# Exploring the RSA Cryptosystem: Theory, Implementation, and Analysis

>[Exploring the RSA Cryptosystem: Theory, Implementation, and Analysis](#scrollTo=Ixk57pni91Y0)

>>[1 Introduction to RSA](#scrollTo=cgIDZYA_-IOS)

>>>[1.1 Background and Historical Context](#scrollTo=8Rb148BY_0xY)

>>>>[1.1.1 Brief overview of cryptography and its importance](#scrollTo=8Rb148BY_0xY)

>>>>[1.1.2 The development of public-key cryptography](#scrollTo=8Rb148BY_0xY)

>>>[1.2 RSA: The Seminal Public-Key Cryptosystem](#scrollTo=8Rb148BY_0xY)

>>>>[1.2.1 Development and Significance of RSA (Rivest-Shamir-Adleman)](#scrollTo=8Rb148BY_0xY)

>>>>[1.2.2 The fundamental principles of RSA](#scrollTo=8Rb148BY_0xY)

>>>[1.3 Key Concepts in RSA](#scrollTo=8Rb148BY_0xY)

>>>>[1.3.1 Asymmetric Cryptography](#scrollTo=8Rb148BY_0xY)

>>>>[1.3.2 Public-key and private-key pairs](#scrollTo=8Rb148BY_0xY)

>>>>[1.3.3 The role of prime numbers and modular arithmetic](#scrollTo=8Rb148BY_0xY)

>>[2 Overview of the Mathematical Concepts Behind RSA](#scrollTo=bHf_98pU_bSI)

>>>[2.1 Prime and Coprime Numbers](#scrollTo=8df5h2mBKMAE)

>>>[2.2 Euler's Totient Function](#scrollTo=Sp2Vqut15SRv)

>>>[2.3 Extended Euclidean Algorithm](#scrollTo=8T8DqS176APa)

>>>[2.4 Modular Arithmetic](#scrollTo=QqCVb8eM6Ecx)

>>>[2.5 Fermat's Little Theorem](#scrollTo=8r_JZoF_6Hl_)

>>>[2.6 Chinese Remainder Theorem](#scrollTo=Py24ttB56JGw)

>>[3 In-Depth Look at the RSA Algorithm](#scrollTo=EeE4gyz-_dgV)

>>>[3.1. Key Generation Process](#scrollTo=xGPrMyFDJz6z)

>>>>[Step 1: Choose two random large, prime, distinct numbers (p and q)](#scrollTo=3dZ2aGlEyI87)

>>>>[Step 2: Calculate the product n = pq 🍎MATH🍎](#scrollTo=79io4MQbyI6a)

>>>>[Step 3: Calculate the totient of n: φ(n) = (p-1)(q-1)](#scrollTo=3iWtjaY4yI35)

>>>>[Step 4: Choose the Public Exponent (e) 🍎choose e not coprime?🍎](#scrollTo=2sS2swaCyI1R)

>>>>[Step 5: Determine the Private Exponent (d)](#scrollTo=B1EQVkL5yIyr)

>>>[3.2 Encryption and Decryption Process](#scrollTo=QBluKI3QhDvC)

>>>>[3.2.1 Encryption](#scrollTo=G4rOb5OfhDbL)

>>>>>[Step 1: Convert the original message to number representation](#scrollTo=5jQy5zL5hDQ6)

>>>>>[Step 2: Split the message to blocks](#scrollTo=rHLn_DWhkMUE)

>>>>>[Step 3: Apply a padding scheme](#scrollTo=yTv4XmahkMNP)

>>>>>>[PKCS#1 v1.5 Padding](#scrollTo=k3fHigiMz5OV)

>>>>>>[Optimal Asymmetric Encryption Padding (OAEP)](#scrollTo=f-aY4EPf0eaw)

>>>>>[Step 5: Encode each block](#scrollTo=CLKdV8NPkMEH)

>>>>[3.2.2 Decryption](#scrollTo=L9zy192_hC8-)

>>>[3.3 Example](#scrollTo=hxV1aOFEhOi8)

>>[4 Mathematical Proof of RSA Correctness](#scrollTo=YarDcNM-_dzv)

>>>[4.1 Given RSA data](#scrollTo=h2zaB3_iS79J)

>>>[4.2 Tools](#scrollTo=WpJFTZITTUqI)

