 RSA is a very common crypto system named after its three authors. So we have Rive Rivest, I apologize if I'm pronouncing their names wrong, Adelman and Shamir, for which RSA is then an acronym for that. This is one of the, oh, I think I went out of order there, I guess RSA, Shamir would come first. But anyways, it's kind of weird for authors in a mathematical paper to be listed non alphabetical order, so it really should be A, R, S, but whatever. RSA is what we're going to stick with here. So the RSA public key crypto system is a way for which we can get past some of these problems right here because Alice and Bob will actually have a public key that's made public to everyone. And if you want to know if you're communicating with who you want to, you just have to use their public key. So let me explain with respect to our fairy tale here. So instead of having a chest go back and forth between Alice and Bob, let's say that throughout the entire kingdom there are buckets all over the place. So in the common square, in the library, in Bob's kingdom, everywhere you see these buckets and inside of the buckets there are locks. And these locks are currently unlocked, right? So you see all these little padlocks sitting inside these buckets so that any citizen, any merchant, any traveler, Bob, anyone could come and grab a lock to lock a chest. So if someone wanted to send something to Alice, they would then take their chest, right, and then they would put Alice's padlock on it. And so it would be shut and that Alice is the only way who can unlock the chest. So that way when this gets sent to Alice, she's the only one who can unlock it. And this is the idea behind RSA, this public key crypto system, that these public keys, these locks, are available to anyone, everyone. We publish this on our website, whatever. Everyone has access to this public key. But despite the fact that everyone has the public key, you might have Eve, who's going to come over here. It's like Eve, she takes a lock. She takes one of these public keys and she tries to study it. But no matter how much she looks at the lock, the fact that she has the lock, she still doesn't know the key. She doesn't have the key and she's unable to make her own key using the lock that Alice provided to everyone. This is the nice thing about a public key crypto system. So let's get into the details here. Let me show you how to implement the RSA crypto system inside of modular arithmetic, Zmodn here. So what Alice is going to do is she's going to choose her public key, which will consist of two things. First, she's this, the modulus of the group will be known. This could be a, this could be a shared modulus. So like Alice and Bob have the same modules, or in fact, they can make up their own. It doesn't matter. So Alice will choose some modulus. She's also going to choose some number E, which we often call it E because we really should be thinking of this as a exponent. So this is going to be public information. Now what Alice is going to do is she, in addition to her E, she's going to choose a private key D with the, with the property that D times E, when you raise M to the D power, this is the same thing as M, working mod N right here. So I said earlier that Alice and Bob probably use the same modulus. I actually misspoke. It would be much more secure that if Alice and Bob use different moduli. That way, even if Bob turns trader, Alice's communications with others will still be secure. So Alice will use her own modulus N. She'll use her own public key E, but then she has the secret number D, which she doesn't share D with anyone. No one, no one, no one, she takes it to the grave. But D and E have the property that the product of DE, when M is raised to that power, will give you back M. I'll show you how to compute that, these numbers E and D in just a moment. So let's first tell you how the public, how the, how the crypto system works. So Bob doesn't know the number D. This is a secret key. He doesn't see it. But what he does have access to is E and the modulus N right here. So if there's a message that Bob wants to send to Alice securely, what he's going to do is he's going to take his message and he's going to raise it to the E power and reduce it mod N. And of course, he should probably use the repeated squares algorithm to make this computation not endless, right? We want this to be done efficiently. So he would use the repeated squares algorithm to compute E to the M and reduce it mod N. This will then give the cipher text S for which then Bob will transmit the cipher text to Alice. All right? So Alice then receives the cipher text and because she knows, she knows the secret key, she's going to calculate S raised to the D power. Well, since S is just M to the E by exponent rules, which live inside this group, we're going to get M to the D E, but M to the D E is the same thing as M. Therefore, Alice is able to gain the original message that Bob was trying to send to her. And it turns out E's droppers like Eve would not be in a good situation to unravel this. So again, let's see how this protocol works one more time. So Alice and Bob are trying to communicate with each other. So Alice publishes her key. So she publishes the key E comma N. And so what Bob wants to do is he has a secret message M. He's going to then calculate M to the E power using Alice's private public key, excuse me. And then this computes the cipher text. The cipher text will be public knowledge. And so then he transmits that to Alice. Alice then takes this public cipher, the cipher text S, but then she's going to raise it to the secret power D. And then that will turn back to the number M right here. So just so we're clear, those things in yellow is going to be public information. Those things in red are going to be secret information. So that only Alice and Bob are aware. Now Eve, of course, who works secretly, right? She doesn't tell people the devious thing that she's up to. So Eve is going to intercept the cipher text S. And she also has access to Alice's public key. Everyone does because it's public. But can can Eve actually decode the cipher text using Alice's public key? Not if the not if things are chosen correctly, not if we have a good one way function. So let me explain how Alice creates her public or her private key so that Eve is unable to figure it out. Let's talk about how to make this work. That is, how does Alice actually compute her private key? And why can't Eve compute her private key? So when when Alice chooses her number E, she doesn't just choose any random number, she has to choose a number so that the GCD of phi and phi of N and E is equal to one. And so because if these numbers are co prime, that would tell us that E belongs to the group Z phi of N star. All right. So phi E of N star. So it's relatively prime. So we can compute the multiplicative inverse of this. And this follows from the Euclidean algorithm, essentially. So we can compute a linear combination of E and phi of N that combines to be one. The coefficient of E in this linear combination is its inverse. Therefore, the inverse, the multiplicative inverse of E will equal D when we're working mod phi of N. All right. And so this then has the property that when you multiply D and E together, you're going to end up with one minus K times phi of N. So why is this significant? Well, if you take any message X and you raise it to the DE power, well, DE is the same thing as one minus K phi of N, which if we rewrite things by exponent rules, you're going to get X to the first, then you're going to get X to the phi of N to the negative K power, again, just by exponent rules. Now Euler's theorem comes into play here, right? If you raise a number mod N to the phi of N power, that gives you back a one and one to any power like the negative K power is going to be one as well. So this simplifies to be X because we've chosen this element D in the strategic manner. And so therefore that shows why the decryption process will undo the encryption process. So we have a capacity to undo the encryption that Bob does, but why can't Eve do that? Well, what does Eve need to do? So if Eve will have E, that's public information, if she has phi of N, then she can compute that they're relatively prime, which Alice already did that. So then she could run the Euclidean algorithm to then compute this linear combination, which would give her the number D. And once she has the number D, she can then compute the cipher text to the deep power and give back the original message. So you might have noticed that in that conversation, there was an if, right? So Eve will have the number E Eve will have the cipher text. So she could calculate S to the D if she knew D. So how do you get D? Well, D you have to know phi of N and then you run the Euclidean algorithm, which she knows. So the secret is really based upon phi of N. How does she compute phi of N? And it turns out this is not an elementary, a simple calculation, right? So since Eve knows E and N, can she compute D? Well, like we said, it depends if she can compute phi of N. So if she knows phi of N, then she can compute D the exact same way that Alice does. So how do you go from N to phi of N? I mean, phi of N, of course, is just a function, right? Can't we just evaluate the function on N? Let's talk a little bit about this totion function a little bit. This totion function is a very important function from number theory. And it's a function which we call multiplicative, meaning it has the following property. Phi of 1 is equal to 1. And whenever the GCD of A and B is equal to 1, then phi of AB is equal to phi of A times phi of B. So when two numbers are co-prime, we can factor phi across those numbers and calculate those things individually. The thing about multiplicative functions is that in order to effectively compute, well, let me say it this way, if you have a factorization of the input of a multiplicative function, then you can very easily compute that function. But if you don't have the prime factorization, it might be very difficult to calculate a multiplicative function, perhaps virtually impossible. And that's the thing about phi that with phi here, the totion function, if you have the factorization of N, then phi is very easy to compute. But if you don't have the factorization of N, you basically have two options. You have to factor it or you're going to cry, because you basically can't, you can't compute phi of N without it. So basically to compute phi of N, you need the factorization, the factorization of N. And this is now the one-way function we're talking about here, because the inverse of factorization is multiplication. It's easy to multiply two numbers together, even if they're two large numbers. With a computer, we can multiply two large numbers together. Super easy. But factoring can be a very difficult process for large numbers. And so this is what Alice is going to do to make sure that Eve will struggle factoring. And because if she can factor N, she can find phi of N. Eve, or Alice doesn't want that to happen. So Alice needs to make the factorization of N very difficult. So what Alice is going to do is she's going to pick two prime numbers that are big, right? We're talking like maybe like 45 digits or more. She wants very big prime numbers, two distinct prime numbers that are very, very big. You don't want them to be too far apart, but you also don't want to be too close together. We won't get into all the details of that. But let's assume that Alice chooses two very large prime numbers, then she can compute their product N and she publishes that with her public key. But because Alice knows the factorization of N, she knows that phi of N, well, since N factors as p times q, phi will factor as p of q times phi of q, excuse me, phi of p times phi of q. Now, since these are