RSA public key algorithm

Around 1970, scientists began to think about the possibility of a public key encryption system. After years of research by scientists, at the end of 1977, Ron Rivest, adishamir and Leonard adlemn from MIT co-authored a paper that provided the still secure public key encryption algorithm, that is, the RSA algorithm named after the first letter of the three surnames.

 

The process of RSA is as follows:

 

1) find two major quality p and q

2) Let n = P · Q calculate M = (p-1) (q-1)

3) find E and D, so that E · d mod = 1 (just find a number e that interacts with m, and solve the equation E · dmod = 1)

4) Take E, N as the public key, d, n as the Private Key

5) set X as the original message, and Y as the ciphertext.

Then y = Xe mod n

X = y dmod n

That is, after encryption with the public key e and N, only another person with the private key D and N can decrypt the data.

Looking at the above algorithm steps, you will have a lot of questions, such as why to find two quality p, q; why do I need to calculate m according to P-1) · (q-1, then, based on the formula E · d mod m = 1, find E and D ,... And so on.

The mathematical theorem behind RSA already exists in more than 300 years. However, creating an RSA algorithm based on such an old theorem has been around for decades, the main reason is that as the computing speed of the computer increases and the establishment of the network brings security communication requirements, the feasibility of Public Key algorithm is studied, finally, in 1977, three mit professors invented the RSA public key encryption algorithm.

Finding out the RSA public key algorithm by mathematical theorem is an unusually tortuous path, but it seems much smoother to extend the RSA algorithm and prove it by mathematical theorem. Therefore, this article describes the RSA algorithm from the results, and then raises questions and then uses mathematical theorem to prove it. Finally, we look back at how to use the existing mathematical theorem to find out the RSA algorithm.

 

Based on the steps of the RSA algorithm, we first list the questions

1. why x = y dmod N, and y = Xe mod n, that is, what if the E Power of X is divided by the D power of the N remainder value and then divided by the N remainder is equal to X?

 

1.1 because Xe is divided by the remainder of N (Xe mod N) to the power of D and then modulo n, which is equivalent to Xe dmodn, the proof is as follows:

(1) y = xemod n is the remainder of X's E Power divided by N,

(2) Change to the formula: XE = NX + Y x is a multiple of N.

(3) Then y = Xe-NX

(4) y dmodn = (Xe-Nx) d mod n

(5) (Xe-Nx) D is a polynomial. After expansion, except for the first item Xe · d, all other items carry N, so all other items can be divided by N, (Xe-Nx) d mod N can be simplified to Xe-dmodn

 

1.2 from 1.1, we can see that y dmodn = (Xe-Nx) d mod n = Xe · dmodn. Why is Xe · dmodn = x?

1.2.1 if an integer N is equal to the product of two prime numbers p and q, then for any integer a, write the remainder sequence obtained by dividing AI by N, then the minimum common multiples of the P-1 and the Q-1 will be a cycle of the sequence, which is an extension of the ferma small theorem. Why will the minimum public multiples of the first and second p-1 and q-1 become a cycle of the sequence? For details, see section 2. Remember this conclusion and continue the analysis.

1.2.2 m is the product of P-1 and (q-1), so the period of this sequence is m, the remainder of A mod N, A1 + mmod N, A1 + 2 m mod n, and A1 + 3 m modn are equal.

1.2.3 therefore, the calculation of E · d = 1 + M, E · d = 1 + 2 m or E · d = 1 + 3 m can ensure that a mod n = AE · dmod n

1.2.4 calculate E · d = 1 + M, that is, calculate E · d mod m = 1, find a number e that interacts with m, and then obtain the equation E · d mod m = 1. E · d mod m = 1, E · d mod m = 2, E · d mod m = 3, and so on, addition and subtraction of N on the basis of this solution is all solutions. Therefore, for N, there must be a solution D corresponding to E. Why is there a solution D for the mutual quality between E and M? For details, see section 3.

1.2.5 through the above steps, we can see that y dmod n = (Xe-Nx) d mod n = Xe · dmodn = x mod n, and X mod n is equal to X, so ydmodn is equal to X, in other words, ciphertext y uses the private key D and N to decrypt the original packet X.

 

2 Why n has the product of two prime numbers p and q, and AI is divided by the remainder sequence of N in turn, there is a period of 1 multiplied by the minimum public multiples of q-1

If 2.1 N is a prime number, then as I increases, the remainder of A's I power divided by N will have a n-1 period. For details, see section 4th.

2.2 If n is not a prime number, but the product of two prime numbers, for example, 35 is the product of 5 and 7. According to the Chinese Remainder Theorem (Appendix ), the remainder of A number divided by 35 can be determined by dividing it by the remainder of two multiplier 5 and seven.

2.3 so according to 2.1, aimod P has P-1, AI mod q has a period of q-1, And then according to 2.2, the cycle of aimod N is determined by the two prime numbers of n p and q, therefore, aimod P has a period of P-1) · (q-1) = M.

 

3 why is there a D in e-d mod m = 1?

3.1 A · x mod n = B is equivalent to finding a multiple of a so that it is divided by N more than B, or find a number M and m mod a = 0 and M mod n = B.

3.2 If a and n are mutually qualitative, then according to the Chinese Remainder Theorem (Appendix A), such M must exist, and after finding such m, add or subtract an integer of A · N on the basis of the algorithm to obtain all M that meet the requirements.

3.3 therefore, in order to solve all the solutions of equation A · x mod n = B, we only need to solve a specific solution of the equation. Suppose we find a solution of X in equation A · x modn = B, add or subtract a multiple of N on the basis of this solution (equivalent to adding or subtracting a multiple of N on the basis of the entire Dividend A. X, here, A. X is the M mentioned above. All solutions can be obtained.