>>>[4.3 Proof](#scrollTo=1bDLuYDQTRii)

>>[5 Implementing the RSA Algorithm In Python](#scrollTo=7wafw7jGN3-B)

>>[6 Exploring the Security of RSA](#scrollTo=qWbfmJoN_eB8)

>>[7 Known Vulnerabilities and Attacks](#scrollTo=yP_0_ZQh_eSB)

>>[8 Try To Attack the Cryptosystem](#scrollTo=V1aLYubw_nxJ)

>>[9 Mitigation Tactics](#scrollTo=rs5iEJu5_oPH)

>>[10 Evaluate the Performance of RSA. Discuss factors like encryption/decryption speed, memory usage, and the impact of key length on performance](#scrollTo=xqKyvrd2_ocu)

>>[11 Real-World Applications: Discuss real-world applications of RSA](#scrollTo=Q95kkpI3UWWw)



## 1 Introduction to RSA

### 1.1 Background and Historical Context
#### 1.1.1 Brief overview of cryptography and its importance
#### 1.1.2 The development of public-key cryptography

### 1.2 RSA: The Seminal Public-Key Cryptosystem
#### 1.2.1 Development and Significance of RSA (Rivest-Shamir-Adleman)
#### 1.2.2 The fundamental principles of RSA

### 1.3 Key Concepts in RSA
#### 1.3.1 Asymmetric Cryptography
#### 1.3.2 Public-key and private-key pairs
#### 1.3.3 The role of prime numbers and modular arithmetic









## 2 Overview of the Mathematical Concepts Behind RSA

This section will provide a brief overview of the mathematical concepts that are essential to understand before delving into the details of the RSA algorithm. These concepts will be examined individually now, but they will be referenced later, particularly when discussing the calculation of various numbers involved in the RSA algorithm and proving its correctness.

* **Prime and coprime numbers:** Central to the security of RSA.
* **Euler's totient function:** Used to determine the private exponent during key generation.
* **Extended Euclidean algorithm:** Part of the key generation process to find the decryption exponent **d** 🍎.
* **Modular arithmetic:** Essential for proving the correctness of RSA.
* **Fermat's little theorem:** Useful for proving the correctness of RSA.
* **Chinese Remainder theorem:** Also useful for proving the correctness of RSA.

### 2.1 Prime and Coprime Numbers









**Prime numbers** are defined as integers greater than 1 that can only be divided by 1 and themselves. Their significance in cryptography, particularly in the RSA algorithm, stems from their special properties. When two large prime numbers are multiplied, the product has a key feature: it is incredibly hard to factor back into the original primes. This difficulty, called **integer factorization**, is computationally demanding and is the foundation of RSA's security, ensuring that encrypted messages remain secure without the correct key.🔴SRC: https://en.wikipedia.org/wiki/Integer_factorization

Additionally, a pair of numbers are considered **coprime** if the largest number that exactly divides both of them is 1. These numbers themselves don't have to be prime. For example, 8 and 9 are coprime, but 8 and 10 are not, because they are both divisible by 2.

### 2.2 Euler's Totient Function




🍎 Euler's totient function, denoted as $\varphi(n)$, counts the number of integers up to $n$ that are relatively prime to $n$. For RSA, ϕ(n) is used in key generation and is calculated as $\varphi(pq)=(p-1)(q-1)$, where $p$ and $q$ are prime numbers.

The totient function has several important properties:

* If $p$ is a prime number, $\varphi(p) = p - 1$.
* If $p$ and $q$ are distinct prime numbers, $\varphi(pq) = (p - 1)(q - 1)$.
* If $a$ and $b$ are coprime (i.e., $gcd(a, b) = 1$), then $\varphi(ab) = \varphi(a) \varphi(b)$.

### 2.3 Extended Euclidean Algorithm
🍎
The **Euclidean Algorithm** is used to find the greatest common divisor between two numbers $a$ and $b$.

The **Extended Euclidean Algorithm** builds upon the Euclidean algorithm to also express the greatest common divisor as an integer linear combination of the original two numbers: $gcd(a, b) = ax+by$, where $a, b, x, y \in \mathbb{Z}$.

