 So we're at the stage of just doing the last operation for our modular arithmetic logarithms Exponentiation is easy. Well easy in terms of concept. That is it's repeated multiplication and in terms of how we think about exponentiation you take Your number raise it to the power mod by n you get your answer so conceptually easy in practice time-consuming sometimes to calculate We'll see some examples when we have big numbers last one logarithms and The concept we have is a discrete logarithm In normal arithmetic if we have b equals a to the power of i i is the index or the exponent Then the log in base a of b is i that index or exponent But now we have everything mod n or in this this equation mod p So if we have b equivalent to a raised to the power of i all in mod p Then we say in the same concept the logarithm in base a With mod p of b equals i the index so we're trying to find the index of this Exponentiation the opposite of the exponentiation operation and we call it for modular arithmetic a discrete logarithm If we go back to multiplication in modular arithmetic We can do multiplication for all numbers, but we cannot do division for all numbers and Similar follows. We cannot do logarithms for all numbers There's only special cases where we can determine the unique exponent So we need to introduce a primitive root to explain that so a primitive root is Of some so we define a primitive root of some prime p a prime number p If a number is a primitive root of that prime p then a raise to the power of 1 2 3 up until p minus 1 Gives us distinct values And that's best shown with some examples So we'll go straight to some examples to introduce the concept of a primitive root and then see The discrete logarithm relies on a primitive root being found. I have some better examples Let's say our modulus is Everything is mod 7 for this set of examples mod 7 so in our equation mod p or p is 7 Let's look at the numbers when we take some number a and We raise it to some power i Where i ranges from for mod 7 one up until 6 Let's start simple a equal to 1 so we're trying to Give an example of a primitive root a primitive root of some prime or some number p is That if we can take that primitive root raise it to the powers of 1 2 3 up until p minus 1 if the answers are distinct different values Let's try some values So what we're going to do is take our value a raise it to the power of i and Then mod by our modulus p which in this case is 7 for this example so a to the power of i Mod 7 so 1 to the power of 1 mod 7 we get what? 1 1 to the power of anything we're going to get 1 so this is going to be a simple case. We'll write the answers Here just to demonstrate a equals to 1 i equal to 1 1 to the 1 mod 7 answer is 1 1 to the power of 2 mod 7 Also 1 1 to the power of 3 mod 7 You can see what we're going to get as answers We'll come back to that one and let's try for a different value of a and then explain what they mean What if a equals 2? so what we do When we mod 7 consider 2 to the power of 1 2 to the power of 2 2 to the power of 3 and so on mod 7 What are the answers? 2 to the power of 1 mod 7 is 2 2 to the power of 1 is 2 mod 7 we get 2 as the answer 2 to the power of 2 mod 7 How about we? I'm very lonely up the front Come down closer everyone small small group of students large room Move down the front. It's okay to eat everyone move down the front front two rows It's okay You've got time off you go. Yeah, everyone move. I can't move the screen closer to you Come on The front three rows It's okay just for today front three rows Yes, everyone not not just Two or three people just try something different It's okay bring your laptop It's not too hard. Just just move down the front the front a little bit closer There's so many seats to choose from Okay Now I can ask a question and hear your answers To to the power of 2 mod 7. What's the answer? for 2 to the power of 3 Mod 7 2 to the power 3 is 8 mod 7 we get one 2 to the power of 4 Mod 7 try it 2 to the power of 2 mod 7 we get 4 2 to the power 3 mod 7 we get 1 2 to the power of 4 mod 7 2 to the power 4 is 16 mod 7 the answer is 2 2 to the power of 5, mod 7, 2 to the power of 5 is 32, mod 7, 4, 2 to the power of 5 is 32, 4 times 7 is 28, remainder is 4, 2 to the power of 6, mod 7, 1. Check. 2 to the power of 6 is 64, 9 times 7 is 63, so the remainder is 1. Okay, easy. Maybe it's so easy when you're sitting down the front too, so let's do this one. What if A is 3? 3 to the power of 1, mod 7, easy, 3. 3 to the power of 2 is 9, mod 7, 3 to the power of 3, mod 7, 3 to the power of 3 is 27, mod 7, 6, 3 to the power of 4, I'll give you a calculator. You can use your head, fine. What do we have? 3 to the power of 4, mod 7. Sorry, that's 4. What's the next one? 3 to the power of 5, mod 7, 5. Okay, so this is doing it for us, so this one was 3 to the power of 4, mod 7, we got 4, 3 to the power of 5, mod 7, 5, 3 to the power of 6, mod 7, let's use our calculator, 1. Okay, nothing hard there. Now, why do we do that? Our modulus is prime 7, p is 7. A primitive root of 7 is a number, when we raise it to a power of all the integers up until that number 7, but less than, we get distinct answers. So we say 3 is a primitive root of mod 7. With 2, we get non-unique values in this set of answers. 2 occurs twice, 4 and 1 occurs twice. With a equal to 3, when we mod raise to the power of i and mod by 7, we get this distinct set of 6 values. So we say a is a primitive root, 2 and 1 are not in this case. And then we can try for other numbers. So that's the definition of primitive root. We use it to do, to work out when a discrete logarithm is possible. The idea is that a discrete logarithm, coming back, remember logarithm, find the, find the exponent or index, that's a logarithm. Given the base and the answer, find the index that when we raise the base to that index, we get the answer b. Same with the discrete logarithm, but everything is mod p. With some base i, if we mod p and get the answer b, what is the index i? Sorry, some base a. Base is a, mod is p, the answer is b, then the index is i. Well, we can only solve such value and get a unique exponent i, that is, get an answer that's unique, if a, the base, is a primitive root of prime p. So that's the conditions when our discrete logarithm will work. Let's give an example. What is this discrete log in base 3 mod 7 of 6? The way we read that is that 3 raised to some power, to some index, mod by 7 gives us an answer 6. So what is that index? 3 raised to some number, then when mod by 7 gives us 6. What is that number? Where do you get the number from? We just calculated it, didn't we? 3 raised to the power of some number, mod 7, this table we calculated, these values calculated with mod 7, gives us an answer 6. So what's the index that gives us an answer 6? 3. So the answer of this is 3. And we can check, you can check that, that is 3 the base to the power of the answer 3, mod 7, 3 to the power of 3 is 27, mod 7 gives us 6. Okay, that one's fine. Discrete log of base 2, mod 7 still of 4. The discrete logarithm of 4 in base 2, mod 7 means 2 to the power of some number, mod 7 gives us the answer of 4. What is that number? What is the index? What do we have as possible answers? Yeah, we just calculated again. We just calculated it for the values when we mod by 7, we calculated it. The base is 2 raised to the indexes of 1 through to 6, mod by 7 we get the answers 2, 4, 1, 2, 4, 1. In this question we have, what do we have? 2 to the power of discrete log of 4. So what index gives us an answer of 4? There are two possible values. 2 to the power of 2 mod 7 gives us 4, 2 to the power of 5 mod 7 also gives us 4. We don't have a unique value and therefore we cannot determine what the index was originally. There's no way to know which index was it if we want to do a discrete logarithm. There's no unique answer here. Why? Because the base is not a primitive root of 7. So when the base, this value, is a primitive root of the modulus then we can get a unique answer because we have a distinct set of values here but when the base like 2 is not a primitive root of 7 then we will not get a unique exponent because we have multiple instances of the answer. So what's the answer? Well we say there is no answer or no unique answer. Not of interest to us. There are two possible answers but generally we'd like to get a unique value especially when we apply to encryption. So when we want to use the discrete logarithm we normally need to have the base to be a primitive root of the modulus. In this case it's not. And we'll see algorithms, cryptographic algorithms that use this concept. So again all we did was for our example when we're using mod 7 we said well given the values 1 up until 6 the set of exponents. If a to the power of i these are the possible values of i when we mod by 7. If we take all values of a which values when we raise the power of i give us a unique set here. 3 does, 2 doesn't, 1 doesn't and you can check the others whether they do or not. If they do it's called a primitive root. And if we have a primitive root in this case we can solve the discrete logarithm with a unique answer. Not all. Okay and some useful values. The only integers with primitive roots are listed here. 2, 4 and some prime raised to some integer. Any prime raised to the integer, p to the power of 1, p to the power of 2 and 2 times that value. So there's only some numbers have primitive roots and that restricts us when we want to find a discrete logarithm. So when we want to use the discrete logarithm in a cryptographic algorithm we must choose our numbers carefully. So for now just be aware what is a primitive root. A primitive root of some prime p is a number such that when we raise it to the powers up until p minus 1 we get distinct answers when we mod by p. What is a primitive root? And that for a discrete logarithm we can only find a unique exponent if the base a is a primitive root of the prime p. So that's what we need to know for now. Now we say we can find the answer. Another thing we'll see later, maybe not today, solving the discrete logarithm can be complex. Complex enough if you use large enough numbers practically impossible. That is if you spend your 10 million years trying to solve it you will not get an answer. It will take too long. So that will be a property that we take advantage of later. But we return to that when we use it. This is using mod 19 as a different example. We had an example of mod 7. If we have mod 19 what are the primitive roots of 19? And this is a table similar to what we calculated. This is the values of a and then a to the square cubed up to a to the power of 18 up to p minus 1. How many primitive roots of 19 are there? There are six and these gray boxes highlight look at the answers. When we raised the power in mod 19 the gray boxes highlight the unique set of values. A primitive root is one that gives us a unique set of values which is distinct amongst all 18 in this case. One, two, three, four, five, six possible primitive roots. They are two, three, ten, thirteen, fourteen and fifteen. And in mod 19 some discrete logarithms. So the answers have been calculated for us. So in base two, base three, ten, thirteen, fourteen, fifteen. Base of the primitive root mod 19. So for example log in base 13 mod 19 of 8 is 15. That's how we read this table. The log or the discrete log of the top row the answer is the second row. And the base is 13 here mod 19. The base here 14 mod 19. So the base are the six different primitive roots. Generally I do not ask you to solve a discrete logarithm in a quiz or an exam unless I give you some extra supporting information. So especially with large numbers they're not solvable. With large enough numbers there are no known algorithms that can solve the discrete logarithm in reasonable time. With small numbers you can do it with trial and error okay you can find a way to do it but if it's large enough it will take too long. And this actually this is the last point on this slide. With certain problems when the numbers are large enough it takes too long to be able to solve those problems. And we'll take advantage of that fact when we use some of this mathematics in public key cryptography. Three problems that we will see that arise which are what we see computationally hard. Meaning if the numbers are large enough it'll take forever to get the answer. Interfactorisation. That is given some integer n which was calculated by multiplying two primes together. If n equals p times q p and q are prime numbers, large prime numbers. If I give you n it'll take you forever to find p and q if you don't know them. That's the problem there. There is no known algorithm that will take n and factor it into its two primes in reasonable time. One example of a large number uh one maybe five or so years ago now. A number n which was the number n was 768 bits long or 232 decimal digits. So write a number 232 digits. Given that number factor it into its two primes p and q several years ago it took someone uh something like 2000 uh computing or man years to to do that factorisation. So if you make it longer it will effectively take forever. Sorry? Yes yes uh NP uh yes yes uh I don't know for all of them I think interfactorisation. I'm not sure. Uh in practice um too large whether it's NP uh what's the difference NP complete NP hard uh I don't remember for all of those algorithms. So there's some slight subtle differences in the non polynomial algorithms uh and effectively they are but there's some variations so some are easier than others okay. But yes effectively all of these algorithms we cannot solve them in reasonable time if we have a large enough input. The input for Euler's totion is or the problem is given n just n a non prime n a composite n find the totion. Remember the totion was that the count of numbers less than n which are relatively prime with n. We could do it we could okay if n was 20 the 1 2 3 up to 19 check which numbers are relatively prime with n. But now make n a thousand bits long like hundreds of digits and then find the answer it's considered harder than integer factorisation. With the same size n it would take you longer to do this and this so this one may take a million years this may take two million years but effectively unsolvable. Similar discrete algorithms with large enough values finding the index is considered unsolvable. So if you know the base the modulus and b finding the discrete logarithm uh is impossible. We'll come back to them and see how they're used in cryptography and that's our next topic so let's get to it. Any questions before we move away from the theory onto the application in in security? Next topic public key cryptography. What have you done? Crashed. So all of the security schemes we've seen up until today have been symmetric key cryptography. Encrypt with one key decrypt with the same shared secret key. Now we're using to moving to a different approach public key cryptography. Let's look at the principles and then an example. So it's reported that around the 1960s the NSA in the US discovered the concepts or developed the concepts for public key cryptography. Similar organisation in the UK around the same time or the 1970s that's the first known report but it was only made public and 1976 two guys Diffie and Hellman come up with this idea of public key cryptography. So that was the first that the public knew of this concept and it was only till later that NSA and the government headquarters in in the UK started to advertise that they already knew about it. So it's only been around for 40, 50 years. Caesar Cypher's been around for what 2000 years so it's relatively new. The idea is to use two different keys for our encryption and decryption not using a shared secret key. The motivation of Diffie and Hellman to come up with this idea was to when you use secret key encryption you often rely on someone generating the key for you and giving you the key. You often need to trust someone else with a key to make it easy to distribute. They wanted to develop a way to avoid relying on other organisations to trust with your key and so you can do it just direct between two users and to do things like digital signatures which is someone can take some document say electronic file and attach their signature to it such that at later time anyone can prove that it came from that person. That's your idea of a signature. You sign a document. The concept is that later someone can see that document and prove that it came from you that you have approved that document because it's got your signature on it. They wanted to provide this functionality and they come up with public key cryptography. So the principles. Symmetric algorithms use the same secret key for both encryption and decryption. Asymmetric algorithms which is another way for public key cryptography algorithms. Asymmetric use one key for encryption and a different but somehow related key for decryption. So two different keys they're not random keys that they're related in some way. Usually they require that asymmetric algorithms that it's hard computationally infeasible practically impossible if you know the algorithm and you know one of the keys to find the other key. Sometimes it's useful to have to be able to use the keys in opposite orders but ignore that last point we'll come to it when we need it. So we have now have two keys encrypt with one decrypt with the other and the requirement is that if I know an algorithm I know one key it should be hard for me to be able to determine or calculate the other key. So in fact we have two keys we talk about a key pair and one's a public key and one's a private key. So we talk about a public private key pair and in most systems the way that works each user in that system has their own care own key pair. So we denote that for user A they have two keys the public key of user A and the private key of user A. So the private key of Steve and the public key of Steve I have my own key pair you have your own key pair everyone has their own key pair often created by yourself and we'll see the ways for creating them later. They're not random numbers okay the key values are not random numbers they are related somehow. A public key as you guessed by the name it can be made public that means if I have my public key and private key the two values I can tell all of you my public key. It doesn't matter it's available to everyone anyone who wants it. My private key again should be secret it should be private to me. So I have my key pair I tell everyone you I tell everyone my public key but I keep my private key secret I don't tell anyone that's the assumptions that our keys rely on and then all right let's see these for secrecy and authentication with some pictures to explain how we use those keys. So the concept let's say I want to get a message from A to B confidentially we have a message M the plain text this is the user A on the left user B on the right we want to get a message from A to B such that no one else in between can read the message we want confidentiality both users have their key pair so we can say user A has a key pair user B has a key pair to achieve confidentiality what we do user A on the left takes the message uses a public key encryption algorithm E and uses the public key of the destination so if user A is sending to B and they want this message only to be read by B then user A encrypts the message using the public key of B in this encryption process and the result we can write as we encrypt using the public key of B message M and we get some ciphertext as output we send the ciphertext across the network the destination B receives the ciphertext and to decrypt they use their corresponding private key if a message was encrypted with B's public key our algorithm should be such that it will only successfully decrypt with B's private key for the other key in the key pair so what B does they take the ciphertext C their private key PRB and decrypt using our algorithm and if our algorithm is designed correctly they'll get the original message as an output so we'll get the plain text back so if we want to have confidentiality with public key encryption and this is an important point to remember the concept is always encrypt with the destinations public key we'll look at the algorithms for E and D in this topic but the concept in general is you encrypt with the destinations public key and the destination decrypts with their private key and because why does it work well the keys should be related in such the way that it will only successfully decrypt if we use the other key in the key pair we have a key pair PUB PUR PRB public key of B private key of B if we encrypt with the public B public key of B we can only decrypt with the private key of B that's the the requirements of our algorithm now why does this provide confidentiality let's say a malicious user intercepts the ciphertext they have C they want to find M so they have C they need to decrypt C using some key but the nature of the algorithm should be such that we can only decrypt the ciphertext using the other key in the key pair from which it was encrypted this ciphertext was obtained by encrypting with the public key of B therefore it will only decrypt with the private key of B and by definition the private key of B is known only to be it's private to be so a malicious user cannot decrypt because they don't have the private key of B so no one can intercept and find the original message M unless we know that private key only the person with the private key can successfully decrypt for this to work we need to design an algorithm such that it was successfully decrypt and a way for generating the keys such that it will work in this manner so this is just the concept how does it actually work depends upon the algorithm but people have designed algorithms that meet these requirements so that does work we'll come back to authentication we can use the keys in the opposite order but we'll come back to that after we go through an example of an algorithm to see that in use what have we got let's go direct to an algorithm we'll come back to the applications after we see a detailed example let's get to one and the most common and maybe the first algorithm or one of the first few algorithms that was developed and still use widely today rsa we're going to go through it in detail see how it works and we may see another algorithm in a little bit less detail a little bit later maybe after the midterm so rsa is one algorithm for public key cryptography there are others this is one of the most widely used algorithms where does the name come from it was developed by Ron Rivest, Adi Shamir and Len Adelman R, S and A okay so the name comes from the three people who developed this algorithm so in 1978 these three researchers developed this algorithm and then they started a company to sell products that implemented the algorithm called rsa security eventually sold to some other company so still part of another company now rsa emc i think is the company it's the most widely used public key algorithm and the way that we think of the plain text and cipher text is integers numbers it's a block cipher we take a block of text and integer and we encrypt it using rsa and commonly it's just used on small inputs but we'll come to that after we go through how rsa works so going back to our general approach for public key cryptography we need an encryption algorithm we need a decryption algorithm and we need some way to get the keys unlike symmetric key cryptography the keys must be generated and they're related in some way in symmetric key cryptography we normally just create a random key a random sequence of bits but here we have an algorithm for generating the public and private key because for the decryption to work those keys must be related so with rsa there's a key generation algorithm we'll go through the steps then there's an encryption algorithm and a decryption algorithm and we can describe the whole algorithm of rsa on this single slide remember back to des simplified des even if you remember back to that lecture des there are many different algorithms of the generating the sub keys the s boxes the different rounds and we repeat the rounds with des the 16 rounds the many large s boxes and so on that was quite complex encryption with rsa is simply take our message as an integer raised to some power mod by n so conceptually it's very very easy it's just doing exponentiation in modular arithmetic modular exponentiation and decryption is just as easy it's the same algorithm just we vary the numbers that we use to decrypt some ciphertext we take the ciphertext raise it to some power d mod by n and we get the original message back very simple algorithms conceptually to implement and to a little bit more complex but compared to our block ciphers our symmetric block ciphers much simpler for this to work we need to generate the keys correctly and that's what we'll go through first of the way of generating the keys and then we'll look at an example that shows how it works so what happens is that each user in the system generates their own key pair so imagine every user goes through the key generation steps and at the result of the key generation each user has a key pair once each user has a key pair we can encrypt and decrypt using the correct key so let's go through key generation first first step to generate your own key pair what you do is choose two primes p and q two prime numbers and then you calculate n as the multiplication of those two primes let's do it in an example actually i don't want that let's go through an example where we generate our keys for the example we're going to use very small values just so i can calculate them we can always do it in our head but we'll talk later about in practice so first rsa key generation and you think each user does this they do it independently so the first step is to choose two prime numbers p and q two prime numbers okay i'll choose two that i can calculate easily p 17 q is 11 okay we'll talk later about what are the recommender values especially regarding length but the concept is the same and then we calculate n which is p times q of 187 so that's the first step in generate our keys the next step we're going to need the totion of n we're going to use the totion of n to find some other value e but so let's first work out the totion of n Euler's totion what's the value the totion of n and in our case is 187 quickly find the answer the totion of 187 the totion remember that the number of numbers less than 187 which are relatively prime with 187 so we in the very basic form we say right number one is it relatively prime with 187 or what does relatively prime mean it means other two numbers have a greatest common divisor of one one and 187 greatest common divisor one okay relatively prime two and wait 187 what's the greatest common divisor if it's one and relatively prime three and 187 four and 187 and so on what's the answer how many numbers less than 187 are relatively prime 160 160 okay he calculated quickly we don't do it the manual way okay we've got a formula that will help us solve this quicker if we go back to our number theory one characteristic of the totion of n is the the totion of i'll just write it here the totion of a prime number is p minus one because the number of numbers less than that prime which are relatively prime with that prime it's all of them