Welcome to this Jupyter notebook on RSA encryption (minus the jargons)! This notebook is a combination of code descriptions and the actual code. You can execute each section by selecting and clicking "RUN" in each section or just go to "CELL" from the top-level menu and select "RUN ALL" 

Recommend you go along with any RSA examples such as that on Wikipedia: https://simple.wikipedia.org/wiki/RSA_algorithm

Some standard python libraries that we will use

In [10]:
import random
import math

The below function "modinverse" returns the modular multiplicative inverse given numbers e and phi. 

Do you know modulo arithmetic? If yes, you can skip this section. If not, read on!

You have definitely seen an analog clock. An analog clock is an example of numbers wrapping around after 12. After 12, the next number 13 is represented as 1, 14 as 2 and so on. In modulo maths, we can denote, 15 as congruent to 3 (modulo 12). In the same note, 27 is also conngruent to 3 (modulo 12). So, 3, 15, 27, 39 are all the same thing (modulo 12).

You have probably heard of the inverse of a number. The inverse of a number n is (1/n), which is the number you need to multiply n with to get 1. But, there is another inverse we are interested here, called the modular multiplicative inverse. 

Let's first look at an example, For modulo 20, (which is another way of saying there is no number 21), 3 is a modular multiplicative inverse of 7. This is because 3 multiplied by 7 yeilds 21, which is 1 (modulo 20). Another example, 3 is a modular multiplicative inverse of 5 (modulo 7). Because 3 multiplied by 5 is 15 which is 1 mod (7).

A modular inverse of an integer number a is an integer x such that the product ax is congruent to 1 with respect to modulus m. So, in simple words its the number to which you need to multiply to get a remainder 1 in modulo arithmetic. 

In [11]:
def modinverse(e, phi):
    e = e % phi
    for x in range(1, phi):
        if ((e * x) % phi == 1):
            return x
    return 1

(optional) side-step: Test out your idea of multiplicative inverses below!

In [39]:
print(modinverse(9, 20))

9


The first step is to choose two prime numbers p & q. You can feed your primes below if you like.

In [40]:
p = 23
q = 29

We will then compute the product of the two primes. We call this product n, also known as the public modulus.

In [41]:
n = p * q

The next step is to compute (p-1) * (q-1). We call this phi.

In [42]:
phi = (p-1) * (q-1)
print("Computed n = {} and phi = {}".format(n, phi))

Computed n = 667 and phi = 616


Next, we need to choose a public exponent. A public exponent is an integer e which is less than phi, and greater than 1. Another condition is e and phi shouldnt have any common factors other than 1.

Mathematically, the greatest common divisor, gcd, of e and phi should be 1, another way to say e should be co-prime to phi. 

e is known as the public exponent. Its public meaning it is not kept a secret.

Try re-running the below section and note that e can be different each time!

In [20]:
e = random.randrange(1,phi)
while (math.gcd(e,phi) != 1):
    e = random.randrange(1,phi)
print("Computed value of e is", e)

Computed value of e is 39


If you want to choose your own e, do so below:

In [21]:
e = e

We now have to calculate the modular multiplicative inverse of e (modulo phi) and we will call it d. 

As mentioned before, e * d should yeild 1 (modulo phi) for it to be a modular multiplicative inverse

In [22]:
d = modinverse(e, phi)
print("Computed value of d is", d)

Computed value of d is 119


We are ready to generate our keys!

The RSA Public key consists of 
    (1) n, which is the product of two primes also known as the modulus, and 
    (2) e, the public exponent. 

In typical practice, the exponent is chosen as one of 3, 5, 17, 257, 65537. It doesn't need to be, but is often chosen so because they make the exponentiation process faster. 

You can check these out in any website's certificate.

In [176]:
print("Computed Public Key in format n, e is ({}, {})".format(n, e))

Computed Public Key in format n, e is (33, 17)


The RSA Private key consists of 
    (1) p, q, the actual two primes 
    (2) d, the private exponent

It is possible to derive the public key from the private key because both the value of n and e can be derived from it.

In [177]:
print("Computed Private Key in format d, p, q is ({}, {}, {})".format(d, p, q))

Computed Private Key in format d, p, q is (13, 11, 3)


Now for the fun part!

Lets assign a number as message. This is a simple use case, and in real world, there would be padding to deter certain attacks. Make sure to choose a message smaller than n!

Try using message as 0 or 1. What happens? Also what happens when the message is n-1 or n? When its bigger? Does this still work? Why not?

In [178]:
message = 7

In [179]:
print ("The input message is ", message)

The input message is  7


We are ready to encrypt!

The encryption operation to calculate ciphertext is

c = m ^ e (mod n) 

where c is the ciphertext, m is the message, e is the public exponent, and n is the product of primes.

In [180]:
encrypted = (message ** e) % n
print ("The ciphertext generated is ", encrypted)

The ciphertext generated is  28


We are ready to now decrypt our generated ciphertext!

The decryption operation is very similar to encryption, as

p = c ^ d mod (p * q). 

where p is the plaintext, c is the ciphertext, d is the private exponent, and p and q are the primes.

In [181]:
plaintext = (encrypted ** d) % (p * q)
print ("The plaintext is ", plaintext)

The plaintext is  7


If you see the plaintext generated is the same as that of the original message, you are successful. 

Footnote: The RSA used in the above example is for demo purposes only and should not be used in any real world scenarios. RSA without padding is very insecure. Because RSA is slow, RSA is seldom used to encrypt the actual messages; rather, a random symmetric key is generated, and the key itself is encrypted using RSA, and the actual message is encrypted using the symmetric key such as AES.