# RSA Cryptography

**Course**: Quantum Computing Laboratory  
**Version**: 2.2 (Qiskit 2.2 Compatible)  
**Last Updated**: November 2025

---

## üìö Theory and Background

**RSA (Rivest‚ÄìShamir‚ÄìAdleman)** is an asymmetric cryptographic algorithm used for secure data transmission. It's called 'asymmetric' because it uses two different keys:

- **Public Key**: Can be shared openly, used for encryption
- **Private Key**: Must be kept secret, used for decryption

### Security Foundation

RSA's security relies on the **computational difficulty of factoring large integers**:  
- Easy to multiply two large primes: p √ó q = N
- Very hard to factor N back to p and q
- **Classical difficulty**: O(n^(1/4)(log(n))^3)) Number Field Sieve - Pollard 1988

### Why This Matters for Quantum Computing

**Shor's Algorithm** can factor integers in polynomial time on a quantum computer:  
- **Quantum complexity**: O((ln N)¬≥) - polynomial time
- **Threat to RSA**: Large-scale quantum computers could break current RSA encryption
- **Post-quantum cryptography**: New algorithms resistant to quantum attacks

### Applications

- Secure web browsing (HTTPS)
- Email encryption (PGP/GPG)
- Digital signatures
- Cryptocurrency
- Secure file transfer

## üéØ Learning Objectives

1. ‚úÖ Understand RSA key generation
2. ‚úÖ Implement RSA encryption and decryption
3. ‚úÖ Learn Euler's theorem and modular arithmetic
4. ‚úÖ Understand the quantum threat to RSA
5. ‚úÖ Explore post-quantum alternatives

## üìê Mathematical Foundation

### Modular Arithmetic

The modulo operation finds the remainder after division:
$$4 \div 3 = 1 \text{ remainder } 1 \quad \Rightarrow \quad 4 \equiv 1 \pmod{3}$$

$$7 \div 3 = 2 \text{ remainder } 1 \quad \Rightarrow \quad 7 \equiv 1 \pmod{3}$$

Therefore: $4 \equiv 7 \pmod{3}$

### Euler's Totient Function

For N = p √ó q where p, q are prime:
$$\phi(N) = (p-1)(q-1)$$

### Euler's Theorem

For any a < N where gcd(a, N) = 1 (a and N are "coprime"):
$$a^{\phi(N)} \equiv 1 \pmod{N}$$

This is the foundation of RSA!

### Key Generation

1. Choose two large primes p and q
2. Compute N = p √ó q
3. Compute œÜ(N) = (p-1)(q-1)
4. Choose e where: 1 < e < œÜ(N) and gcd(e, œÜ(N)) = 1
5. Find d where: e √ó d ‚â° 1 (mod œÜ(N))
6. **Public key**: (e, N)
7. **Private key**: (d, N)

### Encryption/Decryption

**Encrypt** (with public key):
$$c = m^e \mod N$$

**Decrypt** (with private key):
$$m = c^d \mod N$$

**Why it works**:
$$c^d = (m^e)^d = m^{ed} = m^{1 + k\phi(N)} = m \cdot (m^{\phi(N)})^k \equiv m \cdot 1^k \equiv m \pmod{N}$$

In [1]:
# Classical RSA implementation
import math
import random
import numpy as np

print("‚úì Imports successful!")
print("  Python math and random modules loaded")

‚úì Imports successful!
  Python math and random modules loaded


## üîß Implementation

### Step 1: Modular Arithmetic Examples

In [2]:
# Demonstrate modular arithmetic in Python

# Modulo operator: %
print("Basic Modulo Operations:")
print(f"  5 % 4 = {5 % 4}  (remainder when 5 divided by 4)")
print(f"  9 % 4 = {9 % 4}  (remainder when 9 divided by 4)")
print(f"  Therefore: 5 ‚â° 9 (mod 4) is {5 % 4 == 9 % 4}")

# Modular exponentiation: pow(base, exponent, modulus)
print("\nModular Exponentiation:")
print(f"  2^5 mod 7 = {pow(2, 5, 7)}")
print(f"  This is much more efficient than (2**5) % 7 for large numbers!")