prime numbers, the number of, those numbers co-prime to p will be basically everything less than p. So you get p minus one times q minus one. So phi of N can be computed as p minus one times q minus one. But without the factorization of N, this would be basically impossible to compute. So Alice keeps as a secret her factorization, because knowing the factorization is the key to finding her private key. Let's show you in some specific example how this works. We're going to start off with a very small example this time. So first, Alice is going to pick two prime numbers. So she's going to pick 53 and 59. Great, two digit prime numbers. And then the product is going to be 3,127. This is going to be public information. So this is part of Alice's public key. So she will publish N equals 3127. She also chooses the number three to be her exponent. So this information is in public. What she then will keep private will be the following. She's going to keep the factorization of N private. She doesn't tell anyone that it's 53 times 59. And because of that, she then can compute phi. So phi of N here is going to equal 52 times 58. And then from that, she can run the Euclidean algorithm and then compute that D is going to equal to 2011. Now let's imagine that Bob wants to send Alice the message 50. What's the significance of 50? Don't worry about that. But Bob wants to send this message to Alice. So what Bob's going to do is he's going to use her public key and he's going to compute 50 to the third power and reduce that mod 3127. That gives the cipher text 3,050. So Bob does not share with the world the plain text 50. He's going to send the cipher text 3,047. He sends that to Alice. Now Alice, because she has the private key, remember, she knows the factorization of N. Therefore she can compute phi of N. It's 52 times 58, like we said, which is going to give you 3,016. I should be doing this in red because this is all secret now. So 3,016. So running the Euclidean algorithm, she's going to take 3,016 divided by 3, her public key. That gives you 1,005 with a remainder of 1. Great. That was pretty fast. That's the GCD. So then the linear combination says that 3,016 phi of N, if you subtract from that 1,005 times 3, that gives you a 1. So therefore D is equal to negative 1,005, which if we reduce that mod 3,016, notice this is phi of N, you get then D, which is going to be 2011. That's how we computed it earlier. Therefore, Alice then just has to compute the ciphertext raised to 2011 power. And when you reduce that mod N, you end up with the plaintext 50. And Eve, because she can't factor two-digit numbers, can't get this message. Now obviously Eve can factor two-digit numbers. So let me give you an example that's being more realistic. And even still, these prime numbers are way too small for really professional security. If we want, if we have really secure information like with our banks or with national security or whatever, we probably need a higher level of encryption than what we're going to be doing in this example. But just so you know, we're going to be working with like 26-digit primes. This is definitely a problem that no one's going to be able to do by hand. And in fact, even with a computer, many would struggle to be able to crack this code here. So this time, Alice, she's going to be picking two basically 20-digit prime numbers. So she's going to pick P and Q. This is not shared with anyone. So for those viewing here, if you wanted to be able to create your own crypto system here, how could you select prime numbers? Well, one idea is we want to basically just choose random prime numbers. So we could pick a random number that's going to be between 25 digits and 27 digits. Okay. So you pick a random number in sort of like a certain range. And then you ask the computer to pick the next prime number. How does the computer do that? How does it can find these huge prime numbers? Well, that's because of the primality test we had talked about before. Magma, for example, can run primality tests and find the next number that's prime without having to factor all of them. And it can do this relatively quickly. So basically, you run this command twice. You run it once to get a random number and you run it twice to get a random number. I should confess that if you were running this, what you need to do is copy down your number somewhere because next time you run your message, if you didn't copy these things down and keep them somewhere safe and secret, it's kind of like Gandalf here. Is it secret? Is it safe? You got to keep these prime numbers safe here, but you also got to write them down because if they randomly generated the next time you compile the program, you'll get a new randomization and then you might have lost your information. Make sure it's written down somewhere. Copy and paste into a text file is sufficient here. So once Alice computes her two primes randomly, she then is going to multiply these two numbers together. So she's going to take N, which is P times Q, and then she's going to publish this number right here. So it's a pretty big, pretty big number. Factoring this thing would be very, very difficult. I would encourage the viewer to try to factor it. Even with a computer program like Magma, I dare you to try it. The free version of Magma will not be able to factor this. I'm not saying that no one in the world could factor it. Again, this is not professional grade cryptography here, but I can promise you the little toy version of Magma we're using is not powerful enough to factor this thing. This is a pretty good, these are pretty good prime numbers that Alice has chosen here. Anyways, so because she knows the prime numbers, so she published, she published her modulus, but she keeps her prime numbers secret. And because she knows the prime numbers, she can compute phi of N, which will be P minus one times Q minus one. So it turns out to be this number