so the numbers less than p there are p minus one values so the totion of a prime is p minus one and it can follow from that the totion of two primes multiplied together remember p n is just p times q is the totion of the primes multiplied together so let's write that 187 we know because we just calculated it is 17 times 11 so do it on the full way 17 is a is a prime 11 is a prime because we just chose them that way so it's equivalent to the totion of 17 times the totion of 11 that's true if they have prime numbers and the totion of 17 is 17 minus one and the totion of 11 is 11 minus one so the fact that we chose the primes means we can quickly solve the totion of the multiplication of those two primes that's going to be needed in step two step two is select some value e some integer e such that it is relatively prime with a totion of n and it stated on the slide here is that e and the totion of n the greatest common divisor is one or in other words the two values are relatively prime so find an e which is relatively prime with 160 and it should be less than the totion of n there may be multiple values find one start small find a number that is relatively prime with 160 small as possible uh sorry e should be greater than one and less than the totion of n okay so not one there are multiple answers okay so it needs to be a number which has a greatest common divisor with 160 of one seven yeah so greatest common divisor with 160 it's not going to be an even number two has a greatest common divisor with 160 of two so that's not an answer three and 160 four five six try some numbers let's try a few so we have the totion of 187 find an e we want the greatest common divisor of e and 160 to be one so an e should be greater than one and less than 160 that's the condition so you can test them okay in a very simple form two and 160 no they don't have a greatest common divisor of one three and 160 yes that one's okay four and 160 in fact all of the even numbers have a greatest common divisor or have a divisor of at least two so the the we can rule out the even numbers five and 160 greatest common divisor is it one or higher it's higher 160 has a divisor of five so we cannot use five seven check it's okay 160 we're not divided by seven seven's a prime number and we can keep going nine i think you'll find nine is okay 11 is also okay there are multiple answers here many or multiple numbers between one and 160 which are relatively prime with 160 choose one of them that's the step two and that's the value e in our algorithm and i would choose because i've got the answer seven next so that was step two step one choose your primes calculate n step two calculate the totion of n and find e select an e such that it is relatively prime with the totion of n step three find some d calculate d such that d is the multiplicative inverse of e in in mod the totion of n so d times e mod the totion of n should be one that's our requirement find d e i chose a seven find d in other words e and d are multiplicative inverses multiply them together we get one as the answer when we mod by the totion of n which is 160 so e you're correct e times d mod our totion of n 160 should equal one e is let's give it a v e is seven in our case seven times d mod 160 equals one what value of d and you can manually try some different values okay so the very basic way seven times d mod 160 equals one means seven times d should be either 161 or 321 or 481 or some other value why because when we mod by 160 we'll get one so that's the basic way that is if seven times d if it equals 161 then 161 mod 160 gives us one is there any and remember we're dealing with integers here is there a d such that multiplied by seven we get 161 by other words 161 divided by seven do we get any an integer yes d equals 23 so we've got our new parameter d there are in fact algorithms for the computer to do this to solve it quite quickly to find such a d it's not so hard to find with it with an algorithm there are algorithms that will do it for us if you want to do it manually then basically you look at what number when you multiply with e gives us 161 plus one or two times 160 plus one or three times 160 plus one because all of those numbers mod 160 will give you one we're done we've generated our key pair the values which are generally considered our key pair the public key is e and n the private key is d and n but in practice some other values are often stored as well especially p and q they are also private it depends upon the implementation but p and q must be kept secret one way to keep them secret is to delete them you generate them using a computer two large primes go through these steps get your value of e d and n then delete p and q so then no one can find it but it turns out to help with the implementations it's usually useful to keep those values we use them later but in in theory you don't need them in practice we often do so let's write down our key pair and i will denote as the public key of our user what do we get e was seven n is 187 and the corresponding private key in this pair d is 23 and is 187 the same n a little bit conflicting in the words or the terminology here we said the public key is made public okay we can tell everyone my value of e is seven my value of n is 187 i can tell everyone once i've generated these the private key should be kept private i should keep it to myself not tell you but often because we use n we also write it in the private key n is not private n is public because