Basic Modulo Operations:
  5 % 4 = 1  (remainder when 5 divided by 4)
  9 % 4 = 1  (remainder when 9 divided by 4)
  Therefore: 5 ‚â° 9 (mod 4) is True

Modular Exponentiation:
  2^5 mod 7 = 4
  This is much more efficient than (2**5) % 7 for large numbers!


In [3]:
2**5 % 7

4

In [4]:
pow(2,5,7)

4

### Step 2: Helper Functions

In [5]:
def euler_totient(p: int, q: int) -> int:
    """
    Calculate Euler's totient function œÜ(N) for N = p√óq.
    
    Args:
        p: First prime number
        q: Second prime number
    
    Returns:
        œÜ(N) = (p-1)(q-1)
    
    Raises:
        AssertionError: If p and q are not coprime
    """
    assert math.gcd(p, q) == 1, "p and q must be coprime (relatively prime)"
    return (p - 1) * (q - 1)


def modular_inverse(e: int, phi: int) -> int:
    """
    Find modular multiplicative inverse d where: e √ó d ‚â° 1 (mod œÜ).
    
    Uses Extended Euclidean Algorithm.
    
    Args:
        e: Public exponent
        phi: Euler's totient œÜ(N)
    
    Returns:
        d: Private exponent where e√ód ‚â° 1 (mod œÜ)
    """
    e = e % phi
    for x in range(1, phi):
        if (e * x) % phi == 1:
            return x
    return 1


def encrypt(message: int, e: int, n: int) -> int:
    """
    Encrypt message using RSA public key.
    
    Args:
        message: Plaintext message (as integer)
        e: Public exponent
        n: Modulus (N = p√óq)
    
    Returns:
        ciphertext: Encrypted message
    """
    return pow(message, e, n)


def decrypt(ciphertext: int, d: int, n: int) -> int:
    """
    Decrypt ciphertext using RSA private key.
    
    Args:
        ciphertext: Encrypted message
        d: Private exponent
        n: Modulus (N = p√óq)
    
    Returns:
        plaintext: Decrypted message
    """
    return pow(ciphertext, d, n)


print("‚úì Helper functions defined")

‚úì Helper functions defined


### Step 3: RSA Key Generation

In [6]:
# Choose two prime numbers
# (In practice, these would be hundreds of digits long!)
p = 61
q = 53

print("Step 1: Choose primes")
print(f"  p = {p}")
print(f"  q = {q}")

# Compute N = p √ó q
N = p * q
print(f"\nStep 2: Compute N = p √ó q")
print(f"  N = {p} √ó {q} = {N}")

# Compute Euler's totient
phi_N = euler_totient(p, q)
print(f"\nStep 3: Compute œÜ(N) = (p-1)(q-1)")
print(f"  œÜ({N}) = ({p}-1)√ó({q}-1) = {phi_N}")

# Choose public exponent e
e = 17  # Common choice: 65537 or 17
print(f"\nStep 4: Choose public exponent e")
print(f"  e = {e}")
print(f"  Check: gcd(e, œÜ(N)) = gcd({e}, {phi_N}) = {math.gcd(e, phi_N)}")
print(f"  Must be 1: {math.gcd(e, phi_N) == 1} ‚úì")

# Compute private exponent d
d = modular_inverse(e, phi_N)
print(f"\nStep 5: Compute private exponent d")
print(f"  d = {d}")
print(f"  Verify: e√ód mod œÜ(N) = {e}√ó{d} mod {phi_N} = {(e*d) % phi_N}")
print(f"  Must be 1: {(e*d) % phi_N == 1} ‚úì")