Let's first explain the **Euclidean algorithm**. To determine the greatest common divisor (GCD) of two numbers, we can use the principle that the GCD of two numbers also divides their difference. The process involves dividing the larger number by the smaller number, then replacing the larger number with the remainder. This step is repeated until the remainder is zero. The last non-zero remainder in this sequence is the GCD.

Here is an example:\
To find the $gcd(222, 97)$:

**Step 1:** $222 = 2.(97) + (28)$ \
**Step 2:** $97 = 3.(28) + (13)$ \
**Step 3:** $28 = 2.(13) + (2)$ \
**Step 4:** $13 = 6.(2) + (1)$ \
**Step 5:** $2 = 1.(2) + 0$

At Step 5 we reached 0, so the greatest common divisor must the remainder on the previous row, namely 1.

Now, we can show the **Extended Euclidean Algorithm** to build upon the above logic to also express the remainder 1 as a linear combination of 222 and 97:

$222x+97y = 1$

We can this by starting from the step at which we found the GCD and going backwards, repeatedly replace each quotient with the number and quotient from the previous step.

**Back substitute in step 4:** Replace $(2)$ with its representation from Step 3:

$ \begin{align*}
1 &= (13) - 6(2) \\
  &= (13) - 6[(28) - 2(13)] 
\end{align*} $

then we simplify the expression with respect to $(13)$ and $(28)$:

$ \begin{align*}
  &= (13) - 6(28) + 12(13) \\
  &= 13(13) - 6(28)
\end{align*} $

**Back substitute in step 3:** Replace $(13)$ with its representation from Step 2:

$ \begin{align*}
1 &= 13(13) - 6(28) \\
  &= 13[(97) - 3(28)] - 6(28)
\end{align*} $

then simplify with respect to $(28)$ and $(97)$:

$ \begin{align*}
  &= 13(97) - 39(28) - 6(28) \\
  &= 13(97) - 45(28)
\end{align*} $

**Back substitute in step 2:** Replace $(28)$ with its representation from Step 1:

$ \begin{align*}
1 &= 13(97) - 45(28) \\
  &= 13(97) - 45[(222) - 2(97)]
\end{align*} $

then simplify with respect to $(97)$ and $(222)$:

$ \begin{align*}
  &= 13(97) - 45(222) + 90(97) \\
  &= 103(97) - 45(222)
\end{align*} $


Therefore, $x = 103, y = -45$.

### 2.4 Modular Arithmetic

🍎 Modular arithmetic is a branch of mathematics that focuses on integers and the remainders left over after division. These remainders are represented using the congruence relation symbol "$\equiv$". For instance, consider a modulus of 5: in this case, $7 \equiv 2 \pmod 5$ because when 7 is divided by 5, the remainder is 2.

In addition to dealing with remainders, modular arithmetic also encompasses the concept of additive and multiplicative inverses. In the RSA encryption and decryption algorithm, the multiplicative inverse plays a crucial role. The additive inverse of an integer $a$ modulo $n$ is another integer $b$ such that when $a$ and $b$ are added together, the result is congruent to 0 modulo $n$: $a + b \equiv 0 \pmod n$. Similarly, the multiplicative inverse of $a$ modulo $n$, often termed as the modular inverse, is an integer $b$ such that the product of $a$ and $b$ yields a remainder of 1 when divided by $n$: $ ab \equiv 1 \pmod n $.

### 2.5 Fermat's Little Theorem

Fermat's Little Theorem 🔴SOURCE   https://en.wikipedia.org/wiki/Fermat%27s_little_theorem🔴states that if $p$ is a prime number and $a$ is an integer not divisible by $p$, then $a^{p-1} \equiv 1 \pmod p$. This theorem is fundamental in the RSA algorithm because it helps in proving why RSA works, particularly in the context of modular exponentiation.