it's in the public key but we often write it as part of the private key as well because we use it when we do the encryption and decryption so be careful there are really three values here e and and d d must be secret don't tell anyone your value of d e and n can be public or and are made public but often we write the private key is also including n so i generate those values i tell you my public key yep if you know e and n can you calculate d uh no if the numbers are big enough and and i think we'll run out of time today but in the next lecture we'll go through and see well what can an attacker do when we have large enough numbers for today we'll just get to let's use the algorithm the next lecture we'll analyse and see well why does it work for now i think we won't get time to see why it works we'll just see how it works so how to use it but you're on the right track that we need to start asking well what does an attacker do we will come back to that so for now we've generated a key pair everyone does that generates their own key pair you tell everyone else e and n you don't tell anyone d or p or q they must be kept secret now you want to encrypt some message here sorry let's say this is the key pair that we've generated for user b user b did this and a wants to send a message to b and we want this message to be secret to be confidential what do we do we have some message we want to send it to b what we do is we take that message and we encrypt it using the rsa algorithm and to keep the message secret we encrypt it with b's public key so to send to someone else use their public key what's the message my message is a complex one it's 88 the plain text in rsa are just integers so let's say you have a sequence of bits like an ascii message a hello you must somehow represent that as integer just as one number because that encryption operation operates on that integer and that's easy to do if you have a ascii you can create the the binary form of each letter h e l l or no get it in eight bit values and then you can combine those five eight bit values you get 40 bits and that can be your integer so you can convert any message into a single number the constraint is that the the integer m your plain text that you want to send must be less than the number n our n is 187 so we have must have a plain text which is less than 187 so i've chosen 88 what does 88 mean nothing in this context but with a larger example it could have some meaning and then we use this equation to encrypt take your message raise to the power of e mod by n and you get c so a does that a wants to send the message to b to encrypt they use b's public key the value of e is seven and n is 187 what's the answer you can go and do it on pen and paper remember last week we showed you how to do the modular multiplication or exponentiation you can break it into 88 squared three times and then time to buy 88 you don't need to do it i've got the answer for you i don't know if my calculator will do it 88 to the power of seven mod 187 11 okay so we can calculate that we send that across the network the value 11 again i know it's hard to to visualize but the value of 88 is our plain text it has no meaning in this example but if we had a much larger numbers we could have the integer to represent any information just by converting that information to binary we send the cipher text across the network b the receiver decrypts and the decryption algorithm is you take c raise to the power of d mod by n and you should get the message back let's try so b receives to get the message back let's say m prime the received value they take c 11 raise it to the power of d d it was encrypted with b's public key therefore we decrypt with b's private key in this case d is 23 n is 187 again and i need my calculator 11 to the power of 23 mod 187 any guesses 88 magic it works that is with these numbers at least when we took 88 raised to the power of e mod by 187 and then took that value and raised it to the power of d this other number mod by the same n we get the original message back and that's what we need for encryption we need to be able to encrypt get cipher text and decrypt and get the original plain text otherwise it's useless it worked in this case it will work in all cases because of the way that we chose those keys e and d why or before we go through why will it work any questions on the step so far not on how we attack it but just on how we generate the key and how we encrypt and decrypt any questions so when we have a quiz on thursday if we have a quiz then you can encrypt with rsa decrypt with rsa generate rsa keys at least for small values all right you need a calculator for this step well you don't really i could ask you i wouldn't in a quiz but i could ask you to solve it manually uh by expanding it out you could but i'm not that mean uh not in a quiz in an exam i'm meaner than that so you may have to solve these manually but the steps you should be able to generate your own key pair using small numbers like i've just chosen any questions first well the last thing today yeah why does it work if we change m to a different value will it always produce when we get the ciphertext and decrypt with d will we always get m back here well yes it will why let's have a quick look let's look in general the equations sorry c we start with the first equation we have is c equals m to the power of e mod n and the other equation we have is m the decryption is c to the power of d mod n so let's start with