# Display keys
print("\n" + "="*60)
print("RSA KEY PAIR GENERATED")
print("="*60)
print(f"Public Key:  (e={e}, N={N})")
print(f"Private Key: (d={d}, N={N})")
print("="*60)

Step 1: Choose primes
  p = 61
  q = 53

Step 2: Compute N = p √ó q
  N = 61 √ó 53 = 3233

Step 3: Compute œÜ(N) = (p-1)(q-1)
  œÜ(3233) = (61-1)√ó(53-1) = 3120

Step 4: Choose public exponent e
  e = 17
  Check: gcd(e, œÜ(N)) = gcd(17, 3120) = 1
  Must be 1: True ‚úì

Step 5: Compute private exponent d
  d = 2753
  Verify: e√ód mod œÜ(N) = 17√ó2753 mod 3120 = 1
  Must be 1: True ‚úì

RSA KEY PAIR GENERATED
Public Key:  (e=17, N=3233)
Private Key: (d=2753, N=3233)


### Step 4: Encryption

In [7]:
# Choose a message to encrypt
message = 123
print(f"Original message: {message}")
print(f"  (Must be less than N={N})")

# Encrypt using public key
ciphertext = encrypt(message, e, N)
print(f"\nEncrypting with public key (e={e}, N={N}):")
print(f"  c = m^e mod N")
print(f"  c = {message}^{e} mod {N}")
print(f"  c = {ciphertext}")
print(f"\n‚úì Encrypted: {message} ‚Üí {ciphertext}")

Original message: 123
  (Must be less than N=3233)

Encrypting with public key (e=17, N=3233):
  c = m^e mod N
  c = 123^17 mod 3233
  c = 855

‚úì Encrypted: 123 ‚Üí 855


### Step 5: Decryption

In [8]:
# Decrypt using private key
decrypted = decrypt(ciphertext, d, N)
print(f"Decrypting with private key (d={d}, N={N}):")
print(f"  m = c^d mod N")
print(f"  m = {ciphertext}^{d} mod {N}")
print(f"  m = {decrypted}")
print(f"\n‚úì Decrypted: {ciphertext} ‚Üí {decrypted}")

# Verify
print("\n" + "="*60)
if decrypted == message:
    print("SUCCESS! ‚úì")
    print(f"Original message: {message}")
    print(f"Decrypted message: {decrypted}")
    print("RSA encryption/decryption verified!")
else:
    print("ERROR: Decryption failed")
print("="*60)

Decrypting with private key (d=2753, N=3233):
  m = c^d mod N
  m = 855^2753 mod 3233
  m = 123

‚úì Decrypted: 855 ‚Üí 123

SUCCESS! ‚úì
Original message: 123
Decrypted message: 123
RSA encryption/decryption verified!


## üî¨ Security Analysis

### Why RSA Works

In [9]:
print("Mathematical Proof:")
print("="*60)
print(f"e √ó d = {e} √ó {d} = {e*d}")
print(f"e √ó d mod œÜ(N) = {e*d} mod {phi_N} = {(e*d) % phi_N}")
print(f"\nTherefore: e √ó d = 1 + k√óœÜ(N)")
print(f"where k = {(e*d - 1) // phi_N}")
print("\nBy Euler's theorem:")
print(f"  m^œÜ(N) ‚â° 1 (mod N)")
print(f"\nSo:")
print(f"  c^d = (m^e)^d = m^(e√ód) = m^(1 + k√óœÜ(N))")
print(f"      = m √ó (m^œÜ(N))^k ‚â° m √ó 1^k ‚â° m (mod N)")
print("\nThis is why decryption recovers the original message!")
print("="*60)

Mathematical Proof:
e √ó d = 17 √ó 2753 = 46801
e √ó d mod œÜ(N) = 46801 mod 3120 = 1

Therefore: e √ó d = 1 + k√óœÜ(N)
where k = 15

By Euler's theorem:
  m^œÜ(N) ‚â° 1 (mod N)

So:
  c^d = (m^e)^d = m^(e√ód) = m^(1 + k√óœÜ(N))
      = m √ó (m^œÜ(N))^k ‚â° m √ó 1^k ‚â° m (mod N)

This is why decryption recovers the original message!