### 2.6 Chinese Remainder Theorem

**Given:**

$ \begin{align*}
X &\equiv a_1 \pmod{m_1} \\
X &\equiv a_2 \pmod{m_2} \\
&\vdots \\
X &\equiv a_n \pmod{m_n}
\end{align*} $

**and** $\gcd(m_1, m_2 \dots m_n) = 1$, \
**then** there exists a unique solution modulo $m_1m_2$

$X = (a_1M_1M_1^{-1} + a_2M_2M_2^{-1} + \dots + a_nM_nM_n^{-1}) mod(M)$

**where**

$ \begin{align*}
M  &= a_1 a_2 \dots a_n \\
M_1 &= \frac {M} {m_1} \\
M_2 &= \frac{M}{m_2} \\
&\vdots \\
M_n &= \frac{M}{m_n}
\end{align*} $



**and** $M_1^{-1}, M_2^{-1} \dots M_n^{-1}$ are the modular multiplicative inverses of $M_1, M_2 \dots M_n$, \
**such that**

$ \begin{align*}
&M_1M_1^{-1} \equiv 1\pmod{m_1} \\
&M_2M_2^{-1} \equiv 1\pmod{m_2} \\
&\vdots \\
&M_nM_n^{-1} \equiv 1\pmod{m_n}
\end{align*} $

**Example:**

$ \begin{align*}
X ≡ 2 \pmod{3} \\
X ≡ 3 \pmod{5} \\
X ≡ 2 \pmod{7} 
\end{align*} $

$M = a_1 . a_2 . a_3 = 3 . 5 . 7 = 105$

$ \begin{align*}
M_1 = \frac {105}{3} = 35 \\
M_2 = \frac {105}{5} = 21 \\
M_3 = \frac {105}{7} = 15
\end{align*} $

$ \begin{align*} 
&M_1M_1^{-1} = 1 \pmod{m_1} \\
&35M_1^{-1} = 1 \pmod{3}
\end{align*} $

To solve for $M_1^{-1}$, either start testing with values 1, 2, 3, etc, or for large values use the Extended Euclidean Algorithm. 🔴

Using simple substitution and testing: \
$35 . 1 = 1 \pmod{3}$ - is the remainder of 35 when divided by 3 = 1? No \
$35 . 2 = 1 \pmod{3}$ - is the remainder of 35 when divided by 3 = 1? Yes

So $M_1^{-1} = 2$.

Analogically,

$ \begin{align*}
&M_2^{-1} = 1 \\
&M_3^{-1} = 1 \\
\\
&X = (a_1M_1M_1^{-1} + a_2M_2M_2^{-1} + \dots + a_nM_nM_n^{-1}) \mod(M) \\
&X = (2 . 35 . 2 + 3 . 21. 1 + \dots + 2 . 15 . 1) \mod(105) \\
&X = (72 + 63 + 31) \mod(105) \\
&X = 233 \mod(105) = 23
\end{align*} $

## 3 In-Depth Look at the RSA Algorithm

### 3.1. Key Generation Process

Here we'll explore how the RSA algorithm chooses the public and private key pair.

#### Step 1: Choose two random large, prime, distinct numbers $p$ and $q$

🍎Why prime? How large?

The first step in RSA key generation is to choose two distinct large prime numbers, $p$ and $q$. While the primes must be distinct, this requirement is not explicitly mentioned in the original authors' paper. 🍎SOURCE

There are multiple ways to choose a random number. Some of them are quite complex and could be a subject of a paper by themselves. Here, we will quickly outline some commonly used algorithms: 🍎SOURCE🍎

**Trial Division:** A basic method that tests divisibility of a number by all smaller prime numbers up to its square root. It is inefficient for large numbers due to the extensive number of divisions required.

**Sieve of Eratosthenes:** Efficient for finding all prime numbers up to a given limit but not suitable for generating very large primes directly. However, it is useful for finding smaller primes to use in other algorithms.

**Fermat's Primality Test**: A probabilistic test based on Fermat's Little Theorem: if $a^{p-1} \equiv 1 \pmod{p}$ for some random $a$, $p$ is likely prime. It can produce false positives (Carmichael numbers).

**Miller-Rabin Primality Test:** A probabilistic test that improves upon Fermat's test by checking multiple bases. If a number passes several rounds of this test, it is highly likely to be prime. It is widely used due to its balance of efficiency and accuracy.

**Elliptic Curve Primality Proving (ECPP):** A probabilistic algorithm that uses properties of elliptic curves. It is efficient and provides a certificate of primality, making it suitable for generating large prime numbers.

🔴Note: Two of those algorithms are explored further in a later section.

#### Step 2: Calculate the product $n = pq$
Calculate $n$ by multiplying $p$ and q. The number n is part of both the public and private keys and serves as the modulus for both encryption and decryption.

