# RSA Demonstration

Import my RSA package into the environment

In [2]:
from RSA import *

### Key Generation
Declare the bit size we want to use

In [2]:
bitSize = 40

Generate a set of RSA keys with appropriate bitsize

In [4]:
RSA_keys = generate_RSA.KeyGen(bitSize, True, True)     # initalise object True sets verbose and demo flag on KeyGen
RSA_keys.generateKeys()                                 # runs generator

Generating  20 bit prime... 
10 rounds of Miller-Rabin needed (according to FISC)
Trial-Division prime list generated, size:  128
New candidate... 765169
Prime of  20 bits found: 765169
Checked 1 candidates in 0.00 s
Generating  20 bit prime... 
10 rounds of Miller-Rabin needed (according to FISC)
Trial-Division prime list generated, size:  128
New candidate... 752789
Prime of  20 bits found: 752789
Checked 1 candidates in 0.00 s

p: 765169
q: 752789

n: 576010806341
e: 372579621245
n bit length: 40
Private-Key, d: 246770048981
Public-Key: (576010806341, 372579621245)
Private-Key: 246770048981
n is 40 bits



True

### Brute Force Algorithm

The simplest approach. 

- Take the $\sqrt{n}$ and check if it divides n. 
- If it does not enumerate each odd smaller than $\sqrt{n}$ until a factor is found. 
- $O(\sqrt{n})$ (ignoring logarithmic test for division)

In [5]:
bf = brute_force.BFSolver(RSA_keys.n, RSA_keys.e, True, True)   # pass it public keys, and True verbose & demo flag
bf.solve()                                                      # run solver

'576010806341 % 752789 = 0'

p: 752789
q: 765169
Private-Key, d: 246770048981
Numbers checked: 3083
Space used: 2 bytes
Time taken: 0.218 s


True

### Make it a bit harder

In [6]:
bitSize = 46

RSA_keys = generate_RSA.KeyGen(bitSize, True)     # initalise object True sets verbose flag on KeyGen
RSA_keys.generateKeys()                           # runs generator

Prime of  23 bits found: 8264887
Checked 8 candidates in 0.00 s
Prime of  23 bits found: 4880111
Checked 30 candidates in 0.00 s

p: 8264887
q: 4880111

n: 40333565962457
e: 7520128911737
n bit length: 46
Private-Key, d: 31722252459773
Public-Key: (40333565962457, 7520128911737)
Private-Key: 31722252459773
n is 46 bits



True

### Fermat's Factorisation Method

Relies on Fermat’s observation that any odd number can be represented as the
difference of two squares. 

- We again start with $γ ← \sqrt{n}$
- now we increment γ a single numberat a time until $γ^2 \; mod \; n \; = \; b^2$ where b is an integer. 
- then $\{p,q\} = γ \pm b$
- The worst-case time-complexity is exactlythe same as for brute-force, $O(\sqrt{n})$

In [7]:
ff = fermats.FFSolver(RSA_keys.n, RSA_keys.e, True, True)   # pass it public keys, and True verbose & demo flag
ff.solve()                                                  # run solver

'sqrt(43197743105001 - 40333565962457) = 1692388.0'

p: 4880111
q: 8264887
Private-Key, d: 31722252459773
Numbers checked: 221629
Space used: 6 bytes
Time taken: 8.735 s


True

### KNJ - Factorisation

The same as brute-force, but includes a check for prime numbers first. 

- Take the $\sqrt{n}$ and check if it divides n. 
- If it does not enumerate each prime number smaller than $\sqrt{n}$ until a factor is found. 
- $O(\frac{\sqrt{n}}{log(\sqrt{n})})$ (estimation of the number of primes up to $\sqrt{n}$)

In [8]:
knj = knj_factorisation.KNJSolver(RSA_keys.n, RSA_keys.e, True, True)   # pass it public keys, and True verbose & demo flag
knj.solve()                                                             # run solver

'40333565962457 % 4880111 = 0'

p: 4880111
q: 8264887
Private-Key, d: 31722252459773
Numbers checked: 94672
Space used: 870642 bytes
Time taken: 3.985 s


True

### Pollard's p-1 

Is our first probabilistic algorithm:

- Utilises Fermat's little theorem 
- for a semi-prime $n \leftarrow pq$, if $x \leftarrow a^{K(p-1)} \equiv 1 \; mod \; p$ then the $gcd(x - 1, n)$ will be divisible by $p$
- We use a B-powersmooth number to find this large multiple
- If our B is too high and both p and q are B-powersmooth it fails
- So is probabilistic and we have to backtrack our B (or increase it)
- $O(B \log{B} \log_2n)$

In [9]:
polMin = pollard_p_minus_1.PSolver(RSA_keys.n, RSA_keys.e, True, True)   # pass it public keys, and True verbose & demo flag
polMin.solve()                                                           # run solver

'Testing B = 22157'

p: 8264887
q: 4880111
Private-Key, d: 31722252459773
Numbers checked: 2497
Space used: 88 bytes
Time taken: 0.447 s


