Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
31 changed files
with
1,593 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,17 @@ | |||
| # why-RSA-works/README | |||
| # Copyright 2012 Peter Franusic. | |||
| # All rights reserved. | |||
| # | |||
|
|
|||
| This directory contains LaTeX source files for an article titled "Why RSA Works". | |||
| The article describes the math behind the RSA algorithm. | |||
| The makefile script assumes that the pdflatex program is installed. | |||
|
|
|||
| To generate a PDF of the article: | |||
|
|
|||
| $ make why-RSA-works.pdf | |||
|
|
|||
| To generate a tarfile of the sources: | |||
|
|
|||
| $ make why-RSA-works.tar | |||
|
|
|||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,85 @@ | |||
| %%%% why-RSA-works/block-diagram.tex | |||
| %%%% Copyright 2012 Peter Franusic. | |||
| %%%% All rights reserved. | |||
| %%%% | |||
| %% | |||
| %% 2 3 4 5 6 7 | |||
| %% 6789012345678901234567890123456789012345678901234567890123456 | |||
| %% Alice's Alice's | |||
| %% public key private key | |||
| %% {---------} {---------} | |||
| %% n e n d | |||
| %% | | | | | |||
| %% | | | | | |||
| %% | | | | | |||
| %% +-------------+ +-------------+ | |||
| %% m | | c | | y | |||
| %% --------| m # x |--------| m # x' |-------- | |||
| %% | | | | | |||
| %% +-------------+ +-------------+ | |||
| %% | |||
| %% An RSA cryptosystem | |||
|
|
|||
| % graphic macro definitions | |||
|
|
|||
| \setlength{\unitlength}{0.05in} % for pictures | |||
| \newsavebox{\bigblock} | |||
| \savebox{\bigblock}(16,12)[bl]{ | |||
| \put( 0, 0){\line(1,0){16}} | |||
| \put( 0, 12){\line(1,0){16}} | |||
| \put( 0, 0){\line(0,1){12}} | |||
| \put(16, 0){\line(0,1){12}}} | |||
| \newsavebox{\smallblock} | |||
| \savebox{\smallblock}(9,12)[bl]{ | |||
| \put( 0, 0){\line(1,0){ 9}} | |||
| \put( 0, 12){\line(1,0){ 9}} | |||
| \put( 0, 0){\line(0,1){12}} | |||
| \put( 9, 0){\line(0,1){12}}} | |||
|
|
|||
| % The block diagram | |||
| \begin{picture}(90,45)(0,0) | |||
| % Box around picture | |||
| %\put( 0.0, 0.0){\line(1,0){90}} | |||
| %\put( 0.0, 42.0){\line(1,0){90}} | |||
| %\put( 0.0, 0.0){\line(0,1){42}} | |||
| %\put( 90.0, 0.0){\line(0,1){42}} | |||
| % Transmitter | |||
| \put( 18.0, 37.0){\textsf{Alice's}} | |||
| \put( 16.2, 34.0){\textsf{public key}} | |||
| \put( 16.8, 28.0){$\overbrace{\phantom{XXXX}}$} | |||
| \put( 14.0, 11.0){\usebox{\bigblock}} | |||
| \put( 18.0, 16.5){\large{\texttt{modex}}} | |||
| \put( 8.0, 18.0){$m$} | |||
| \put( 6.0, 17.0){\vector(1,0){8}} | |||
| \put( 17.3, 27.0){$n$} | |||
| \put( 18.0, 26.0){\vector(0,-1){3}} | |||
| \put( 25.3, 27.0){$e$} | |||
| \put( 26.0, 26.0){\vector(0,-1){3}} | |||
| \put( 33.5, 18.0){$c$} | |||
| \put( 15.5, 7.0){\textsf{transmitter}} | |||
| \put( 18.8, 4.0){\textsf{(Bob)}} | |||
| % Channel | |||
| \put( 30.0, 17.0){\vector(1,0){28}} | |||
| \put( 39.0, 37.0){\textsf{insecure}} | |||
| \put( 39.0, 34.0){\textsf{channel}} | |||
| \put( 36.4, 28.0){$\overbrace{\phantom{XXXXXX}}$} | |||
| \put( 44.0, 17.0){\circle{2}} | |||
| \put( 44.0, 16.0){\line(0,-1){5.5}} | |||
| \put( 40.5, 7.0){\textsf{sniffer}} | |||
| \put( 41.0, 4.0){\textsf{(Eve)}} | |||
| % Receiver | |||
| \put( 62.0, 37.0){\textsf{Alice's}} | |||
| \put( 59.7, 34.0){\textsf{private key}} | |||
| \put( 60.8, 28.0){$\overbrace{\phantom{XXXX}}$} | |||
| \put( 58.0, 11.0){\usebox{\bigblock}} | |||
| \put( 62.0, 16.5){\large{\texttt{modex}}} | |||
| \put( 53.0, 18.0){$c$} | |||