#### Step 3: Calculate the totient of n: $\varphi(n) = (p-1)(q-1)$

The totient of n, denoted as $\varphi(n)$, is calculated as $(p - 1)(q - 1)$. This value is kept secret and is used to determine the private exponent during key generation.

#### Step 4: Choose the Public Exponent $e$ 🍎choose e not coprime?🍎

The public exponent e is chosen next. This value must be an integer such that $ 1 < e < \varphi(n)$ and $gcd(e, \varphi(n)) = 1$, meaning $e$ and $\varphi(n)$ are coprime. Common values for e, like 3, 17, or 65537, are often used because they provide a good balance between encryption efficiency and security. These values are chosen to be small relative to $\varphi(n)$ to speed up the encryption process. 🍎SOURCE🍎

#### Step 5: Determine the Private Exponent $d$

The private exponent $d$ is calculated using the Extended Euclidean algorithm, such that $(ed) mod (\varphi(n)) = 1$. This value is part of the private key and is used for decryption.

### 3.2 Encryption and Decryption Process

In RSA encryption, the plaintext message M is transformed into ciphertext C by applying the recipient's public key and a mathematical function. The decryption process reverses this operation, converting the ciphertext back into plaintext using the recipient's private key. This method guarantees that only the intended recipient can decipher the encrypted message, ensuring confidentiality and security of the communication.

#### 3.2.1 Encryption


##### Step 1: Convert the original message to number representation


The RSA algorithm operates on numerical values rather than directly on text data. Therefore, any textual input needs to be converted into a numerical representation. This conversion process is typically accomplished by employing a standardized encoding scheme, such as ASCII (American Standard Code for Information Interchange).

**Example:** Let"s consider the word "hello" as the input text. To apply the RSA algorithm to this text, we first need to convert it into a numerical representation using the ASCII encoding scheme.

In ASCII, each character is assigned a unique numerical value between 0 and 127. The character "h" has the ASCII value of 104, "e" is 101, "l" is 108, and "o" is 111.

So, the word "hello" would be converted into the sequence of numbers: 104, 101, 108, 108, 111.

After the encryption or decryption process is complete, the resulting numerical values can be converted back into text form using the same ASCII encoding scheme.

##### Step 2: Split the message to blocks

When encrypting a message longer than $n$, it must be divided into smaller blocks to ensure each block is a number less than $n$.

* Determine block length - the size of each block, in bits, should be at least one bit less than the bit length of $n$. For example, if $n$ is a 1024-bit number, each block can be up to 1023 bits long.

* Convert the message to a binary or numerical representation.

* Split this representation into chunks where each chunk's numerical value is less than $n$.

##### Step 3: Apply a padding scheme

Most of the time the chunk of data we're working with won't perfectly match the block size. Padding helps make sure each block has the right length. It also includes some randomness to boost security.

🍎SOURCE🍎 https://medium.com/asecuritysite-when-bob-met-alice/so-how-does-padding-work-in-rsa-6b34a123ca1f

RSA encryption uses several padding schemes, with two of the most popular being PKCS#1 v1.5 and Optimal Asymmetric Encryption Padding (OAEP).

**PKCS#1 v1.5 Padding**

This is one of the most common padding methods for RSA encryption. Here's how it works:

* Determine Block Size: For example, if $n$ is a 2048-bit number, the block size is 256 bytes (2048 bits / 8 bits per byte).

* Format the Message:

    * Start with the block type, which is 0x00 0x02 for encryption.

    * Add a random padding string (non-zero bytes) so that the total length of the padding plus the message equals the block size.

    * Append the original message.

So, the format looks like this: \
`0x00 | 0x02 | text{padding string} | 0x00 | text{message}`


For instance, if the message is "HELLO" (5 bytes), the padded message for a 256-byte block might look like this:

`00 | 02 | text{random bytes} | 00 | 104 101 108 108 111 `  🔴todo: make the same with the other example🔴





**Optimal Asymmetric Encryption Padding (OAEP)**

This is a more secure padding scheme that provides better protection against chosen plaintext attacks. Here's a basic rundown:

**Encryption**:
* Combine the original message $M$ with a padding string $PS$ to create a data block $DB$.
* Generate a random seed.
* Apply two hash functions to the seed and $DB$ to create masked values.
* Combine the masked values to form the encoded message.

🔴The OAEP encoded message has two parts:
$ \text{masked seed} \ | \ \text{masked data block} $

**Decryption**:
* Split the encoded message back into the masked seed and masked data block.
* Reverse the hash functions to retrieve the original message.

##### Step 4: Encrypt each block

Each block is individually encrypted using the public key $ (e, n) $.

The encryption process follows the formula
$ C = M^e \mod n $

#### 3.2.2 Decryption


To decrypt and retrieve the original message $M$, use the formula:
$ M = C^d \mod n $. Refer to the section below🔴 for a mathematical proof explaining why this encryption and decryption process is effective.

### 3.3 Example of the Whole RSA Process

For demonstration purposes the chosen numbers will be small but bear in mind that in reality these two prime numbers should be substantially large.

**Step 1:** Choose two prime numbers $p$ and $q$:

$ p = 7, q = 11 $ 

**Step 2:** Calculate the product of $p$ and $q$:

$ \begin{align*}
n &= p * q  \\
  &= 7 * 11 \\
  &= 77      
\end{align*} $

**Step 3:** Calculate the totient of n: <br>

$ \begin{align*}
\varphi(n) &= (p - 1) * (q - 1)  \\
           &= (7 - 1) * (11 - 1) \\
           &= 6 * 10             \\
           &= 60                 
\end{align*} $ 

**Step 4:** Choose the Public Exponent:

Choose $e$ such that $1 < e < \varphi(n)$ and $gcd(e, \varphi(n)) = 1$.
Possible values of $e$: $7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 49, 53, 59$.

Let's choose $e = 53$.

**Step 5:** Determine the Private Exponent $d$ such that $ed \mod \varphi(n) = 1$.

Start with:
$ed \mod \varphi(n) = 1$

and replace the known variables: $53d \mod 60 = 1$.

Apply the Extended Euclidean Algorithm:

$ \begin{align*}
& 53d = 60x + 1       \\
& \Rightarrow 60x + 53d = 1    \\
& \Rightarrow 60 = 1(53) + (7) \\
& \Rightarrow 53 = 7(7) + (4)  \\
& \Rightarrow 7 = 1(4) + (3)   \\
& \Rightarrow 4 = 1(3) + (1)   \\
& \Rightarrow 3 = 3(1) + 0     
\end{align*} $ 

Now perform back substitution:

$ 1 = (4) - (3) $ 

Replace $(3)$:

$ \begin{align*}
1 &= (4) - [(7) - (4)] \\
  &= (4) - (7) + (4)   \\
  &= 2(4) - (7)
\end{align*} $

Replace $(4)$:

$ \begin{align*}
1 &= 2[(53) - 7(7)] - (7) \\
  &= 2(53) - 14(7) - (7)  \\
  &= 2(53) - 15(7)
\end{align*} $ 

Replace $(7)$:

$ \begin{align*}
1 &= 2(53) - 15[(60) - (53)] \\
  &= 2(53) - 15(60) + 15(53) \\
  &= 17(53) - 15(60)
\end{align*} $ 

Therefore, $d = 17$. And we can ignore the value of $x$ since it is not relevant for RSA (but in the name of completeness, it is $-15$)

🔴 Also add example of encrypting and decrypting

## 4 Mathematical Proof of RSA Correctness

RSA correctness means that given an original message, after encryption and subsequent decryption using RSA, we retrieve the same original message. Note that this is not a mathematical proof of the algorithm's security but of its data correctness. This is what we will prove in this section.

To do that let's summarize the variables used by the algorithm and their properties, as well as some mathematical theorems and laws that will be helpful in our proof.

### 4.1 Given RSA data


Let:

* $p, q$ are large prime numbers                 <span style="float: right;">(1)</span>
* $n = pq$                                       <span style="float: right;">(2)</span>
* The totient of $n$ $\varphi(n) = (p-1)(q-1)$   <span style="float: right;">(3)</span>
* The public exponent $e$ is such that: $1 < e < \varphi(n)$ and $gcd(e, \varphi(n)) = 1$
                                                 <span style="float: right;">(4)</span>
* The decryption exponent $d$ is the multiplicative inverse of $e$: $ed \mod (\varphi(n))=1$, equivalent to $ed \equiv 1 \pmod{\varphi (n)}$
                                                 <span style="float: right;">(5)</span>
* Encryption process: $M^e \equiv C \pmod n$     <span style="float: right;">(6)</span>
* Decryption process: $C^d \equiv M \pmod n$     <span style="float: right;">(7)</span>