True

### Pollard's-$\rho$ method


Another probabilistic method:

- A random but known sequence is generated $\{x_k \; mod \; n\}$
- This has a relation with the sequence mod a factor of $n$, $\{x_k \; mod \; p\}$
- Send runners y and z around the sequence, one twice as fast as the other 
- $gcd(x_y - x_z, n)$ will return a non trivial answer if the smaller, $p$ cycle repeats itself
- This is called Floyd's cycle detection
- $O(n^{1/4})$ via the birthday-paradox

In [10]:
rho = pollard_rho.RhoSolver(RSA_keys.n, RSA_keys.e, True, True)   # pass it public keys, and True verbose & demo flag
rho.solve()                                                       # run solver

'gcd(3375126358728 - 6531904240854, 40333565962457) = 4880111'

p: 4880111
q: 8264887
Private-Key, d: 31722252459773
Numbers checked: 1445
Space used: 10 bytes
Time taken: 0.192 s


True

### Quadratic Sieve

In essence, this is advanced Fermat's Factoring:

- We no longer care about testing for one $\beta \leftarrow a^2 \; mod \; n$ until $\beta$ is a square number
- We instead build a congruence of squares, s.t. the product is a square ($b^2 \leftarrow \beta _1 * ... * \beta _k \; s.t. \; b \in N $)
- Again a smoothness bound, B, is used to ensure each $\beta$ can be fully factored over a small number of primes 
- A matrix is then built of prime-exponent vectors for each $\beta$
- Matrix elimination is then applied to find the zero vector, which means the number produced is square
- This sum of vectors used to produce the zero vectors can then be used to determine the factors
- A hard time-complexity to define, but should be sub-exponential

In [11]:
# need to recalculate as only 100% guarenteed for these very small sizes 

bitSize = 20

RSA_keys = generate_RSA.KeyGen(bitSize, True)     # initalise object True sets verbose flag on KeyGen
RSA_keys.generateKeys()                           # runs generator

Prime of  10 bits found: 997
Checked 2 candidates in 0.00 s
Prime of  10 bits found: 887
Checked 3 candidates in 0.00 s

p: 997
q: 887

n: 884339
e: 822977
n bit length: 20
Private-Key, d: 388121
Public-Key: (884339, 822977)
Private-Key: 388121
n is 20 bits



True

In [12]:
quad = quadratic_sieve.QSolver(RSA_keys.n, RSA_keys.e, True, True)  # pass it public keys, and True verbose & demo flag
quad.solve()                                                        # run solver

Length of possible primes: 528
Length of primes with quadRes(n,p) == 1: 262 

p: 997
q: 887
Private-Key, d: 388121
Numbers checked: 67
Space used: 137812 bytes
Time taken: 0.091 s


True

### Basic Analysis
Running the above algorithms on a variety of random inputs to create graphs showing general trends.

The below style code makes the format of the graphs nicer

In [14]:
%%html
<style>
.output_wrapper button.btn.btn-default,
.output_wrapper .ui-dialog-titlebar {
  display: none;
}
</style>

Runs each algorithm in a thread and plots the results.

In [2]:
%matplotlib notebook
from graphs_RSA import *

COUNT = 250

minBit = 24
bf_bit = 44
ff_bit = 44
knj_bit = 44
rho_bit = 44

testGraphs(minBit, bf_bit, ff_bit, knj_bit, rho_bit, COUNT)

<IPython.core.display.Javascript object>

Press Enter to stop.


<img src="imgs/RSA.png" alt="drawing" style="width:80%;"/>

## Try it yourself

Below you can select which solvers you want to use and enter your own two prime numbers to test against the solvers

In [3]:
# SET YOUR CHOSEN PRIME NUMBERS
p = 11
q = 20

# GENERATE KEYS BASED ON NUMBERS CHOSEN 
RSA_keys = generate_RSA.KeyGen(verbose = True, demo = True)  
prime = RSA_keys.setPrimes(p, q)

# returns error code if p and q are not prime
if prime:
    RSA_keys.generateKeys()

20 is not prime


In [4]:
import run_RSA

# SET SOLVERS ON/OFF 
bf = True    # brute-force
ff = True    # fermat's factoring
pr = True    # pollard's - rho
knj = True   # knj factorisation
pm1 = True   # pollard's p-1
qs = True    # quadratic sieve

# PASS KEYS TO SOLVER
run_RSA.runSolvers(RSA_keys, bf, ff, pr, knj, pm1, qs)

Can't solve for n = 0
Fail!
Can't solve for even n
Fail!
Can't solve for n = 0
Fail!
Can't solve for n = 0
Fail!
Can't solve for n = 0
Fail!
Can't solve for n = 0
Fail!


In [5]:
# just proving nothing dodgy is going on by sending all of RSA_keys to the run file

public_n = RSA_keys.n
public_e = RSA_keys.e

rho = pollard_rho.RhoSolver(public_n, public_e, True)                    
rho.solve()

Can't solve for n = 0


False