| \put( 61.3, 27.0){$n$} | |||
| \put( 62.0, 26.0){\vector(0,-1){3}} | |||
| \put( 69.3, 27.0){$d$} | |||
| \put( 70.0, 26.0){\vector(0,-1){3}} | |||
| \put( 76.5, 18.0){$y$} | |||
| \put( 74.0, 17.0){\vector(1,0){8}} | |||
| \put( 62.0, 7.0){\textsf{receiver}} | |||
| \put( 62.5, 4.0){\textsf{(Alice)}} | |||
| \end{picture} | |||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,30 @@ | |||
| %%%% why-RSA-works/conclusions.tex | |||
| %%%% Copyright 2012 Peter Franusic. | |||
| %%%% All rights reserved. | |||
| %%%% | |||
|
|
|||
| So why does RSA work? | |||
| Why is it that we can take some message $m$, | |||
| run it through two modex operations, and come out with the same $m$? | |||
| There are several reasons. | |||
| First of all, RSA computations are done in a commutative ring | |||
| and the multiplicative association property holds in commutative rings. | |||
| This property tells us that | |||
| the two exponentiations $(m^e)^d$ are the same as the one exponentiation $m^{ed}$. | |||
|
|
|||
| A second reason is that exponents $e$ and $d$ are chosen | |||
| such that they satisfy the multiples-plus-one condition $ed = k\lambda + 1$. | |||
| This insures that $ed$ is one of the identity columns | |||
| in the exponential table of ring $\mathcal{R}_n$. | |||
|
|
|||
| A third reason is that the exponential table contains | |||
| repeating blocks of columns where $m^a=m^{k\lambda+a}$. | |||
| This is the wallpaper pattern that we saw in Table \ref{modex-33}. | |||
| This pattern is the reason for the multiples-plus-one condition. | |||
|
|
|||
| Finally, RSA works because it relies on the intractability of the factoring problem. | |||
| A huge RSA modulus $n$ cannot be factored expeditiously. | |||
| Given that $n$ is the product of two distinct huge random primes, | |||
| it is virtually impossible to factor $n$ in any reasonable amount of time, | |||
| even if the factoring effort is distributed across thousands of computers. | |||
|
|
|||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,56 @@ | |||
| %%%% why-RSA-works/exponent-arithmetic.tex | |||
| %%%% Copyright 2012 Peter Franusic. | |||
| %%%% All rights reserved. | |||
| %%%% | |||
|
|
|||
| RSA uses exponential notation in the ring $\mathcal{R}_n$. | |||
| Exponential notation is simply a mathematical shorthand for writing | |||
| a series of multiplications using the $\otimes$ operator. | |||
| The multiplicative association property allows us to derive | |||
| two rules for doing arithmetic with exponents. | |||
|
|
|||
| Consider the set of three equations below. | |||
| The left side of the first equation is the expression $m^2 \otimes m^3$. | |||
| We can replace the $m^2$ with $(m \otimes m)$. | |||
| We can also replace the $m^3$ with $(m \otimes m \otimes m)$. | |||
| The right side of the first equation shows this. | |||
| The multiplicative association property says that we can | |||
| ignore the parentheses and simply count the number of $m$'s that are multiplied. | |||
| There are 5 and we show this in the second equation. | |||
| Note that 5 is the sum of 2 plus 3. | |||
| So instead of expanding the expression $m^2 \otimes m^3$ | |||
| we can simply add 2 and 3, as shown in the third equation. | |||
| \begin{eqnarray*} | |||
| m^2 \otimes m^3 &=& (m \otimes m) \otimes (m \otimes m \otimes m) \\ | |||
| &=& m^5 \\ | |||
| &=& m^{2 + 3} | |||
| \end{eqnarray*} | |||
|
|
|||
| \paragraph{Exponent addition rule:} In general, when we have an expression of the form | |||
