## RSA Cryptography: An application of modular arithmetics

   The word **cryptography** comes from two Greek words: *kryptós*, which means "hidden", and *graphein*, which means "to write". Therefore, it refers to the practice of developing and studying techniques to secure information. Civilization has had the necessity to hide and protect information since ancient times: the first occurences of encrypted information have been found in Egypt, and date back to 1000 B.C. 

   Throughout the last centuries, cryptography evolved into a complex field within Mathematics and Computer Science. Currently, cryptography algorithms seek to guarantee four principals in regards to manipulating and sending encrypted information:
    
   **1 - Confidentiality:** The encrypted information can only be accessed by the recipient and no one else.
   
   **2 - Integrity:** The encyption algorithm and the pathway between the sender and recipient must not alter the original information.
   
   **3 - Non-repudiation:** The sender must not stay anonymous. It must be possible to track the sender of the encrypted message.
   
   **4 - Authentication:** The identities of the sender and the recipient must be safely confirmed.
   
### What constitutes a cryptographic algorithm?

   Currently, there two main types of cryptographic algorithms: **assymetric cryptography and symmetric cryptography**. These two classifications differentiate themselves in the use of encryption keys. In cryptography, a key is a piece of information that is used in the algorithm to encrypt or decrpyt the message. The use of keys guarantee authetication and confidentiality. The original information is known as plaintext, and the encrypted information is known as ciphertext. 
   
   **Symmetric cryptography:** Symmetric cryptography establishes that the sender and recipient share the same key. The key is a shared secret between the sender and the recipient. This guarantees **confidentiality**, because only the person who has the same key as the sender can decrypt the ciphertext. **Non-repudiation** is also guaranteed, because the recipient knows that sender has the same key. **Authetication** is present, because only the shared key verifies the the sender's and the recipient's identities. Finally, the shared key allows the recipient to verify if the pathway or the algorithm altered the original message, guaranteeing **integrity**. 
   
   Although symmetric cryptography seems to be the most intuitive form of cryptographic algorithms, it creates another security problem: it is difficult to create a safe way to share the key between the sender and the recipient. If the sender's or recepient's information is intercepted by a third party somehow, it is possible to discover the key and decrypt the ciphertext. Attacks towards symmetric cryptography algorithms use this strategy: known-plaintext attacks are conducted by attackers who have access to the specific plaintext and the final ciphertext. By analizing the two different information carefully, it maybe possible to discover the key.
   
   Furthermore, symmetric cryptography ideally demands that each sender-recipient pair have their own key. If the sender is connected to various different recipients, and each one has their own key, the complexity of the key mangemant environment increases greatly, making it even harder to assure safety. 
   
   **Asymmetric cryptography:** Given the problems related to key security in symmetric cryptography, American mathematicians and cryptographers Whitfield Diffie and Martin Hellman proposed in 1976 the public key cryptography system, also known as asymmetric cryptography. In this scenario, instead of the key itself being the shared secret between the sender and the recepient, each one of the parties involved has two keys: a public key (which is known to everyone and guarantees **non-repudiation**) and a private key (which is kept secret and allows **confidentiality** and **authetication**). Both keys are used to encrypt and decrypt. If plaintext is encrypted using a sender's public key, only the sender's private key will be able to decrpyt it. If plaintext is encrypted with the sender's private key, only the sender's public key wil decrypt it. This adds a second layer of safety, because truly confidential information is necessary to obtain information, assuring **integrity**.  
   
   
### What is RSA Cryptography?

   Just a few years after the assymetric cryptography system was proposed, MIT mathematicians Ron Rivest, Adi Shamir and Leonard Adleman elaborated their own cryptographic algorithm. 
   
   Interestingly, the premise of RSA Chryptography was firstly anounced by British mathematician William Stanley Jevons little more than 100 years before the creation of the RSA algorithm. In his 1874 book *The Principles of Science*, he wrote: 
   "Can the reader say what two numbers multiplied together will produce the number 8616460799? I think it unlikely that anyone but myself will ever know."
   
