# Definition

The RSA algorithm involves four steps: key generation, key distribution, encryption and decryption.
A basic principle behind RSA is the observation that it is practical to find three very large positive integers e, d and n such that with modular exponentiation for all integer m:

$(m^{e})^{d}\equiv m{\pmod {n}}$

and that even knowing e and n or even m it can be extremely difficult to find d.
Additionally, for some operations it is convenient that the order of the two exponentiations can be changed and that this relation also implies:

$(m^{d})^{e}\equiv m{\pmod {n}}$

RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages. The intention is that messages encrypted with the public key can only be decrypted in a reasonable amount of time using the private key. The public key is represented by the integers n and e; and, the private key, by the integer d (although n is also used during the decryption process; so, it might be considered a part of the private key, too). m represents the message (previously prepared with certain technique explained below).

## Key generation
The keys for the RSA algorithm are generated the following way:

1. Choose two distinct prime numbers p and q.
    * For security purposes, the integers p and q should be chosen at random, and should be similar in magnitude but 'differ in length by a few digits'[2] to make factoring harder. Prime integers can be efficiently found using a primality test.
1.Compute n = pq.
    * n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length.
1. Compute λ(n) = lcm(λ(p), λ(q)) = lcm(p − 1, q − 1), where λ is Carmichael's totient function. This value is kept private.
1. Choose an integer e such that 1 < e < λ(n) and gcd(e, λ(n)) = 1; i.e., e and λ(n) are coprime.
1. Determine d as d ≡ e−1 (mod λ(n)); i.e., d is the modular multiplicative inverse of e (modulo λ(n)).
    * This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod λ(n)).
    * e having a short bit-length and small Hamming weight results in more efficient encryption – most commonly e = 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been shown to be less secure in some settings.[14]
    * e is released as the public key exponent.
    * d is kept as the private key exponent.


In [2]:
import secrets

In [3]:
import math

"""
Euler's totient function
"""
def phi(n):
    count = 0
    for i in range(1, n + 1):
        if math.gcd(i, n) == 1:
            count += 1
    return count

In [4]:
def egcd(a, b):
    if a == 0:
        return (b, 0, 1)
    else:
        g, y, x = egcd(b % a, a)
        return (g, x - (b // a) * y, y)

def modinv(a, m):
    g, x, y = egcd(a, m)
    if g != 1:
        raise Exception('modular inverse does not exist')
    else:
        return x % m

In [None]:
# Load prime numbers from 0 to 100,000
primes = []
with open('primes-to-100k.txt') as f:
    primes = [int(line.split()[0]) for line in f]

RANGE = 10#len(primes)
    
# Choose two random primes p and q
halflen = RANGE//2
p = primes[secrets.randbelow(halflen)]
q = primes[halflen+secrets.randbelow(halflen)]

# Calculate modu
n = p*q
phi_n = (p-1)*(q-1)

# Choose e (public key) such as 1 < e < phi_n
e = phi_n
while e >= phi_n or math.gcd(e, phi_n) != 1:
    e = primes[1+secrets.randbelow(RANGE)]
    
# Calculate d (private key) such as de ≡ 1 (mod ϕ(n)) ie: de = 1 + kϕ(n)
d = modinv(e, phi_n)

# Encrypt number
msg = 12
enc = msg ** e % n
dec = enc ** d % n

print(msg, enc, dec)

# References

1. Wikipedia, "RSA (cryptosystem)", https://en.wikipedia.org/wiki/RSA_(cryptosystem)
2. Art of the Problem, "Public Key Cryptography: RSA Encryption Algorithm", https://youtu.be/wXB-V_Keiu8