| $m^e \otimes m^d$ in the ring $\mathcal{R}_n$ we can simply add the exponents. | |||
| \[ m^e \otimes m^d = m^{e + d} \] | |||
|
|
|||
| Consider the set of four equations below. | |||
| The left side of the first equation is the expression $(m^2)^3$. | |||
| This means three copies of $m^2$ are multiplied using the $\otimes$ operator. | |||
| The right side of the first equation shows this. | |||
| In the second equation, we replace each $m^2$ with $(m \otimes m)$. | |||
| The multiplicative association property says that we can | |||
| ignore the parentheses and simply count the number of $m$'s that are multiplied. | |||
| There are 6 and we show this in the third equation. | |||
| Note that 6 is the product of 2 times 3. | |||
| Instead of expanding the expression $(m^2)^3$ | |||
| we can simply multiply 2 and 3, as shown in the fourth equation. | |||
| \begin{eqnarray*} | |||
| (m^2)^3 &=& m^2 \otimes m^2 \otimes m^2 \\ | |||
| &=& (m \otimes m) \otimes (m \otimes m) \otimes (m \otimes m) \\ | |||
| &=& m^6 \\ | |||
| &=& m^{2 \times 3} | |||
| \end{eqnarray*} | |||
|
|
|||
| \paragraph{Exponent multiplication rule:} In general, when we have an expression of the form | |||
| $(m^e)^d$ in the ring $\mathcal{R}_n$ we can simply multiply the exponents. | |||
| \begin{equation} \label{eq:expo-mult} | |||
| (m^e)^d = m^{ed} | |||
| \end{equation} | |||
|
|
|||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,49 @@ | |||
| %%%% why-RSA-works/exponential-notation.tex | |||
| %%%% Copyright 2012 Peter Franusic. | |||
| %%%% All rights reserved. | |||
| %%%% | |||
|
|
|||
| Let's say we're given three elements $a,b,c$ which are members of the set $Z_n$. | |||
| We're also given the expression $a \otimes b \otimes c$. | |||
| The question is this: How do we compute this expression? | |||
| Do we first multiply $a$ and $b$ and then multiply $c$? | |||
| Or do we multiply $b$ and $c$ and then multiply $a$? | |||
| The answer is that either way is correct. | |||
| It doesn't matter what order we multiply the elements. | |||
| This is because the ring $\mathcal{R}_n$ has the property of \emph{multiplicative association}. | |||
| The multiplicative association property says that | |||
| when we have a series of $\otimes$ operations, | |||
| we can do the operations in whatever order we want. | |||
| The answer will be the same. | |||
| \begin{eqnarray*} | |||
| a \otimes b \otimes c &=& (a \otimes b) \otimes c \\ | |||
| &=& a \otimes (b \otimes c) | |||
| \end{eqnarray*} | |||
|
|
|||
| The modex function is represented mathematically using \emph{exponential notation}. | |||
| Exponential notation is an efficient way to describe a series of multiplications of the same value. | |||
| For example, the value $m$ can be multiplied by itself any number of times. | |||
| We use exponential notation to describe this. | |||
| Remember that it doesn't matter in what order the $m$'s are multiplied together. | |||
| \begin{eqnarray*} | |||
| \overbrace{m}^1 &=& m^1 \\ | |||
| \overbrace{m \otimes m}^2 &=& m^2 \\ | |||
| \overbrace{m \otimes m \otimes m}^3 &=& m^3 \\ | |||
| \overbrace{m \otimes m \otimes m \otimes m}^4 &=& m^4 \\ | |||
| &\vdots& | |||
| \end{eqnarray*} | |||
|
|
|||
| RSA uses the exponential notation $m^e$. | |||
| The value $m$ is the \emph{message} integer. | |||
| The value $e$ is the \emph{encryptor} exponent. | |||
| The exponential notation $m^e$ means that $e$ copies of $m$ are multiplied together | |||
