2, 3)

(2, 4)

x(x mod 3, x mod 5)

… …

“x mod 3 = 2” and “x mod 5 = 4”

Consider a function f(x) = (x mod 3, x mod 5)

In the first part of the proof, we have already shown thatwe can find the value x fromthe two equations(or this pair (2, 4))

48

e.g.17




S

012

121314

T

(0, 0)(0, 1)(0, 2)

(2, 2)(2, 3)

(2, 4)

x(x mod 3, x mod 5)

… …

“x mod 3 = 2” and “x mod 5 = 4”


Similarly,we can find the value x fromother two equations(or another pair (2, 3))

49

e.g.17




S

012

121314

T

(0, 0)(0, 1)(0, 2)

(2, 2)(2, 3)

(2, 4)

x(x mod 3, x mod 5)

… …

“x mod 3 = 2” and “x mod 5 = 4”


Similarly,we can find the value x fromeach possible two equations(or each pair (2, 3))

50

e.g.17




S

012

121314

T

(0, 0)(0, 1)(0, 2)

(2, 2)(2, 3)

(2, 4)

x(x mod 3, x mod 5)

… …


According to the conceptwe just described,we know that this functionis a bijection function.

Note that S and T have thesame sizes.

We conclude that there is one and only one solution.

51

e.g.18 (Page 47)

E.g., We want to find a solution x in Z66 of the following equations. x mod 6 = 3 x mod 11 = 7

Step 1: (a) Find the multiplicative inverse 6-1 of 6 in Z11

(b) Find the multiplicative inverse 11-1 of 11 in Z6

Step 2: Construct y= 3.11.11-1+ 7.6.6-1

Step 3: Find x = (y mod 66) where 66 is 6.11

We can use the extended GCD algorithm and find the answer 6-

1 is 2

We can use the extended GCD algorithm and find the answer 11-1 is 5

y = 3.11.5 + 7.6.2 = 249

x = 249 mod 66 = 51

52

e.g.19 (Page 48) E.g. We are given the following functions.

f(k) = 2

4

if k = 3

if k = 5

g(k) = 1

0

if k = 3

if k = 5 h(k) = 0

1

if k = 3

if k = 5

Find a single equation to express f(k) in terms of g(k) and h(k).

We can express f(k) = 2.g(k) + 4.h(k)

When k = 3,

f(3) = 2.g(3) + 4.h(3)

= 2.1 + 4.0= 2

Let us verify whether this equation is correct.

When k = 5,

f(5) = 2.g(5) + 4.h(5)

= 2.0 + 4.1= 4

53

e.g.20 (Page 48)

In the proof of Theorem 2.24Theorem 2.24: Since 3 and 5 are relatively prime integers, then the equations x mod 3 = 2and x mod 5 = 4have one and only one solution for an integer x between 0 and 3.5-1 (= 14)

In the proof of Theorem 2.24, we create a value y = 2.5.5-1 + 4.3.3-1

Why are we so smart to create this “magic” formula?

3.3-1 mod 5= 1

5.5-1 mod 3 = 1

54

e.g.20


y = 2.5.5-1 + 4.3.3-1

3.3-1 mod 5= 1

5.5-1 mod 3 = 1

Why are we so smart to create this “magic” formula? Consider the main set of equations.

y mod 3 = 2y mod 5 = 4

Step 1: We want to find a single equation to express y.Similarly, if we have two sets of equations, then we can express y in a singleequation.

mod 3 = 1 mod 5 = 0

mod 3 = 0 mod 5 = 1

where and are integers.

We can write y = 2 + 4

Consider y mod 3 Let us verify whether this equation is correct.

= 2 + 4 mod 3= [(2 mod 3) + (4 mod 3)] mod 3= (2.1 + 4.0) mod 3= 2

Consider y mod 5 = 2 + 4 mod 5= [(2 mod 5) + (4 mod 5)] mod 5= (2.0 + 4.1) mod 5= 4

55

e.g.20


y = 2.5.5-1 + 4.3.3-1

3.3-1 mod 5= 1

5.5-1 mod 3 = 1


y mod 3 = 2y mod 5 = 4


mod 3 = 1 mod 5 = 0

mod 3 = 0 mod 5 = 1



Step 2: We want to find and

Consider mod 3 = 1 mod 5 = 0

is a multiple of 5 (i.e., = 5q where q is an integer.)

We know that = 5q.Thus, 5q mod 3 = 1

q is a multiplicative inverse of 5 in Z3

i.e., q = 5-1

We have = 5q = 5.5-1

= 5.5-1

56

e.g.20


y = 2.5.5-1 + 4.3.3-1

3.3-1 mod 5= 1

5.5-1 mod 3 = 1


y mod 3 = 2y mod 5 = 4


mod 3 = 1 mod 5 = 0

mod 3 = 0 mod 5 = 1




Consider mod 3 = 0 mod 5 = 1

is a multiple of 3 (i.e., = 3q where q is an integer.)

We know that = 3q.Thus, 3q mod 5 = 1

q is a multiplicative inverse of 3 in Z5

i.e., q = 3-1

We have = 3q = 3.3-1

= 5.5-1

= 3.3-1

57

e.g.20


y = 2.5.5-1 + 4.3.3-1

3.3-1 mod 5= 1

5.5-1 mod 3 = 1


y mod 3 = 2y mod 5 = 4


mod 3 = 1 mod 5 = 0

mod 3 = 0 mod 5 = 1




= 5.5-1

= 3.3-1

Note that y = 2 + 4= 2.5.5-1 + 4.3.3-1

Documents

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong