# **RSA Algorithm**

There are four steps when using RSA algorithm: keys generation, public key distribution, ciphering and deciphering.

The fundamental of RSA are three big positive an integer numbers, usually called "e", "d" and "n". The strength of RSA algorithm is the difficulty  of factoring the number "n" to obtain "e" and "d". 

## **Keys generation**

To create the key pair, choose two prime numbers similars in magnitude but with little difference in quantity of digits to make factoring a hard task.

In example bellow we are using small numbers to reduce tutorial complexity, because we are interested in understanding the logic.

In [2]:
p = 379
q = 487

Next multiply these numbers to calculate "n". This number will be used as modulo to define the public and private keys.

In [3]:
n = p * q

print(n)

184573


Now we need to calculte Phi. As "p" and "q" are prime numbers the Phi is defined as multiplication of p-1 and q-1

In [4]:
phi_of_n = (p - 1) * (q - 1)

print(phi_of_n)

183708


Now let´s import some python functions...

First line imports the gcd function, which returns the greatest common divisor of two numbers. This function will be used to generate the private key.

The random function is used to generate a random number

In [5]:
from math import gcd
import random

Bellow we define the function to create the encrypton key. This key will be used to generate the private key

In [6]:
def get_encryption_key(n, phi_of_n):
    lst = [i for i in range(1, n+1)]
    e_list = []
    for i in lst:
        if (1 < i) and (i < phi_of_n):
            gcd_value = gcd(i, n)
            gcd_phi = gcd(i, phi_of_n)
            if (gcd_value == 1) and (gcd_phi == 1):
                e_list.append(i)
    if len(e_list) == 1:
        return e_list[0]
    else:
        return e_list[random.randint(1, len(e_list)-1)] 

This other function creates the decryption key, used to derive the public key

In [7]:
def get_decryption_key(e, phi_of_n):
    d_list = []
    for i in range(e * 25):
        if (e * i) % phi_of_n == 1:
            d_list.append(i)
    return d_list[random.randint(1, len(d_list) - 1)]

The code bellow uses these function to create the private and the public keys:

In [8]:
e = get_encryption_key(n, phi_of_n)
d = get_decryption_key(e, phi_of_n)

# avoid colision
while d == e:
    d = get_decryption_key(e, phi_of_n)

public_key = [e, n]
private_key = [d, n]

print(public_key)
print(private_key)

[25721, 184573]
[404549, 184573]


## **Public key distribution**

Ideally the private key is created using HSM (Hardware Security Module) devices that don´t allow key extractionis and this key is never transmitted. When is necessary to transmit the private key, we need to use a security channel

## **Message ciphering**

First let´s define a function to return ASCII values from message characters:


In [11]:
import string
def text_to_digits(PT):
    pool = string.ascii_letters + string.punctuation + " "
    M = []
    for i in PT:
        M.append(pool.index(i))
    return M

And define a function to cipher the message using our public key:

In [9]:
def encrypt(M, chave_publica):
    return [(i ** public_key[0]) % public_key[1] for i in M]

Final step is to cipher the message using these functions

In [12]:
message = "My test"
ascii_message = text_to_digits(message)

cipher_message = encrypt(ascii_message, public_key)
print(cipher_message)

[7087, 63911, 146858, 80521, 166056, 29574, 80521]


## **Message deciphering**

Similar to message ciphering, let´s define a function to return character from an ASCII value

In [13]:
def digits_to_text(DT):
    pool = string.ascii_letters + string.punctuation + " "
    msg = ''
    for i in DT:
        msg += pool[i]
    return msg

Now we define a function to decipher the message using private key:

In [14]:
def decrypt(CT, private_key):
    return [((i ** private_key[0]) % private_key[1]) for i in CT]

Final step is to use these functions to decipher the message:

In [15]:
ascii_decipher_message = decrypt(cipher_message, private_key) 
original_message = original_PT = digits_to_text(ascii_decipher_message)

print(original_message)

My test


We finished our example of RSA algorithm, generating key pair, ciphering and deciphering one message using these keys.

# **Shor´s algorithm**

Shor´s algorithm is a quantum computing algorithm capable of factoring an integer number, which is finding two numbers used in a multiplication to generate a third one.

This is the reverse path of RSA algorithm, which uses two prime numbers to generate the number "n". This number "n" is the base of this algorithm.

In the previous section we could understand that we need this number "n" to cipher and decipher messages. In other words, this number is known by all parts involved in message transmission.

In theory, to break the RSA encryption we need the number "n", a quantum computer with enough capacity to execute Shor´s algorithm  and the ciphered message.

In the beginning  of RSA section we defined the number "n". We will use Shor´s algorithm to calculate the factos of this number, which are the numbers needed to generate the public and private keys.

Shor´s algorithm is explained in diverse materials about quantum computing. In references section of this notebook you can find links explaning this algorithm.

Let´s use Cirq on Google Colab to show how to use Shor´s algorithm to obtain  numbers "p" and "q" that we defined in the beginning of RSA section to create the key pair.

Functions used on this tutorial are provided in Cirq documentation about Shor´s algorithm. We provide the link with detailed explanation in references sections.

First let´s import necessary functions and install Cirq on Google Colab:

In [16]:
import fractions
import math
import random

import numpy as np
import sympy
from typing import Callable, Iterable, List, Optional, Sequence, Union

try:
    import cirq
except ImportError:
    print("installing cirq...")
    !pip install --quiet cirq
    print("installed cirq.")
    import cirq

installing cirq...
[K     |████████████████████████████████| 66 kB 2.6 MB/s 
[K     |████████████████████████████████| 594 kB 36.3 MB/s 
[K     |████████████████████████████████| 576 kB 37.4 MB/s 
[K     |████████████████████████████████| 1.8 MB 34.0 MB/s 
[K     |████████████████████████████████| 57 kB 4.4 MB/s 
[K     |████████████████████████████████| 47 kB 3.7 MB/s 
[K     |████████████████████████████████| 221 kB 52.0 MB/s 
[K     |████████████████████████████████| 1.0 MB 34.1 MB/s 
[K     |████████████████████████████████| 147 kB 52.5 MB/s 
[K     |████████████████████████████████| 229 kB 49.8 MB/s 
[K     |████████████████████████████████| 44 kB 2.2 MB/s 
[K     |████████████████████████████████| 65 kB 3.1 MB/s 
[K     |████████████████████████████████| 49 kB 5.3 MB/s 
[K     |████████████████████████████████| 52 kB 1.3 MB/s 
[K     |████████████████████████████████| 53 kB 1.9 MB/s 
[K     |████████████████████████████████| 243 kB 41.3 MB/s 
[K     |████████████

Cirq doesn´t have yeat a function that implements Shor´s algorithm (or I unnable to find it). We will implement all necessary steps.

Factoring a integer number can be seen as finding the period of modulo from a division of an exponential function by the number we want to factor. Obtaining this modulo we can calculate factors of "n" with high probability.

First, let´s define a function using traditional computing to calculate the smallest positive exponent of a function which division by the number we want to factor is 1.

In [17]:
"""Function for classically computing the order of an element of Z_n."""
def classical_order_finder(x: int, n: int) -> Optional[int]:
    """Computes smallest positive r such that x**r mod n == 1.

    Args:
        x: Integer whose order is to be computed, must be greater than one
           and belong to the multiplicative group of integers modulo n (which
           consists of positive integers relatively prime to n),
        n: Modulus of the multiplicative group.

    Returns:
        Smallest positive integer r such that x**r == 1 mod n.
        Always succeeds (and hence never returns None).

    Raises:
        ValueError when x is 1 or not an element of the multiplicative
        group of integers modulo n.
    """
    # Make sure x is both valid and in Z_n.
    if x < 2 or x >= n or math.gcd(x, n) > 1:
        raise ValueError(f"Invalid x={x} for modulus n={n}.")

    # Determine the order.
    r, y = 1, x
    while y != 1:
        y = (x * y) % n
        r += 1
    return r

Before defining the quantum circuit, we will define a function to receive the result and interpret it

In [18]:
def process_measurement(result: cirq.Result, x: int, n: int) -> Optional[int]:
    """Interprets the output of the order finding circuit.

    Specifically, it determines s/r such that exp(2πis/r) is an eigenvalue
    of the unitary

        U|y⟩ = |xy mod n⟩  0 <= y < n
        U|y⟩ = |y⟩         n <= y

    then computes r (by continued fractions) if possible, and returns it.

    Args:
        result: result obtained by sampling the output of the
            circuit built by make_order_finding_circuit

    Returns:
        r, the order of x modulo n or None.
    """
    # Read the output integer of the exponent register.
    exponent_as_integer = result.data["exponent"][0]
    exponent_num_bits = result.measurements["exponent"].shape[1]
    eigenphase = float(exponent_as_integer / 2**exponent_num_bits)

    # Run the continued fractions algorithm to determine f = s / r.
    f = fractions.Fraction.from_float(eigenphase).limit_denominator(n)

    # If the numerator is zero, the order finder failed.
    if f.numerator == 0:
        return None

    # Else, return the denominator if it is valid.
    r = f.denominator
    if x**r % n != 1:
        return None
    return r


We have to define two more functions.

First one creates the quantum circuit to calculate the exponential function.

Second function uses the result of this exponential function and functions defined previously to calculate the mod of the exponential function by the number "n"

In [19]:
"""Function to make the quantum circuit for order finding."""
def make_order_finding_circuit(x: int, n: int) -> cirq.Circuit:
    """Returns quantum circuit which computes the order of x modulo n.

    The circuit uses Quantum Phase Estimation to compute an eigenvalue of
    the following unitary:

        U|y⟩ = |y * x mod n⟩      0 <= y < n
        U|y⟩ = |y⟩                n <= y

    Args:
        x: positive integer whose order modulo n is to be found
        n: modulus relative to which the order of x is to be found

    Returns:
        Quantum circuit for finding the order of x modulo n
    """
    L = n.bit_length()
    target = cirq.LineQubit.range(L)
    exponent = cirq.LineQubit.range(L, 3 * L + 3)

    # Create a ModularExp gate sized for these registers.
    mod_exp = ModularExp([2] * L, [2] * (2 * L + 3), x, n)

    return cirq.Circuit(
        cirq.X(target[L - 1]),
        cirq.H.on_each(*exponent),
        mod_exp.on(*target, *exponent),
        cirq.qft(*exponent, inverse=True),
        cirq.measure(*exponent, key='exponent'),
    )

def quantum_order_finder(x: int, n: int) -> Optional[int]:
    """Computes smallest positive r such that x**r mod n == 1.

    Args:
        x: integer whose order is to be computed, must be greater than one
           and belong to the multiplicative group of integers modulo n (which
           consists of positive integers relatively prime to n),
        n: modulus of the multiplicative group.
    """
    # Check that the integer x is a valid element of the multiplicative group
    # modulo n.
    if x < 2 or n <= x or math.gcd(x, n) > 1:
        raise ValueError(f'Invalid x={x} for modulus n={n}.')

    # Create the order finding circuit.
    circuit = make_order_finding_circuit(x, n)

    # Sample from the order finding circuit.
    measurement = cirq.sample(circuit)

    # Return the processed measurement result.
    return process_measurement(measurement, x, n)

Next step is to define a function to uses the quantum factorization function with some checks before and after it.

In [20]:
"""Functions for factoring from start to finish."""
def find_factor_of_prime_power(n: int) -> Optional[int]:
    """Returns non-trivial factor of n if n is a prime power, else None."""
    for k in range(2, math.floor(math.log2(n)) + 1):
        c = math.pow(n, 1 / k)
        c1 = math.floor(c)
        if c1**k == n:
            return c1
        c2 = math.ceil(c)
        if c2**k == n:
            return c2
    return None


def find_factor(
    n: int,
    order_finder: Callable[[int, int], Optional[int]] = quantum_order_finder,
    max_attempts: int = 30
) -> Optional[int]:
    """Returns a non-trivial factor of composite integer n.

    Args:
        n: Integer to factor.
        order_finder: Function for finding the order of elements of the
            multiplicative group of integers modulo n.
        max_attempts: number of random x's to try, also an upper limit
            on the number of order_finder invocations.

    Returns:
        Non-trivial factor of n or None if no such factor was found.
        Factor k of n is trivial if it is 1 or n.
    """
    # If the number is prime, there are no non-trivial factors.
    if sympy.isprime(n):
        print("n is prime!")
        return None

    # If the number is even, two is a non-trivial factor.
    if n % 2 == 0:
        return 2

    # If n is a prime power, we can find a non-trivial factor efficiently.
    c = find_factor_of_prime_power(n)
    if c is not None:
        return c

    for _ in range(max_attempts):
        # Choose a random number between 2 and n - 1.
        x = random.randint(2, n - 1)

        # Most likely x and n will be relatively prime.
        c = math.gcd(x, n)

        # If x and n are not relatively prime, we got lucky and found
        # a non-trivial factor.
        if 1 < c < n:
            return c

        # Compute the order r of x modulo n using the order finder.
        r = order_finder(x, n)

        # If the order finder failed, try again.
        if r is None:
            continue

        # If the order r is even, try again.
        if r % 2 != 0:
            continue

        # Compute the non-trivial factor.
        y = x**(r // 2) % n
        assert 1 < y < n
        c = math.gcd(y - 1, n)
        if 1 < c < n:
            return c

    print(f"Failed to find a non-trivial factor in {max_attempts} attempts.")
    return None

Finally we can use functions defined to factor the number "n" obtaining its factors.

In [21]:
# Attempt to find a factor
p = find_factor(n, order_finder=classical_order_finder)
q = n // p


print("Factoring n = pq =", n)
print("p =", p)
print("q =", q)

Factoring n = pq = 184573
p = 379
q = 487


We conclude this section with a practical example of Shor´s algorithm factoring number "n" of RSA algorithm.

With factos of "n" is possible to recreate the private and public keys used to cipher messages in a specific context. However, at the moment, there is no quantum computer with enough capacity to factor a real "n" in real world operations of communication or storage.

## **Post quantum cryptography**

What happen when quantum computers achieve enough capacity to break traditional algorithms? 

There under development post quantum cryptography algorithms resistant to quantum computers attacks. Recently NIST published the first list of these algorithms, there are some links about the subject in references section.

In future we should see these algorithms being used to cipher our data in communications and data storage. However, we should remember to change cipher of data at rest, like backups, from traditional algorithms to post quantum algorithms to avoid this kind of attack.

But this a topic for another text…


# **References**
RSA algorithm: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

RSA algorithm implementation: https://www.codespeedy.com/rsa-algorithm-an-asymmetric-key-encryption-in-python/#:~:text=RSA%20Algorithm%20working%20example&text=Compute%20totient%20%3D%20

Shor´s algorithm: https://en.wikipedia.org/wiki/Shor%27s_algorithm

Shor´s algorithm explanied: https://quantumai.google/cirq/experiments/shor

Google Cirq documentation: https://quantumai.google/cirq

Google Colab homepage: https://colab.research.google.com/?utm_source=scs-index

Post quantum cryptographic links:

https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms

https://www.inovacaotecnologica.com.br/noticias/noticia.php?artigo=selecionados-algoritmos-criptografia-resistentes-computadores-quanticos&id=010150220708#.YtYdgKTQ9zB

https://thequantuminsider.com/2022/07/11/crypto-quantique-announces-first-post-quantum-computing-iot-security-platform-compliant-with-new-nist-standards/