### Classical Security: Breaking RSA

In [10]:
print("To Break RSA, an attacker needs to:")
print("="*60)
print("1. Know: (e, N) [public key]")
print("2. Want: d [private key]")
print("3. Need: œÜ(N) to compute d")
print("4. Must: Factor N = p √ó q to find œÜ(N) = (p-1)(q-1)")
print("\nFactoring is HARD for large N!")
print("="*60)

print(f"\nExample with our small primes:")
print(f"  N = {N}")
print(f"  Trying to factor...")

# Brute force factoring (only works for small N!)
import time
start = time.time()
for i in range(2, int(N**0.5) + 1):
    if N % i == 0:
        factor1 = i
        factor2 = N // i
        break
elapsed = time.time() - start

print(f"  Found: {N} = {factor1} √ó {factor2}")
print(f"  Time: {elapsed*1000:.3f} ms")
print(f"\nFor RSA-2048 (617 digit number):")
print(f"  Classical factoring: >10^9 years on modern hardware")
print(f"  Quantum (Shor's): ~hours on large-scale quantum computer")

To Break RSA, an attacker needs to:
1. Know: (e, N) [public key]
2. Want: d [private key]
3. Need: œÜ(N) to compute d
4. Must: Factor N = p √ó q to find œÜ(N) = (p-1)(q-1)

Factoring is HARD for large N!

Example with our small primes:
  N = 3233
  Trying to factor...
  Found: 3233 = 53 √ó 61
  Time: 0.067 ms

For RSA-2048 (617 digit number):
  Classical factoring: >10^9 years on modern hardware
  Quantum (Shor's): ~hours on large-scale quantum computer


## ‚öõÔ∏è Quantum Threat

### Shor's Algorithm Impact

In [11]:
print("CLASSICAL vs QUANTUM FACTORING")
print("="*60)
print("\nProblem: Factor N into p and q")
print("\nClassical (Best Known):")
print("  Algorithm: General Number Field Sieve (GNFS)")
print("  Complexity: O(exp(‚àõ(ln N ln ln N)))")
print("  Type: Sub-exponential, but still exponential for large N")
print("\nQuantum (Shor's Algorithm):")
print("  Complexity: O((ln N)¬≥)")
print("  Type: Polynomial")
print("  Speedup: EXPONENTIAL")
print("\nExample: Factor RSA-2048 (617 digits)")
print("  Classical: ~10^9 years")
print("  Quantum:   ~hours (requires ~20 million noisy qubits)")
print("\nCurrent Status (2025):")
print("  Largest quantum computers: ~1,000 qubits")
print("  Largest factored: Small test numbers (N < 10^6)")
print("  Timeline to threat: 10-20 years (estimate)")
print("="*60)

CLASSICAL vs QUANTUM FACTORING

Problem: Factor N into p and q

Classical (Best Known):
  Algorithm: General Number Field Sieve (GNFS)
  Complexity: O(exp(‚àõ(ln N ln ln N)))
  Type: Sub-exponential, but still exponential for large N

Quantum (Shor's Algorithm):
  Complexity: O((ln N)¬≥)
  Type: Polynomial
  Speedup: EXPONENTIAL

Example: Factor RSA-2048 (617 digits)
  Classical: ~10^9 years
  Quantum:   ~hours (requires ~20 million noisy qubits)

Current Status (2025):
  Largest quantum computers: ~1,000 qubits
  Largest factored: Small test numbers (N < 10^6)
  Timeline to threat: 10-20 years (estimate)