   The idea behind the usage of public and private keys is similar to the one anounced by William Stanley Jevons: the public and private keys create a unique combination for each sender and recipient.
   
### What is Modular Arithmetics?

   In mathematics, modular arithmetics is an algebraic system in which the numbers "return" to smaller values when they have reached a limiting value, named the modulo (or modulus). Time is organized using modular arithmetics: a week has seven days, and after the seventh day of the week has passed, we return to the first day of the week. Note that modular arithmetics only applies to integers. After defining a modulo, the integers that belong in the set range from zero to the integer prior the value of the modulo. 
   It is interesting to note that modular arithmetics is done under a finite algebraic structure. ALgebraic structures are an indispensable part of modern mathematics. They can be classified differently depending on the properties of the operations that are done with its elements. We can say that most classifications of are based on the presence or absence of the following properties:
   
   1- Associativity: $a * (b * c) = (a * b) * c$
   
   2- Identity element: $a * i = a$
   
   3- Inverse element: $a * z = i$
   
   4- Commutativity: $a * b = b * a$
   
   5- Closure: $a \in D, b \in D, a * b = c \iff c \in D$
   
   The most studied algebraic structures are:
   
   1- Groups: A structure that is closed, that is defined with an operation that is associative, that contains one identity element and each element has one inverse element.
   
   2- Abelian group: A group that also is commutative. 
   
   3- Ring: A structure that allows two operations, addition and multiplication. Under addition, a ring has the properties of an abelian group. Under multiplication, a ring is associative and distribuitive, that is:
   
   Distribution: $a \in D, b \in D, a * b = c \iff c \in D$
   
   4- Field: A ring that is an abelian group for non-zero numbers under multiplication. Note that zero refers to the identity element relative to addition.
   
   Particularly, the mathematical foundations of RSA cryptography are related to group theory. However, fields are the algebraic structures that allow vector spaces, with those being the structures in which we study linear algebra. 
   
   
### The Algorithm
    
   The algorithm uses two main principals of number arithmetic and finite group theory: prime numbers and modular arithmetics.
    
   **Key Generation:** 
   
   1 - Select two very large prime numbers. Those will be called *p* and *q*.  
   
   2 - Compute *n = p.q*. This number will be part of the public key.
   
   3 - Compute Euler Totient Function &Phi;$(n) = (p-1)(q-1)$. This is an interesting function, which reveals the amount of numbers that are coprime to *p* and *q*.
   
   4 - Choose a number *e* that must be coprime to &Phi;$(n)$. Two numbers are coprime if there are no prime numbers that divide both. *e* will be the rest of the public key. 
   
   5 - Compute the modular inverse of *e* to the modulus of &Phi;$(n)$. That number will be called *d* and is the private key. In other words, to compute *d*, you must use the equation: $$ de = 1 (mod \Phi) $$ A modular inverse will always exist. We can affirm this because the coprime numbers between 0 to *n-1* form a group of modulo *n* under multiplication. As it was said before, a group guarantees the existence of an inverse for each of its elements under a certain operation.
   
   We can infer from the affirmation above why it is uncommon to see applications in finite sets: many of the properties previously mentioned are not observed. RSA cryptography is likely the most important application of finite groups in modern times.
   
   **Encryption and Decryption:**
   
   Suppose you wish to send a number *m* to your friend, who has *e* and &Phi; as his public keys. In order to encrypt *m* you must apply the following equation: 
   
$$ c = m^e (mod n)$$

c is now the encrypted message. 

   For your friend to decrypt *c*, he must do the following:

$$ m = c^d (mod n) $$

### The Magic of Coprime Numbers

It might seem strange that calculating the multiplicative inverse of a number using a certain modulo will help you find the original message that was encoded in another modulo. However, there are a few mathematical theorems that guarantee such procedure. 

**Fermat's Little Theorem:** Originally proposed by French mathematician Pierre de Fermat in 1640, it states that if *p* is prime, *a* is an integer coprime to *p*, then:

$$ a^{(p-1)} = 1  mod(p)$$ 

**Euler's Theorem:** A generalization of Fermat's Little Theorem, it states that if b and a are coprime integers, then:

$$a^{\Phi(b)} = 1 (mod b)$$

where &Phi; is Euler's totient function $\Phi(b) = b-1$

On an important note, the Totient Function for a non-prime number is equal to the product of each of the primes that compose it reduced in 1. You can see this being used in the previous section.

We know that RSA uses the equation $de = 1 (mod \Phi)$ to find the private key. We know *e* and &Phi; are coprimes. One of the properties of coprimes is that a number will always have a multiplicative inverse under a modulo that is coprime to it. That is why the equation above is always true. 

Knowing congruency in modular arithmetics, we know that if we add to the value of &Phi; to the right side of the equation, that is still equal to *de*. In other words: 

$$de = 1 + \Phi (mod \Phi)$$.

If we elevate both sides of the equation above to the original message (*m*) and define modulo *n*, we have: 

$$m^{de} = m^{1+\Phi} (mod n)$$ 

$$m^{de} =  mm^{\Phi} (mod n)$$

Using Euler's theorem, we know that $m^{\Phi}$ is equal to one. Therefore: $$m^{de} = m (mod n)$$

If we define $c = m^e (mod n)$, and we elevate c to d ($ c^d (mod n)$), we will obtain m.

That is the mathematical basis of this cryptosystem. 

Notice that if *d* is unknown, it is impossible to find the original message. 

### Conclusion

It is interesting to note that RSA Cryptography is only effective because mathematicians have still not found a repeat pattern that models the placement of prime numbers in the integer group. If this pattern is found, it would be easier to find prime numbers that are coprime to *e*, and consequentely find the private key. On the other hand, some experts say that, due to the increasing capacity of modern quantum computers, it will be possible to find private RSA keys with brute force. 
Nevertheless, it is still fascinating to see how almost 400 year old theorems have been applied to encrypt information, something that humanity has always tried to accomplish. Perhaps, in the near future, we will observe even more elaborate mathematical theorems being applied to encrypt information. 

### Example

See and example of RSA encryption below. 

Choose the prime numbers and type any text message into the box below and you will see its encryption. 

Here you will likely use very small prime numbers. RSA's creators instruct to use with very large prime numbers. That makes it even more difficult to figure out the private keys.

In [1]:
%pip install -q ipywidgets==8.0.7 

Note: you may need to restart the kernel to use updated packages.


In [2]:
from math import sqrt
def testPrime(p, q):
    prime_flag = 0
    args = [p,q]
    for index in [0,1]:
        n = args[index]
        if(n > 1):
            for i in range(2, int(sqrt(n)) + 1):
                if (n % i == 0):
                    prime_flag = 1
                    break
                else:
                    continue
    return prime_flag

In [3]:
def checkcoprimes(p, q, e):
    divisoresp = []
    divisoresq = []
    divisorese = []
    args = [p-1, q-1, e]
    for num in args:
        i = 1
        raiz = num/2
        if num == p-1:
            while (i <= num/2):
                if ((p-1) % i == 0):
                    divisoresp.append(i)
                i = i+1
        if num == q-1:
            while (i <= num/2):
                if ((q-1) % i == 0):
                    divisoresq.append(i)
                i = i+1
        if num == e:
            while (i <= num/2):
                if ((e % i) == 0):
                    divisorese.append(i)
                i = i+1
    divphi = divisoresp + divisoresq
    commons1 = set(divphi)
    commons = commons1 & set(divisorese)
    if len(commons) == 1:
        return 1
    else:
        return 0

In [4]:
def encryption(i, e, n):
    message_list = list(i)
    encryptedmessage = []
    for indice in range(len(message_list)):
        encrypt = pow(ord(i[indice]), e, n)
        encryptedmessage.append(encrypt)
    return encryptedmessage

In [5]:
import ipywidgets as widgets
from ipywidgets import VBox, HBox
i = widgets.Text(value='Hello World', placeholder='Enter', description='Message:', disabled=False)
p = widgets.IntText(value = 11, description = 'p:', disabled = False)
q = widgets.IntText(value = 13, description = 'q:', disabled = False)
entries = HBox([i, p, q])
def calcKeys(p,q):
    prime_flag = testPrime(p, q)
    if prime_flag == 0:
        n = p*q
        phi = (p-1)*(q-1)
        print(f"n = {n}")
        print(f"phi = {phi}")
    else:
        print("Either p or q is not prime!")
out1 = widgets.interactive_output(calcKeys, {'p': p, 'q': q,})

display(entries, out1)

HBox(children=(Text(value='Hello World', description='Message:', placeholder='Enter'), IntText(value=11, descr…

Output()

Now, enter a coprime number to &Phi;. That will be *e*.

In [6]:
def intermed(p, q, e, i):
    n = p*q
    isprime = testPrime(p, q)
    encryptedString = ""
    if isprime == 0:
        iscoprime = checkcoprimes(p, q, e)
        if iscoprime == 0:
            print("e is not coprime to phi!")
            return 0
        else:
            print("e is coprime to phi!")
    else:
        print("Either p or q is not prime!")
        return 1
    encrypted = encryption(i, e, n)
    print("Encrypted message:", end=" ")
    for elem in encrypted:
        print(elem, end=" ")
    return encrypted
e = widgets.IntText(value = 1, description = 'e', disabled = False)
out2 = widgets.interactive_output(intermed, {'p':p, 'q':q, 'e':e, 'i':i})
display(e, out2)

IntText(value=1, description='e')

Output()

You might ask yourself: how do I find d?

For that, you have to consider some particularities of modular arithmetics: $$ax = b (mod m) $$

The linear congruency above, unlike equalities over the real numbers, can have many or no solutions. The linear congruency only has solutions if the greatest common denominator between a and m also divides b. 

So, if we have the equation $de = 1 (mod \Phi)$, we can conclude that d and e are coprimes. 

We can also apply Bezout's Identity, that states that: Let a and b be integers with greatest common denominator c. There always exists integers x and y that satisfy the equation ax + by = c.

If we rewrite the equation above in order to fit the format of a diophantine equation, we would get: $$de + kphi = 1$$.

Now, we need to find the values of d and k, since e and phi are already known. For that, we will apply the extended Euclidian algorithm. Note that, without &Phi; it is impossible to form the diophantine equation. That is why it is part of the private key.


In [7]:
def extendedEuclid(phi, e): 
    if e == 0:
        return (1, 0, phi)
    else :
        k, d, gcd = extendedEuclid(e, phi % e) 
        return d, k - d * (phi // e), gcd           

def modularInverse(e, p, q):
    phi = (p-1)*(q-1)
    k, d, gcd = extendedEuclid(phi, e)
    if gcd == 1 :
        print("d: ", end = " ")
        print(d % phi)
        return d % phi
    else:
        return None  


In [8]:
def decryption(p, q, e, i):
    isprime = testPrime(p, q)
    if isprime == 0:
        iscoprime = checkcoprimes(p, q, e)
        if iscoprime == 0:
            print("e is not coprime to phi!")
            return 0
        else:
            d = modularInverse(e, p, q)
            n = p*q
            encrypted = encryption(i, e, n)
            for elem in encrypted:
                decrypted = pow(elem, d, n)
                decryptedChar = chr(decrypted)
                print(decryptedChar, end=" ")
            
    else:
        print("Either p or q is not prime!")
        return 1 
    
out3 = widgets.interactive_output(decryption, {'p':p, 'q':q, 'e':e, 'i':i})
display(out3)

Output()