| using the $\otimes$ operator in the ring $\mathcal{R}_n$. | |||
| \[ m^e \quad = \quad \overbrace{m \otimes m \otimes m \, \cdots \otimes m \otimes m}^e \] | |||
|
|
|||
| RSA also uses the exponential notation $c^d$. | |||
| The value $c$ is the \emph{ciphertext} integer. | |||
| The value $d$ is the \emph{decryptor} exponent. | |||
| The exponential notation $c^d$ means that $d$ copies of $c$ are multiplied together | |||
| using the $\otimes$ operator in the ring $\mathcal{R}_n$. | |||
| \[ c^d \quad = \quad \overbrace{c \otimes c \otimes c \, \cdots \otimes c \otimes c}^d \] | |||
|
|
|||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,46 @@ | |||
| %%%% why-RSA-works/exponential-tables.tex | |||
| %%%% Copyright 2012 Peter Franusic. | |||
| %%%% All rights reserved. | |||
| %%%% | |||
|
|
|||
| %% Define an exponential product and give an example. | |||
| We now take a closer look at exponential products $m^a$ in the ring $\mathcal{R}_n$. | |||
| When $n$ is very small we can compute exponential products by hand. | |||
| As an example we compute $7^3$ in the ring $\mathcal{R}_{15}$ using Table \ref{otimes-15}. | |||
| \[ 7^3 \quad = \quad 7 \otimes 7 \otimes 7 \quad = \quad (7 \otimes 7) \otimes 7 \quad | |||
| = \quad 4 \otimes 7 \quad = \quad 13 \] | |||
|
|
|||
| %% Define an exponential table and give an example. | |||
| We can go on to calculate the exponential product | |||
| of each pair of elements in $Z_{15}$ and put them all in a table. | |||
| Table \ref{modex-15} specifies the exponential products $m^a$ in the ring $\mathcal{R}_{15}$. | |||
| The product of $7^3$ is at the intersection of row 7 and column 3. | |||
| \vspace{2ex} | |||
| %%%% modex table | |||
| \begin{table}[!h] | |||
| \begin{center} | |||
| \input{modex-15.tex} | |||
| \caption{$m^a \quad (\mathcal{R}_{15})$} | |||
| \label{modex-15} | |||
| \end{center} | |||
| \end{table} | |||
|
|
|||
| %% Define a cycle and point out examples in the table. | |||
| Now consider the product sequence in row 3 (shown below). | |||
| Notice how the sequence starts at 1 and then repeats itself. | |||
| The shortest repetitive part of a sequence is called a \emph{cycle}. | |||
| The cycle in row 3 is (3, 9, 12, 6). | |||
| The \emph{period} of this cycle is 4. | |||
| \[ 1 \quad \overbrace{3 \quad 9 \quad 12 \quad 6} | |||
| \quad \overbrace{3 \quad 9 \quad 12 \quad 6} \quad \cdots \] | |||
|
|
|||
| %% Define an identity column and point out examples in the table. | |||
| Each row in Table \ref{modex-15} is a sequence that starts with 1 followed by a series of cycles. | |||
| Each cycle in the various rows has a period of either 1 or 2 or 4. | |||
| Remarkably, all of the cycles line up vertically in such a way | |||
| as to provide what may be called \emph{identity columns}. | |||
| Consider columns 1, 5, 9, and 13. These are the identity columns in the table. | |||
| Each is identical to the row number column on the left side of the table. | |||
| So for any $m \in Z_{15}$ we have | |||
| \[ m^1 = m^5 = m^9 = m^{13} \] | |||
|
|
|||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,88 @@ | |||
| %%%% why-RSA-works/factor-ops.tex | |||
| %%%% Copyright 2012 Peter Franusic. | |||
| %%%% All rights reserved. | |||
| %%%% | |||
| %% This is LaTeX source code for a figure that contains four curves. | |||
| %% The curves are specified by LaTeX and Lisp expressions shown below. | |||
| %% The labels of the curves are TD, QS, NFS, and Shor. | |||