## üõ°Ô∏è Post-Quantum Cryptography

In [12]:
print("POST-QUANTUM CRYPTOGRAPHY ALTERNATIVES")
print("="*60)
print("\nNIST Post-Quantum Standards (2024):")
print("\n1. CRYSTALS-Kyber")
print("   Type: Lattice-based encryption")
print("   Use: Key encapsulation mechanism (KEM)")
print("\n2. CRYSTALS-Dilithium")
print("   Type: Lattice-based signatures")
print("   Use: Digital signatures")
print("\n3. SPHINCS+")
print("   Type: Hash-based signatures")
print("   Use: Digital signatures")
print("\nKey Features:")
print("  ‚úì Resistant to quantum attacks")
print("  ‚úì Based on hard mathematical problems")
print("  ‚úì Being deployed NOW (before quantum threat)")
print("\nTransition Strategy:")
print("  1. Hybrid approach: Classical + Post-quantum")
print("  2. Gradual migration of systems")
print("  3. 'Harvest now, decrypt later' threat")
print("="*60)

POST-QUANTUM CRYPTOGRAPHY ALTERNATIVES

NIST Post-Quantum Standards (2024):

1. CRYSTALS-Kyber
   Type: Lattice-based encryption
   Use: Key encapsulation mechanism (KEM)

2. CRYSTALS-Dilithium
   Type: Lattice-based signatures
   Use: Digital signatures

3. SPHINCS+
   Type: Hash-based signatures
   Use: Digital signatures

Key Features:
  ‚úì Resistant to quantum attacks
  ‚úì Based on hard mathematical problems
  ‚úì Being deployed NOW (before quantum threat)

Transition Strategy:
  1. Hybrid approach: Classical + Post-quantum
  2. Gradual migration of systems
  3. 'Harvest now, decrypt later' threat


## üéì Exercises

### Exercise 1: RSA with Different Parameters (Easy)
Generate RSA keys with p=17, q=19. Encrypt and decrypt the message m=42.

```python
# Your solution here
p = 17
q = 19
# Continue...
```

### Exercise 2: RSA Security (Medium)
Write a function to brute-force factor N given only the public key (e, N). Test with N=221.

**Hint**: Try all divisors from 2 to ‚àöN

### Exercise 3: Key Size Analysis (Hard)
Calculate how many qubits would be needed to run Shor's algorithm to factor:
1. RSA-1024 (309 digits)
2. RSA-2048 (617 digits)
3. RSA-4096 (1234 digits)

**Hint**: Approximately 2n qubits needed to factor an n-bit number

## üìñ References

### Academic Papers

1. **RSA Original Paper**:  
   Rivest, R.L., Shamir, A., & Adleman, L. (1978).  
   *A method for obtaining digital signatures and public-key cryptosystems*.  
   Communications of the ACM, 21(2), 120-126.

2. **Shor's Algorithm**:  
   Shor, P. W. (1997).  
   *Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer*.  
   SIAM Journal on Computing, 26(5), 1484-1509.

3. **Post-Quantum Cryptography**:  
   NIST (2024). *Post-Quantum Cryptography Standardization*.  
   https://csrc.nist.gov/projects/post-quantum-cryptography

### Online Resources

- [RSA Explained](https://www.comparitech.com/blog/information-security/rsa-encryption/)
- [Qiskit Textbook - Shor's Algorithm](https://learn.qiskit.org/course/ch-algorithms/shors-algorithm)
- [Post-Quantum Cryptography FAQ](https://pqshield.com/pqc-101/)

### Related Notebooks

- `Shors_Algorithm_v2.2_enhanced.ipynb`
- `Period_Finding_v2.2_enhanced.ipynb`
- `Quantum_Phase_Estimation_v2.2_enhanced.ipynb`

---

**Course**: Quantum Computing Laboratory  
**License**: MIT  
**Version**: 2.2.0  
**Last Updated**: November 2025