 The reason for introducing those parts of number theory is because we're going to apply them in the topic of public key cryptography So in terms of cryptography for for this course so far we've lonely considered symmetric key cryptography That is both sides use the same key User a encrypts their message using secret key K Sends the ciphertext to user be user be decrypts using the same secret key K The there's symmetry between the keys But there's another approach the problem with or a problem with symmetric key cryptography is somehow we need to distribute keys somehow I need to get the key to the other side and We need to do that in a secure manner so public key cryptography is another approach and We'll see some of the algorithms used for public key cryptography use the concepts of number theory we introduced So what we'll do today is quickly mention the concepts of public key cryptography and then go through an example of a real algorithm The principles first of public key crypto systems or public key cryptography. There are different algorithms that implement this We'll go through an example of RSA, but there are others as well, but we use RSA as a detailed example so from the beginning of cryptography up until about the 1960s it was mainly about symmetric key cryptography using permutations and substitutions so we saw with des simplified des that it goes through some complex steps of all these rearrangements permutations and replacements substitutions in the 1960s the NSA in the US discovered or said to have discovered the public key cryptography They developed this new technique, but it wasn't known about this until much later and Similarly in 1970 the similar organization in the UK were developed the first known technique for public key cryptography But again, this wasn't made public and the first public announcement of public key cryptography was by Diffie and Helman and maybe Merkel was a third guy involved in the 1970s Some people are developed a new approach, which was now called public key cryptography and their idea Diffie and Helman and a third person called Merkel work with them their idea was to with Symmetric key cryptography the problem was key distribution You need to get your secret key to the other person and the normal ways for doing that was to have a third party that trusted That you had to trust that helped distribute the keys But that relied on in trusting some third party some other person to distribute the keys for you They wanted to develop a technique that didn't have to rely on a third party to distribute keys So you didn't have to trust someone else with your keys And they also wanted to develop digital signatures a Signature as you know when you sign something that acts as some evidence that this document came from you you sign a document and Later people use that signature as proof that you agreed to that document that it came from you They wanted to develop a similar concept where you could sign some document Maybe a file Such that later it could be proved that you agreed to that document or file that it came from you So that was their motivation and they Diffie and Helman developed a technique and we'll see their technique later But shortly later if there was some other algorithms developed and one was called RSA which we'll cover today developed by Revest Shamir and Edelman with RSA in the name of the algorithm But before we talk about algorithms we'll talk about the the general techniques of public key systems Symmetric key algorithms same key for encrypt and decrypt Asymmetric algorithms so public key cryptography the other name is asymmetric cryptography because we don't have the same key For encrypt and decrypt. We have two different keys. We use one for encryption and a different key for decryption But the two keys are related in some way in Symmetric key cryptography. How do you choose your keys? You've all did the homework. I think it was due today. Correct Yeah, okay, so you've done your homework. How did you choose your keys? Random okay, so you generate a random number to act as your key in public key cryptography The keys are not chosen randomly. There'll be two keys we'll use some algorithm to generate the keys not a random algorithm and They'll be generated in such the way that the two keys are somehow related mathematically related and What will require is that? One of those keys will normally be made public. We can tell everyone that key the other key is Kept secret we don't tell it everyone so we have two keys now So we can talk about a key pair One of those keys we can tell everyone what the value is so it's not a secret key But the other key in the pair must be secret and we give them names a public key and a private key So we'll see that each user has a pair of keys now One's called the public key one's called the private key and the algorithms for public key cryptography will be such that If you encrypt with one key Then the cypher text that you get can only be successfully decrypted if you use the other key in the key pair That's what the algorithms must be designed to to support if I encrypt with a public key Some plain text and get some cypher text The algorithms should be and the keys should be generated in such a way that the Cypher text can only be decrypted using the corresponding private key and What will require is that because we have two keys One will be used for encrypt one for decrypt one will be public one will be private It must be such that it's hard for the attacker given one of the keys to find the other That is given the public key It must be practically impossible for the attacker to find the private key because if they can find the private key It's no longer private and our security is defeated So we'll say that the algorithms require the keys to be related in some way But even though the attacker knows that relationship given one of the keys It should be hard for the attacker to find the other key and that's where our number theory will come in some algorithms support the feature that You use one key to encrypt you can only decrypt with the other key and you can use the keys in the opposite order If you encrypt with a public key, you can only decrypt with the private key or If you encrypt with a private key, you can only decrypt with a public key So we'll see the advantage of that Optional feature not all algorithms support that so let's introduce the terminology We talk now about a key pair a public private key pair and We think each user in our system has a key pair their own key pair and The keys are called a public and private key So we'll denote the public key of user a is pua and the private key of user a is pra subscript a for the user and You think every user has their own key pair The public key as the name suggests can be made public You can tell everyone in the world what your public key is. It's not secret and the private key Should be kept secret if you tell someone your private key the system fails. It will not be secure and We can achieve two different security services with public key cryptography We can try to do confidentiality or listed on the slide secrecy I want to send a message to someone such that no one else can see the contents of that message That's what we use symmetric key encryption for keep a message secret for private To do so with public key cryptography We will use the public key for encryption and Use the corresponding private key for decryption But in practice public key cryptography is made mainly used for another purpose authentication Proving that a message came from a particular person and that uses the keys in the opposite order It encrypts with a private key Can anyone see the mistake on the slide down here The last line of the slide instead of says to saying decryption should say encryption here So fix that on your handouts The private key for authentication is used in encryption not decryption Just I make mistakes just to make sure you're awake in this lectures, okay So the private key is used for encryption for authentication And the public is used for decryption and the TV is on Okay, so we'll see examples of both We'll just talk about the general concepts in the next two slides And then we'll go through a specific example that uses some of our number theory Let's say I want to send a message to someone such that no one else can see the message. It's confidential So user a user a is on the left here user b is on the right Assume everyone has their own key pair So everyone has generated their own public and private key and We know everyone else's public key If I'm user a I know my own public key I know my own private key and I know everyone else's public key so in this slide user a knows the public key of user b and user a is going to send the message to be With the aim an attacker cannot find the message. They cannot read the message. We keep it confidential The approach is we take our message and The plaintext and we denote the plaintext as m We don't use the letter p because we use p for the keys so we usually refer to the the plaintext message as m and We use the public key of the destination. I Want to send a message to be So I use bees public key To encrypt that message so I use some encryption algorithm And I obtain some ciphertext the ciphertext C is obtained by encrypting The message m using the key pu b So encrypt a message with in a with a key and that key is the destinations public key I Send the ciphertext B gets it To get the original message back B applies a decryption algorithm and They use the corresponding key in the key pair, which is the private key of B B knows its own private key So B uses their own private key in the decryption step decrypt the ciphertext using bees private key and The algorithms the encrypt and decrypt must be such that we get the original message back and we'll look at an algorithm that does that that is Decrypt using this different key different related key than used for encryption and That result the output of the algorithm should return the original m the original message So for this to work we need some algorithms such that when we encrypt with one key and Then decrypt with a different key We'll get the original input back and for security purposes It must be hard for the attacker to find the message Find m You're the attacker you intercept the ciphertext. What do you try to do? How can you try and find the message if you're the attacker and you can intercept the ciphertext? How do you find the message? What do you need to do? Think about as the attacker. What do they know the attacker knows the ciphertext? What else do they know on on the picture the notation? What do they know? Not so we need to be careful now. We can't say the key because now we have two different types of keys. They know the They know the public key So the attacker knows in this case C the ciphertext is known They know the public key of B because the public key of B is public to everyone including the attacker They know e that is they know the algorithm for encryption. They know the algorithm for decryption What do they want to know? M or the private key I Want to know M if I know the private key of B then I can decrypt Because I know C. I know D if I know the other input then it's easy to decrypt So the private key of course must be kept private So what the attackers challenge is given the ciphertext given the public key? find M and or find the private key and The the challenge for making this secure is that the private key and the public key are related in some way They're not just randomly chosen. So there is some mathematical function that relates them that we'll see shortly So assuming that we the attacker cannot find the private key then this provides Confidentiality because the only person with PRB is user B Therefore the only person who can decrypt the ciphertext is B No one else can decrypt so no one else can see the message So if the attacker cannot find the private key of B then this provides confidentiality there's a variation or there's We can use a similar technique for authentication but what we're going to do today is go to an example of an algorithm for E and D and Then later we'll come back maybe next week and look at the authentication approach but since you're all fresh and Fresh with respect to number theory. You've all done the quiz So we'll go through an exact an example of an algorithm that uses the number theory that we've studied over the last few lectures the algorithm is called RSA and We'll go through an example the algorithm is just described on this slide But we'll go through an example to illustrate it and explain it. There are three operations in the algorithm There's key generation So we need to generate a public and private key pair each user generates their own key pair So there's some an algorithm for doing that. You don't just choose random keys There's an algorithm for encryption and there's an algorithm for decryption So we'll go through the first one of generating keys first and to do the example We're going to use some small numbers But later we'll talk about well in practice. You will not use such small numbers You'll use much larger numbers, but the the same algorithm is used Small numbers just so we can calculate In our head so the algorithm is called RSA and The first thing we're going to do is the key generation steps We want to generate our own key pair and the first step is to choose two prime numbers And we'll denote those prime numbers as P and Q prime P and Prime Q can someone choose a prime number for me to 17 keep going Any others 111 I don't know if that's prime maybe too hard some that I can calculate in my head 71 so we choose two prime numbers, okay, and you can choose any two They should be different for now. We can choose any two. We would choose two small ones so that we can Be sure that that prime and and that we can use them in the calculations easier someone said 17 and Another small one and it will help to be small just for the calculations 11 two prime numbers in Practice for security you would actually choose two very big prime numbers Very big in terms of hundreds of digits So that's the first step. We choose two prime numbers. Don't tell anyone the prime numbers Okay, so they have two secret values This is what you do to generate your key We multiply them together These steps are described on the slide. We'll just go through the example multiply them together What do we get? someone has a calculator 187 so we have a new variable n wouldn't it use that shortly The other thing we need is the tosian of n. How do we calculate the tosian of n? Yeah, we can do it a long way Look at all the numbers up until 187 check if they're relatively prime with 187 or we can do it the fast way By recognizing in this case the tosian of n is the tosian of two primes multiplied together And they meet that condition that they are relatively prime So it becomes the tosian of p times the tosian of q the tosian of a number which is made up of multiplying two numbers which are relatively prime with each other is the tosian of those numbers Multiplied together and the tosian of a prime number is just that prime number minus one The tosian of a prime p is p minus one that is the number of numbers relatively prime with a Prime number is all of those numbers up until and less than that prime So this is something we saw in the number theory examples Which is what? 16 times 10 so that's easy to calculate and The reason we choose two primes at the start p and q One of the reasons is that we can easily calculate the tosian because we'll need that in the Shortly so if I chose some n which was not made up of multiplying two primes together Calculating the tosian we said calculating the tosian of a large number is quite hard Unless we know that that tosian that number is made up of two primes multiplied together So this is easy to calculate next step Let's introduce a new variable e We choose some variable e and the conditions of e is that it's relatively prime with 160 our tosian of n or Relatively prime remember the greatest common divisor of e and the tosian of n should be one So that this this step is choose some e such that it is relatively prime with the tosian of n What numbers are relatively prime with 160? There are many the other condition note here E should be greater than one maybe that's obvious and less than the tosian of n So we get to choose an e here What about let's try what about two is two? Relatively prime with 160 Greatest common divisor of them is not one so no we can't use two three is Three relatively prime with 160 See yes as a nose check Three is a prime number can one hundred and sixty to be divided by that prime number No, so that means that the greatest common divisor is one So yes, this one's okay. This could be the value of e, but there are other values We could choose from we will not go through many, but what about four? No, because in fact two is being ruled out so Even numbers won't work five 160 is divisible by five so that's no good six won't work because that's an even number Seven can one hundred and sixty to be divided by seven can one hundred and sixty be divided by seven So is it relatively prime with one hundred and sixty? Yes, okay, so seven is okay So we could have is seven will say how do we select later eight? No nine nine you can check is not Has a greatest common divisor of one with one hundred and sixty So nine is okay, and we can keep going. We'll find other numbers Eleven's okay, and and there are others We just need one value Later, we may talk about what what would be the better value, but let's just choose one for now And I will choose let's say seven my favorite number E equals seven so choose a value Which is relatively prime with the tosian event? We'll go through the steps, and then we'll see why we do these steps by doing some analysis Now choose another number or find another number D such that E writer E and D a Relatively prime in mod the tosian event. I'll write that a bit different choose a D such that E times D mod The tosian event Equals one so we know E We know the tosian event 160 To find a D such that when we multiply by E and mod by 160 we get one So in modular arithmetic E and D are relatively prime in the tosian event of N So we can write that with our values E was seven Seven times something Mod 160 Equals one What is that something that'll be our D? easy way to Manually solve that is okay seven times something Should equal either one hundred and sixty one Because when we take one hundred and sixty one a mod by one hundred and sixty the remainder will be one Or if we can't find such an integer seven times something equals 321 why 321 mod 160 is one Remainer is one. So we need to find an integer that matches one of these conditions We'll try some or for example 481 That is try Is there an integer? That or can we divide one hundred and sixty one by seven and get an integer Yes, or no Check find the answer So the general approach if you're doing it by hand is to check what numbers can we multiply by seven to get some number? Which is when we divide by 160 has a remainder of one so Seven times something equals one hundred and sixty one or seven times something equals 321 or equals 481 or keep going in this one. It's easy. You only need to try one. I think what do you get? 23 seven times 23 is 161 so we didn't need to do the next two steps. We just need to find a value that turns out that seven times 23 is 161 so we'll set our D Equal to 23 If we didn't find an integer here with different values, we then we'd try for other values now We're finished. We have finished the key generation steps and we denote the keys We have say the public key will be the value of e and We also include the value of n in the public key. What was what was n? 187 and the private key PR We say is the value of D 23 but for completeness we actually include the value of n in the private key Say something about that So usually we say that the public key is the value of the pair e and n those numbers that we found and The private key is D and n those numbers that we found the same end Before we use these keys. Let's just go back and know what's secret What values in this step should we not tell anyone? P and Q should be kept secret our two primes that we started with And n does not is not kept secret n is actually part of the public key Right an attack may try and find p and q from n. Okay, so I just said p and q must be secret But n can be public So if you know n 187 how do you find p and q? So if I gave you 187 what would you do? You try and find p and q by finding the two prime factors, but we said In number theory, that's a difficult problem when n is large if you have a very large number To find the two prime factors p and q is practically impossible with if those numbers are large enough So with that 187 yes, we can I give you 187 you'll find p and q is 17 and 11 but if I give you a a an n which is 4,000 bits long Then give you the task go and find my p and q you won't be able to do it Because it would take and we'll give numbers it would take millions of years or millions of centuries to do so so When we move to the secure version we'll use larger numbers so n is Public that is known by others p and q must be kept secret What else must be kept secret? The totion of n we should not tell anyone 160 we'll see why he is public We'll set that as our public value and D is private or secret the algorithm is public the attacker knows how I did this and The result of the algorithm is to pair to To what we can say keys, but they actually made up a pair of values The public key is a value of e and n E is 7 n is 187 I can tell everyone those I tell you my value of e is 7 my value of n is 187 you'll need them to encrypt and decrypt But my private key I keep private but be careful there the the real secret value is D I don't tell anyone D But we often say that the private key includes also n but n is public It's you know it. It's in the public key, but in practice when we store the keys We usually store e and n in the public key D and n in the private key, but be careful. The only thing secret is D And is not secret because it's in the public key so we have We have generated our keys Everyone does that in their in their own way they choose their own p and q and generate their public and private values And then distribute those values to others Let's encrypt and let's maybe I'll give you another example Before we encrypt make sure everyone's up with this. Let's give you another case Generate your key go through the key generation again For a different user and to get you started. Let's say that user chooses these values p of 13 and q 23 generate the keys so You generate the keys for this user. So each user does it separately Complete the steps for the key generation And if you can't remember the from the ones I did they are on the slide On this slide these three steps choose primes p and q where we just did that calculate n Calculate the totion of n we'll need that Select an e where the greatest common divisor of the totion of n and e is one And then find d Where D and e the inverses of each other the multiplicative inverses in the totion of n that is e times d mod the totion of n equals 1 So do those steps for a given p and q 13 and 23 Everyone have their own key pair So let's go through the steps. There are different answers that you may come up with just We'll see what others come up with so what's n n multiply the two values together Is what? 299 the totion of n is p minus 1 times q minus 1 or 12 times 22 Which is 264 so they were the first two steps. So just multiply our two primes together Gives us n The two primes minus one together Gives us the totion of n so they're easy to do Choose an e such that again the greatest common divisor of e and 264 equals 1 And the other one that i won't write down is that E should be less than the totion of n What values of e did you get? 5 7 Anyone go any further? All right, so you can get multiple values. So you can choose one Let's choose five We know that what is it five? All right, e is five because The greatest common divisor of five and 264 Is one so e and then if if e is five some people did e is seven So we'll just write that for those people Another option e was seven If e was five What's d? If e is five, what's d? Everyone found d 53 why 53 53 53 and five relatively prime in the totion of n that is Five times 53 mod 264 gives us one d equals 53 in that case y five times 53 mod Totion of n 264 Equals one and that was our condition that we say e and d are the multiplicative inverse of each other in the totion of n Remember multiplicative inverse When we times two numbers together and we get one when we mod by the Modulus in this case the multiplicative inverse in the totion of n That is times e and d together we get one If you chose e is seven, what d value did you get? Someone chose e of seven What d value did you get anyone? 