| %% TD = Trial Division factoring algorithm. | |||
| %% QS = Quadratic Sieve factoring algorithm. | |||
| %% NFS = Number Field Sieve factoring algorithm. | |||
| %% Shor = Peter Shor's factoring algorithm for quantum computers. | |||
| %% The curves are overlayed on a 64 by 30 grid pattern. | |||
| %% The x-axis has lines every 4 grids, with labels {128,256,384,...,1204}. | |||
| %% The y-axis has lines every 3 grids, with labels {6,12,18,24,30}. | |||
| %% | |||
| %% In the Lisp code below, the expt function will accept integer exponents | |||
| %% greater than 128 but not floating-point exponents. | |||
| %% E.g., (expt 2 129) returns 680564733841876926926749214863536422912, | |||
| %% but (expt 2 129.0) causes an error message to be printed. | |||
| %% | |||
| %% TD curve: | |||
| %% $y = \log \left( \sqrt{2^x} \right)$ | |||
| %% (setf y (log (sqrt (expt 2 x)) 10)) | |||
| %% | |||
| %% QS curve: | |||
| %% $y = \log \left( e^{\left( \left( \ln \; 2^{x} \right)^{\frac{1}{2}}\; \cdot \; | |||
| %% \left( \ln \; \left( \ln \; 2^{x} \right) \right)^{\frac{1}{2}} \right)} \right)$ | |||
| %% (setf y (log (exp (* (expt (log (expt 2 x)) 1/2) (expt (log (log (expt 2 x))) 1/2))) 10)) | |||
| %% | |||
| %% NFS curve: | |||
| %% $y = \log \left( e^{\left( \left( \ln \; 2^{x} \right)^{\frac{1}{3}}\; \cdot \; | |||
| %% \left( \ln \; \left( \ln \; 2^{x} \right) \right)^{\frac{2}{3}} \right)} \right)$ | |||
| %% (setf y (log (exp (* (expt (log (expt 2 x)) 1/3) (expt (log (log (expt 2 x))) 2/3))) 10)) | |||
| %% | |||
| %% Shor curve: | |||
| %% $y = \log \left( \left( \ln \left( 2^{x} \right) \right)^{3} \right)$ | |||
| %% (setf y (log (expt (log (expt 2 x)) 3) 10)) | |||
| %% | |||
|
|
|||
| \setlength{\unitlength}{1.6mm} | |||
| \begin{picture}(64,30) | |||
| \linethickness{0.075mm} | |||
|
|
|||
| %% grid pattern | |||
| %% \multiput (x,y) (dx,dy) {n} {object} | |||
| \multiput (0,0) (8,0) {9} {\line(0,1){30}} % x divisions | |||
| \multiput (0,0) (0,6) {6} {\line(1,0){64}} % y divisions | |||
|
|
|||
| %% y-axis labels | |||
| %% 6 12 18 24 30 | |||
| \put (-2.5, 29.5){\scriptsize\textsf{30}} | |||
| \put (-2.5, 23.5){\scriptsize\textsf{24}} | |||
| \put (-2.5, 17.5){\scriptsize\textsf{18}} | |||
| \put (-2.5, 11.5){\scriptsize\textsf{12}} | |||
| \put (-2.2, 5.5){\scriptsize\textsf{ 6}} | |||
|
|
|||
| %% x-axis labels | |||
| %% 128 256 384 512 640 768 896 1024 | |||
| \put( 6.8,-2.0){\scriptsize\textsf{128}} | |||
| \put(14.8,-2.0){\scriptsize\textsf{256}} | |||
| \put(22.8,-2.0){\scriptsize\textsf{384}} | |||
| \put(30.8,-2.0){\scriptsize\textsf{512}} | |||
| \put(38.8,-2.0){\scriptsize\textsf{640}} | |||
| \put(46.8,-2.0){\scriptsize\textsf{768}} | |||
| \put(54.8,-2.0){\scriptsize\textsf{896}} | |||
| \put(62.0,-2.0){\scriptsize\textsf{1024}} | |||
|
|
|||
| \thicklines | |||
|
|
|||
| %% TD curve | |||
| %% \qbezier (start-x,start-y) (pull-x,pull-y) (stop-x,stop-y) | |||
| \put (7.0, 26.0) {\textsf{TD}} | |||
| \qbezier (0.00, 0.00) (6.25, 15.00) (12.50, 30.00) | |||
|
|
|||
| %% QS curve | |||
| \put (42.5, 25.0) {\textsf{QS}} | |||
| \qbezier (0.00, 0.00) (7.00, 15.00) (64.00,29.65) | |||
|
|
|||
| % NFS curve | |||
| \put (50.0, 13.25) {\textsf{NFS}} | |||
| \qbezier (0.00,0.00) (5.50, 9.00) (64.00,13.58) | |||
|
|
|||
| %% Shor curve | |||
| \put (51.0, 9.25) {\textsf{Shor}} | |||
| \qbezier (0.00,0.00) ( 0.50,4.50) ( 8.00,5.84) | |||
| \qbezier (8.00,5.84) (24.00,8.00) (64.00,8.55) | |||
|
|
|||
| \end{picture} | |||
Oops, something went wrong.