(Even better, we only need to consider the equation like a · x modn = 1. Because, if such an equation can be solved, A · x mod n = 2 and A · x mod n = 3 are also automatically obtained. Assume that a · x modn = 1 has a solution x = 100. Because 100 A is divided by N and more than 1, naturally, 200 A is divided by N, and 2,300 A is divided by N, and 3 is left, and so on. The equations with less than 1 remainder on the right of the equation are also unlocked .)

 

4. Why is n a prime number? As I increases, division of the I power of A by the remainder of N has a n-1 period?

4.1 In 1640, French amateur mathematician pierre de Fermat (often translated as "ferma") found that if n is a prime number, then for any number, the Nth Power of a minus a will all be multiples of N.

4.2 describe the Fermat Theorem of 4.1 (see Appendix B) as an-a mod n = 0; then an MOD n = a mod n

4.3 Since AI mod n = ai-1 · A mod n

While ai-1 = NX + y sets X to N multiples, Y to the remainder of AI mod n

Then y = ai-1-NX

Then AI = ai-1 · A = (nx + Y) ·

Then AI mod n = (nx + Y) · A mod n

= (Anx + AY) mod n

Because anx is a multiple of an, anx mod n must be equal to 0, so the remainder of the AI mod n only requires ay mod n, and Y is the remainder of the ai-1 mod n. That is, the remainder of the aimod N is equal to the remainder of the ai-1 mod n multiplied by a and then divided by the remainder of the N, in other words, the value of the AI mod n is determined by the value of the ai-1 mod n.

Combining 4.4 and 4.2, we can see that the remainder of AI has a period from 1 to n-1.

 

Appendix A China Residue Theorem

China's residue theorem: Given M two-to-two integer, their product is P; assume there is an unknown M, if we know m divided by the remainder of the M number, in the range of 0 to P-1, we can uniquely determine this M. This can be seen as a special solution of M. For all other m that meet the requirements, the remainder after dividing by P is equal to the number of this special solution. Note that the condition of divisor Interconnectivity is necessary, otherwise the conclusion will not be true. For example, in the range of 0 to 7, there are two numbers divided by 4-plus 1 and divided by 2-plus 1, divide by four to one and divide by two to zero.

From a certain point of view, the Chinese Remainder Theorem is almost obvious. Let's take two divisor cases as an example to illustrate the intuition behind the Chinese Remainder Theorem. Assume that the two divisor numbers are 4 and 7 respectively. The following table shows the remainder of each natural number divided by 4 and divided by 7. x mod y indicates the remainder of X divided by Y, which will be used later.

I	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19
I mod 4	0	1	2	3	0	1	2	3	0	1	2	3	0	1	2	3	0	1	2	3
I mod 7	0	1	2	3	4	5	6	0	1	2	3	4	5	6	0	1	2	3	4	5
I	20	21	22	23	24	25	26	27	28	29	30	31	32	33	34	35	36	37	38	39
I mod 4	0	1	2	3	0	1	2	3	0	1	2	3	0	1	2	3	0	1	2	3
I mod 7	6	0	1	2	3	4	5	6	0	1	2	3	4	5	6	0	1	2	3	4

The value of I mod 4 is obviously in the cycle of 4, and the value of I mod 7 is obviously in the cycle of 7. Since 4 and 7 are mutually dependent and their minimum public multiples are 4 × 7 = 28, the cycle of (I mod 4, I mod 7) is 28 and will not be shorter. Therefore, when I increases from 0 to 27, the values of (I mod 4, I mod 7) are never repeated. However, (I mod 4, I mod 7) is only 4 × 7 = 28 different values, therefore, they are allocated to the number between 0 and 27 without repetition and omission. This indicates that each specific remainder combination exists in the first 28 items and appears only once. After that, the remainder combination will generate a cycle of 28, so each specific remainder combination will repeat in the cycle of 28. This is exactly the content of the Chinese Remainder Theorem.

Appendix B ferma's Theorem

Ferma's small theorem: If n is a prime number, then for any number A, the N power of a minus a will be a multiple of N.

The Fermat theorem has a wonderful proof. Let's take "37-3 can be divisible by 7" as an example. Later, you will find that the truth is the same for other situations. First, let me explain the meaning of "cyclic shift. Imagine a string composed of several characters that is displayed in a scroll on an appropriate LED screen. For example, helloworld is a 10-bit string, and we don't have many LED screens that exactly contain 10 characters. At the beginning, helloworld is displayed on the screen. Next, the letter H on the screen will be removed from the screen, but will be moved in from the right side of the screen, so the screen is changed to elloworldh. At the next moment, the screen becomes "loworldhe", and then "loworldel" again. The screen will return to helloworld after 10th moves. In this process, the elloworldh, loworldhe, loworldel,... displayed on the screen are all obtained from the initial string helloworld through "cyclic shift. Now, consider all 7-character strings consisting of only three characters: A, B, and C. They have a total of 37. If another string can be obtained after a character string is cyclically shifted, the two strings belong to the same group of strings. For example, abbcccc and cccabbc belong to the same group of strings, and there are five other strings in the group. Therefore, among all the 37 strings, except aaaaaaa, bbbbbbbbb, and ccccccc, all the other strings are exactly a group of 7 strings. This indicates that 37-3 can be divisible by 7.

In this proof process, where is the condition "7 is a prime number" used? Think about it and you will find that 7 is the prime number, so each group has exactly 7 strings. If the length of a string is not 7 but 15, some groups contain only 3 or 5 strings. For example, there are only three strings in the group where abcabcabcabcabc is located. After three characters are moved cyclically, the strings will overlap with the original one.

 

The Diffie-Hellman public key exchange algorithm in Appendix c ssh, using the RSA public key as an example:

RSA public key algorithm