151 Seven times 151 Mod 264 gives us one Takes a few more steps to find that one Okay, but still you can find the answer. So we have our keys. Let's use the first one I'll call this user b The public key of b our second user e Is five n 299 And the private key d Is 53 And we'll also include n here So that's our key pair for this user user b our second user a common exam question Here are two primes Find generate your own key pair To do those steps We'll go back to our first user because we also did it for the first user Actually, we can write it here We fit it on Our first user That's to be clear. This was user a The public key of user a and the private key of user a So we have two keys each user has their own key pairs. So two key pairs Let's use them. We'll write them again. We've got User a And user b what was d 53? So each user at the start generates their own key pair a and b have their key pair those values And now they exchange public keys. Let's tell each other Their public keys. So what is known by each user is your own key pair plus the other's Public keys. So let's say that a also knows Pub is the value stated here Keep track of what's known They didn't generate that but b told them. This is my public key and similar a told b It's public key Exchange the public keys So we've generated keys exchange public keys and now we can encrypt and decrypt. That's our that was our goal For example, let's send a message from a to b confidentially from a to b and let's choose a message and For rsa our algorithm. We're using the messages must be converted to a number And the number must be less than n So how do we convert a message to a number? Let's say I want to send the message. Hello Then we need some way to convert that into a number So we can convert it to binary maybe using ascii encoding and then treat that sequence of bits as some integer Okay, so we we the message is a number in this case. So I will not Start with a message. I'll just choose a number that we say is our comfortable confidential message Anyone want to send a message? What message would you like? Hello, but we'd like to make my life easier. Let's just choose a number Okay So if it was hello, I would convert that using ascii to a sequence of what five times eight bits 40 bits And then we could treat that as An integer a 40 bit integer But in fact with rsa the number that we get that we send must be less than n Okay, so here our ends are up 299 or 187 We did a smaller number in this example with a real example We would have much larger n and we could encrypt hello So for this example, I'll just choose a number maybe Small number We've used seven many times here. Let's choose a different number Let's try our random number generator choose a number between 10 and 20 15 good That's our message Now again in practice our message Wouldn't can be needs to be converted into an integer. There are some conditions But let's say we want to send the message from a to b and that message m is 15 so Our encryption algorithm now to encrypt plain text m Where m is less than n first What value of m? Who's key am I going to use to encrypt this message? a is going to encrypt m and send the ciphertext to b Whose key is a going to use which key? a knows three keys p u a p r a p u b Which one will I use to encrypt this message for confidentiality and send it to b? I use the destinations public key Okay, so I will use p u b in this case Maybe we'll denote it as we'll encrypt to get the ciphertext. We'll encrypt using p u b m To send a message confidential that confidentially to someone else use their public key and the algorithm m must be less than n Is m less than n n in this case is? 299 so yes, we've we've met that condition m is 15 to encrypt take m Raise it to the power of e mod by n In our case m is 15 e in the public here b is 5 mod by 299 What do we get? We need a calculator 15 to the power of 5 mod 299 15 to the power of 5 mod 299 214 Okay, the answer the ciphertext is 214 We send that to b That's the ciphertext When b receives the ciphertext they decrypt Which key do they use to decrypt? It was encrypted using the public key of b Public key Ciphers work such that if you encrypt with one key in the key pair You can only successfully decrypt with the other key in that same key pair This was encrypted with a public key of b. We must decrypt with the private key of b So The m that we get when we decrypt Will decrypt with the private key of b The ciphertext received and we'll see what we get And what is the decryption algorithm? It's in fact the same as the encryption algorithm But we use some different values Decrypt is take the ciphertext Raise it to the power of d that private value mod by the same n Let's try it and see what we get c to the power of d mod by n What is n? n is 299. So again, we're using the private key of b d is 53 n is 299 So we use those values and c is our ciphertext 214 to the power of d Hope our calculator will handle this mod n 214 to the power of 53 mod 299 What do we get? 15 That's good If we didn't get 15 we'd have a problem Our requirements of encryption and decryption is when we decrypt with the right key We'll get the original plaintext back if we didn't the algorithm is of no use to us And we can prove later that we will always get the same message m back So that's it. That's rsa in use We encrypted some message m using the public key of b Send the ciphertext to b b decrypts using their own private key And the algorithm is designed such that you'll always get the same m back if you follow those steps as long as nothing's changed If you follow these two steps, we'll get The original m 15 a common exam question is prove why