the right one let's start here m so the other two equations we have we want to see if we start with m encrypt and then decrypt will we get the original m back start with the right equation and do some substitutions so that's just the right equation the right hand side now let's replace this c with this c okay we know c equals m to the power of e mod n let's call this m m prime meaning the the decrypted m we take our ciphertext decrypt and we get m prime now let's replace c with the top left equation c is in fact created by taking m to the power of e mod n all to the power of d mod n so i've just done a substitution in that case we can expand this that is m to the power of e mod n all to the power of d we have the same properties in normal exponentiation m to the power of e all to the power of d is what m to the power of d all to the power of e in normal arithmetic equals with normal arithmetic m to the power of e times d the same applies in modular arithmetic and you can check and go back to our properties to see that m to the power of e to the power of d is the same as m to the power of e times d mod n mod n well we don't really need that all i did was effectively bring this d inside here m to the power of e to the power of d is m to the power of e times d mod n and we have the second mod n but note if you mod n multiple times it's the same as modding n one time 12 mod 10 is 2 mod 10 is 2 mod 10 is 2 if you keep modding 10 you'll still get 2 so it doesn't matter how many mod n's we have here it's equivalent to just to one mod n so it simplifies to m to the power of e times d mod n so if we take our original message m raise it to the power of e times d mod n we get m prime our encryption and encryption will work if m equals m prime that's our requirements for successful decryption to get the original m back so it leads to the question is in what conditions does m equal m prime if you take some number raise it to the power of e times d and mod by n you get that same number as an answer if we have those conditions then our decryption works and I'll write that a different way yeah one of our theorems from the previous topics going to help us let's write it differently but just change the variables instead of m prime we require m prime and m to be equal let's say we require something like this a equals a to the power of something e times d mod n when do we have such a condition and this will be our last thing we look at I have to go back to last topic which will give you the answer here when does a to the power of something equal a in mod n when that something is the totion of n plus one so we will use this theorem to find the conditions when rsa algorithm works but we've run out of time so the next step what we do is we take this algorithm and we'll use it to find the last two conditions that if we think of that as the totion out the the theorem was like this totion of n almost the same when are when are these two equations the same when are these the same when e times d equals the totion of n plus one if we have e times d equals the totion of n plus one let's finish today I mean let's spend another minute to finish those two will be the same if this is true when is this true well when e times d mod the totion of n equals one that is mod this by the totion of n and you get the left side mod this side by the totion of n divide by the totion of n the remainder is one the totion of n plus one mod the totion of n is one left over so that's our condition for when rsa will decrypt and if you go back to the key generation we have this condition we chose a d such that when we times by e and mod by the totion of n we got one so the way that we generated the keys made sure that this condition was true which makes sure rsa decrypts successfully so that's the way to show that rsa always works if you generate the keys and that that's approach with the algorithm we we use that's a bit involved try and understand make sure you know the key generation encryption and decryption and then try and understand the concepts behind why rsa works what we'll do next lecture is attack rsa if we're the malicious user how can we find the plain text given the ciphertext or even better how can we find the key the private key given just the public key or the ciphertext we'll look at that next lecture everyone's awake good if you're interested in rsa you may have seen or in security in general sorry i've got it somewhere you may have seen in the news last week and this week and the technical news that people have come up with ways to break rsa researchers cracked the world's toughest encryption they're referring to rsa by listening to tiny sounds maybe your computer or your cpu the setup is a laptop here decrypting with rsa a microphone it listens into the cpu actually listens to the noise it makes and comes out of the fan of the the laptop and then from that they determine the secret key just by listening to the cpu from a distance of one to four meters it works and if you're interested this week i'm going to give a presentation maybe at a lunch time break because no one no one has any free time about how it works so i'll send out an announcement tomorrow maybe it's not required to attend only if you're interested in knowing out knowing how it works it will most likely be friday lunchtime then we'll i'll give some plots and some results from their paper that show how that works okay that will be breaking rsa it's not needed for the lecture only if you're interested