### 4.2 Tools

**Properties of congruences in modular arithmetic**: 🍎**SOURCE**🍎 https://en.wikipedia.org/wiki/Modular_arithmetic

* Reflexivity: \
    $a \equiv a \pmod m $               <span style="float: right;">(8a)</span>
* Symmetry:\
  If $a \equiv b \pmod m$, \
  then $ b \equiv a \pmod m $ <span style="float: right;">(8b)</span>
* Compatibility with exponentiation: \
  If $ a \equiv b \pmod m$, \
  then $a^k \equiv b^k \pmod m$ \
  where $x \in \mathbb{Z}_{\geq 0}$      

**Fermat's Little Theorem** 🍎**SOURCE**🍎 https://en.wikipedia.org/wiki/Fermat%27s_little_theorem

If $p$ is prime \
and $a \in \mathbb{Z}$, \
then: $ a^p \equiv a \pmod{p} $

and it's special case \
if $gcd(a, p) = 1$ \
then $a^{p-1} \equiv 1 \pmod p$ <span style="float: right;">(8c)</span>


**Chinese Remainder Theorem** 🍎**SOURCE**🍎 https://crypto.stanford.edu/pbc/notes/numbertheory/crt.html

Let $p, q$ be coprime. Then the system of equations

$ x = a \pmod p $\
$ x = b \pmod q $

has a unique solution for $x$ modulo $pq$. <span style="float: right;">(10)</span>

### 4.3 Proof

Starting with the encryption formula from (6): \
$M^e \equiv C \pmod n$

if we apply some modular arithmetic rules (8b) and (8c) we get: \
$M^{ed} \equiv C^d \equiv M \pmod n$     <span style="float: right;">(11)</span>

So let's prove that claim \
$M^{ed} \equiv M \pmod n$.

First, as an aside, if we consider the product of $e$ and $d$ that was defined in (5) as \
$ed \equiv 1 \pmod{\varphi (n)}$,

this essentially means that $ed$ divided by $\varphi(n)$ gives a remainder of 1, or in other words,\
$ed = 1 + k(\varphi(n)$ for $k \in \mathbb{Z}$ \
$\Rightarrow$ from (3): $ed = 1 + k(p-1)(q-1)$         <span style="float: right;">(12)</span>

Going back to the main thought, if we take $ed$ from (12) and replace it in (11) we get:\
$M^{ed} \equiv M^{1+k(p-1)(q-1)} $ \
$ \Rightarrow M^{ed} \equiv M^1 M^{k(p-1)(q-1)}$      <span style="float: right;">(13)</span> 

We can apply the special case of Fermat's Little Theorem (9) to get \
$M^{ed} \equiv M^{1}M^{k(q-1)} \equiv M \pmod p$ \
$ \Rightarrow M^{ed} \equiv M \pmod p$                <span style="float: right;">(14)</span>

We can do the analogical calculation but doing it for $\pmod q$:\
$M^{ed} \equiv M^{1}M^{k(p-1)(q-1)} $ \
$ \Rightarrow M^{ed} \equiv M^{1}M^{k(p-1)} \equiv M \pmod q $ \
$ \Rightarrow M^{ed} \equiv M \pmod p $               <span style="float: right;">(15)</span>

So from (14) and (15) we know, that $M^{ed}$ is a solution to the system of congruences \
$ X \equiv M \pmod p $ \
$ X \equiv M \pmod q $

Also, according to the reflexivity property of congruences in modular arithmetic (8a) we know that \
$ M \equiv M \pmod p $                               <span style="float: right;">(16)</span>

From the Chinese Remainder Theorem, we know that a system of congruences where the moduli are coprime the solutions to this system are unique modulo the product of the primes. In other words, from (14), (15) and (16): \
$ M^{ed} \equiv M \pmod n $

Which was exactly what we wanted to prove.

## 5 Implementing the RSA Algorithm In Python

Now let's see how the theoretical principles are applied in practice by demonstrating the RSA algorithm's key generation, encryption and decryption processes.

As with the mathematical example, we will start with small numbers in order to let our brains grasp the algorithm itself, because the brain cannot deal with large numbers.

## 6 Real-World Applications: Discuss real-world applications of RSA