Prove why m will be the same. We'll see that not today. We'll see that next week Any questions before we look at some potential attacks? Right and the the beauty of rsa is that these encryption and decryption algorithms are Very simple Take some number raise it to the power mod by n The encryption and decryption algorithm is in fact the same So implementation wise they are the same. It's just that the numbers that we use are different Something to the power of something mod n something to the power of something mod n Very very simple to describe But turns out to be very secure if we use appropriate values and appropriate values usually means large numbers of p and q to get started large primes Whereas if you remember des Des we went through all those or simplified des even we went through two rounds where we have permutations S boxes key generation Xors and so on Whereas here encryption is just m to the power of e mod n very Simple but very secure Any questions of how to generate keys or encrypt? Okay, let's then look at Why does it work and and what why is it secure? Let's look at what the attacker may do to try and find m What does the attacker know? in our specific Specific example what values do they know? They know the public key of b They know the algorithms. Okay, they know the exact steps which we use for key generation and encrypt and decrypt That's public and they know the ciphertext. So they know they know the algorithms the ciphertext and the public key So we know c equals 214 We know What else do we know? We know the public key of b e was What five? Is that right? n was 299 And we know the algorithms the steps which we use. What do we want to know? Let's say we want to find the message. The idea was confidentiality. We want to find m How do we find m? Let's look at the algorithms Let's write them down at least the encryption decryption Encrypt we know was c equals m to the power of e mod n So let's write that with what we know c is 214 m we don't know e is five we know that n we know is 299 So the attacker knows this the easy They want to find m We have an equation here four variables c m e and n three of them are known Normally with an equation with four variables three known we just rearrange and find the unknown How do we do that? What do we? What operation do we do to find m? And what's it related to? How do we find m? By solving this equation What could we do or what operation is this like? All right a brute force attack could be to try all values of m. Let's try m equal to one Does one to the power of five mod 209 equal 214? No, m is not one m equal to two two to the power of five mod 299. We don't get 14 Keep trying eventually you'll get an m that when you raise to the power of five mod by 299 You'll get 214 and you found m. So a brute force attack here try all values of m Try all m That will work How do we stop that? How do we stop a brute force attack make m large? Or allow m to be large? Because a brute force attack requires the attacker to try all possible values of m or at least half Or all in this case So if m can be a very large number then they have to try many potential values And in fact to make m large In the algorithm the condition was m should be less than n So n must be large For m to be large n must be large because m Must be less than n. So we need to choose an n which is very big That's one security condition But instead of the brute force try all m. Can't we solve this? Can't we just rearrange it? What do we rearrange? What do we get? It's something about the logarithm remember the discrete log of some base m in mod 299 of 214 Equals the index five So it's it's related to solving a discrete logarithm In fact, it's not finding what the index is it's finding the base that gives us that index and it turns out it's Essentially the same difficulty in terms of problems Finding the base or finding the index are hard problems to solve if you have large values Solving discrete logarithms is considered computationally Infeasible if we have large enough values So step one for the attacker try all m step two have some algorithm to solve a discrete log and that's Not possible again if n and m are large So finding m directly from that equation if we have the appropriate size values, it's impossible in rsa What else can we do as the attacker? Maybe another approach All right, if we can't find m What's the other equation the decrypted equation? We know that We know that m Equals c to the power of d mod n We know we don't know m We know c We don't know d We know n So we have an equation we've got two unknowns So we need to find one of those unknowns Well, we couldn't find m. Can we find d? If we do find d solving this is easy. Just use my calculator So if we can find d We will find m How do we find d? Well, we know something about e and d e times d mod The notion of n Equals one We know e So this is the equation from our key generation algorithm. We know e We don't know d Do we know the notion of n? How do we know it? You're the attacker. You don't know anything we did before Find me the notion of 299. What do you need to do? Factor it into its primes is the easiest Way to solve that you could do the manual approach go up to 298 98 but that would take too long if it was a large enough number So To find d we need to find The notion of n and there are two ways factor Into p and q and then it's easy Or the other approach the the brute force that is try all the values up to n minus 1 All right, the manual approach With large enough values of n It's Computationally infeasible to try all the values from 1 up to n minus 1 and find the count the number of Numbers relatively prime so with large n it's practically impossible to manually solve the notion of n and factoring numbers into their integers is Practically impossible as well We'll stop there think about that go back to the number theory Notes just to make sure you know these steps that we're using and remember Factoring a large number into its primes is hard Calculating the notion of n without doing that is hard And solving discrete logarithms is hard and that leads to the security of rsa