# RSA (Rivest–Shamir–Adleman)

RSA is the most famous public-key cryptosystem. It can be used for both encryption (ensuring confidentiality) and digital signatures (ensuring authenticity). In RSA, each user has a public key (shared openly) and a private key (kept secret). Anyone can encrypt a message for Bob using his public key, but only Bob can decrypt it with his private key. Without Bob's private key, an attacker cannot recover the original message.

## How It Works (High Level)

### Key Generation
1. **Choose Two Primes:** Select two large random prime numbers, `p` and `q`.
2. **Compute the Modulus:** Calculate `N = p * q`.
3. **Compute Euler’s Totient:** Compute `φ(N) = (p - 1) * (q - 1)`.
4. **Select Public Exponent:** Choose an integer `e`, commonly `65537`. `e` should be coprime to `φ(N)`; otherwise, `d` will not exist.
5. **Compute Private Exponent:** Compute `d` such that `d ≡ e⁻¹ (mod φ(N))`.
6. **Keys:**
   - **Public Key:** `(N, e)`
   - **Private Key:** `(N, d)`

### Encryption (Performed by Alice)
- **Encryption Formula:**  
  Given a message `m` (an integer where 0 < m < n), compute the ciphertext:  
  `C = m^e mod n`.

### Decryption (Performed by Bob)
- **Decryption Formula:**  
  Recover the original message from the ciphertext using:  
  `m = C^d mod N`.

## Parameters

- **N:** Modulus (public), the product of two large primes.
- **e:** Public exponent (public), typically set to `65537`.
- **d:** Private exponent (secret).
- **m:** Message as an integer, where `0 < m < N`.
- **C:** Ciphertext.

## Security Notes

- **Padding is Critical:**  
  Always use a padding scheme like OAEP (Optimal Asymmetric Encryption Padding) when encrypting messages.  
  Avoid using the simple `m^e mod N` formulation as it is insecure.

- **Key Sizes:**  
  RSA key sizes of at least 2048 bits are recommended for secure communications.
  
- **Modern Alternatives:**  
  Although RSA is secure when properly implemented with padding, many modern systems prefer Elliptic Curve Cryptography (ECC) methods for improved efficiency and security.

## Where It’s Used

- **TLS/HTTPS:**  
  RSA is used in certificates and for securing connections (although newer versions use alternative key exchange mechanisms).
  RSA used only in TLS 1.2 and earlier and is being deprecated in TLS 1.3 because it is not forward-secure (if the private key is compromised, past communications can be decrypted).
- **Secure Email:**  
  Implemented in PGP/GPG for encrypted communication.
- **Digital Signatures:**  
  Widely employed in various standards to verify the authenticity and integrity of messages.

In [2]:
import secrets

# --- Key generation (toy, insecure small primes) ---
p = 61
q = 53
N = p * q            # modulus
phi = (p-1)*(q-1)    # Euler's totient

e = 17               # public exponent
# Compute d = e^{-1} mod phi (modular inverse)
def inv_mod(a, m):
    # extended Euclidean algorithm
    def egcd(a, b):
        if b == 0:
            return (1, 0, a)
        x1, y1, g = egcd(b, a % b)
        return (y1, x1 - (a // b) * y1, g)
    x, y, g = egcd(a, m)
    if g != 1:
        raise Exception("No inverse")
    return x % m

d = inv_mod(e, phi)

print("Public key (N, e):", (N, e))
print("Private key (N, d):", (N, d))

# --- Encrypt (Alice to Bob) ---
m = 42   # message (as number < N)
C = pow(m, e, N)
print("Ciphertext C:", C)

# --- Decrypt (Bob) ---
m_recovered = pow(C, d, N)
print("Recovered message:", m_recovered)


Public key (N, e): (3233, 17)
Private key (N, d): (3233, 2753)
Ciphertext C: 2557
Recovered message: 42