right here. All right, so that's that number she's going to keep secure. She doesn't teach, tell everyone that. Then she's going to choose a number E, which the only requirement for E is that E had to be, it had to be relatively prime to phi. So if you pick like E to be like a small prime number, like 19, then it's fairly safe that that's going to be co-prime, but you should probably do a check. So you're then going to run in Magma, the following command. You're going to compute inverse mod E slash phi, where this is the number we're trying to find the inverse. This is the modulus we're using. I've already saved phi in my computer program somewhere else. And so we're going to run D. It's going to be the inverse of E mod phi of N. All right, like we wanted before, this gives you the multiplicative inverse. And this is, we're going to store somewhere in a file. Again, maybe copy and paste this and put in a text file. It's a huge honkin number, but it's perfectly acceptable because this is the multiplicative inverse we want. So now here's the fun part. So Bob then wants to send Eve, excuse me, she wants to send Alice the message to if by C. What does that mean? Is it some historical reference to Paul Revere? Or is it something even more dastardly? We don't know. Is Alice and Bob the good guys or the bad guys? We don't know, right? It doesn't matter. So Bob is going to send the secret message to if by C to Alice. And so he's going to use this command encrypt RSA, which you can find the code to this in the link below. So Bob is going to encrypt the message to if by C. That is secret, but he's going to use Alice's public key, the E and the N are public information. All right. So he's going to encrypt that. That's going to produce the following cipher text, which is this big old thing that's like, whoa, what's going on there? So he's going to encrypt that and you're going to send it to Alice. Alice then when she receives this message, she is going to use her private key with the cipher text. And then she's going to decrypt it using the decrypt RSA. And that's going to then reveal the message to if by C. Let's run this in magma right here. So like I said, the code is available for this thing. So you can you can you can run it yourself if you want to. So what's necessary is there's a first command about pad message, we have to kind of turn the the English message into numbers are actually an array of numbers. And so when we did this in the previous lecture, we didn't do a very sophisticated way of doing it. I've improved that for this one. And so in addition to just basic letters, it'll accept upper and lower cases no longer now it is case sensitive. You can also include special characters, like spaces and things. So again, this is not as sophisticated as like the ASCII key code or something like that, but the coding and padding of the message is much more sophisticated this time. So then there's a procedure that turns the strings into numbers. And there's also a deep padding process. These are some helper functions you don't have to worry too much about. It's just a way of making the conversion between words and numbers because we have to do algebra on the numbers, but we actually have to read the words. So there's this conversion process. All right, then you have this function exp RSA. So this is going to be computing the this is going to continue the exponents mod whatever we need this function here because the message if it's super long will actually be an array of numbers. And so again, this will be doing the module exponents on the array of numbers. It's going to be a vector potentially. And then there's the commands encrypt and encrypt RSA and decrypt RSA. You can treat this very much like a bellach box if you want to. It's going to be running these messages. And so if we were to run something like this, what I actually want to show you here is I actually have my public key that I've created for the sake of this right here. So I'm going to copy this and by copy, I'm just going to make it no longer a comment. And so if you want to send me a message, like if you want to send me a secret message, we could do the following. We're going to encrypt RSA. We're then going to take the message. Let's see, what could we say something like that? We could say, oh, you know, Dr. Missildine is the bestest, is the bestest ever, you know, something, something super grand and very true like that. And then we encrypt it, we use the public key, the public key, and then we run this thing. And so this is then going to give us a message. Oh, I broke it. Did I use a lowercase n? I did. Make sure your variable names are called the right thing. Lowercase n. So run that. And so here's the message for which we could then send that. You could send that message to me so that I know that, you know, you love me so much, which of course, I'm not sure why you need to encrypt that message. That's something that we should make public. But by all means, there's encryption we could do here. Or, you know, if you wanted to be very dastardly, it's like the answer, the answer to question one on the test is B. You know, that's now a secret message that you might see. So now this was a little bit longer message. And so you see this actually turned it into an array. So there's actually two numbers because the message got something too big for the modules here. Now, admittedly, if you're going to cheat using the encryption protocol that I've created, I don't know why you would send that message to me. That's not a smart thing to do. But, you know, that's what encryption is all about. It's not sharing secret information that you want to be private. But me also, you know, you could be the good guy. You could be the bad guy. It's hard to tell. So have fun with this, with this version of RSA that you can run in magma. Send messages to your friend. It's going to be great. And we'll chat next time. Bye, everyone.