Evgeny Milanov 3 June 2009

In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau of Standards (NBS) algorithm. Most importantly, RSA implements a public-key cryptosystem, as well as digital signatures. RSA is motivated by the published works of Diﬃe and Hellman from several years before, who described the idea of such an algorithm, but never truly developed it. Introduced at the time when the era of electronic email was expected to soon arise, RSA implemented two important ideas: 1. Public-key encryption. This idea omits the need for a “courier” to deliver keys to recipients over another secure channel before transmitting the originally-intended message. In RSA, encryption keys are public, while the decryption keys are not, so only the person with the correct decryption key can decipher an encrypted message. Everyone has their own encryption and decryption keys. The keys must be made in such a way that the decryption key may not be easily deduced from the public encryption key. 2. Digital signatures. The receiver may need to verify that a transmitted message actually originated from the sender (signature), and didn’t just come from there (authentication). This is done using the sender’s decryption key, and the signature can later be veriﬁed by anyone, using the corresponding public encryption key. Signatures therefore cannot be forged. Also, no signer can later deny having signed the message. This is not only useful for electronic mail, but for other electronic transactions and transmissions, such as fund transfers. The security of the RSA algorithm has so far been validated, since no known attempts to break it have yet been successful, mostly due to the diﬃculty of factoring large numbers n = pq, where p and q are large prime numbers.

1

Public-key cryptosystems.

Each user has their own encryption and decryption procedures, E and D, with the former in the public ﬁle and the latter kept secret. These procedures are related to the keys, which, in RSA speciﬁcally, are sets of two special numbers. We of course start out with the message itself, symbolized by M , which is to be “encrypted”. There are four procedures that are speciﬁc and essential to a public-key cryptosystem:

a) Deciphering an enciphered message gives you the original message, speciﬁcally

D(E(M )) = M .

(1)

b) Reversing the procedures still returns M:

E(D(M )) = M . c) E and D are easy to compute.

(2)

d) The publicity of E does not compromise the secrecy of D, meaning you cannot easily ﬁgure out D from E. With a given E, we are still not given an eﬃcient way of computing D. If C = E(M ) is the ciphertext, then trying to ﬁgure out D by trying to satisfy an M in E(M ) = C is unreasonably diﬃcult: the number of messages to test would be impractically large. An E that satisﬁes (a), (c), and (d) is called a “trap-door one-way function” and is also a “trap-door one-way permutation”. It is a trap door because since it’s inverse D is easy to compute if certain “trapdoor” information is available, but otherwise hard. It is one-way because it is easy to compute in one direction, but hard in the other. It is a permutation because it satisﬁes (b), meaning every ciphertext is a potential message, and every message is a ciphertext of some other message. Statement (b) is in fact just needed to provide “signatures”. Now we turn to speciﬁc keys, and imagine users A and B (Alice and Bob) on a two-user public-key cryptosystem, with their keys: EA , EB , DA , DB .

2

Privacy.

Encryption, which is now a ubiquitous way of assuring a message is delivered privately, makes it so no intruder can bypass the ciphertext, which is essentially white noise. Without property (d), however, an encryption process is still not public-key, such as the NBS standard. It requires keys to be delivered privately through another secure “courier”,...