 Hey everyone, Mr. Gibson here with your next lesson in cryptography and today we're going to be looking at cracking the kid RSA cipher. So you remember in our last lesson we talked a little about why we think kid RSA was secure and then we ended that lesson talking about why it actually isn't. So why was it secure in theory at least for now? And the short answer is that multiplication is easy to do for us in computers but factoring is hard. For example, generating the public and private keys only involved multiplication, a little bit of addition and subtraction and that was really easy for us to do. But trying to determine D, the decryption key, when you know E, the public encryption key and N, the modules you're working in, that's hard. We did not have a good way to factor those two numbers, meaning finding the product of E and D that resulted in one when we mod by N and one because that's the sign that we actually have multiplicative inverses, their product is equivalent to one. And that's really the basis for any public key crypto system. It's easy to go one way. It's easy to encrypt messages, multiplication, it's easy to generate keys, multiplication, but it's really hard to take the public key and get the private key because the reverse operation is very challenging. So multiplication easy, factoring hard. And we can see that brute forcing is actually pretty good. We can actually crack this as a technique for a little while until the values of Ns get too big. So I've created a table here that show you some samples as randomly generated public keys for kid RSA. So that's the first column. I've bolded the value for N because that's the one that really determines how many potential brute forcing we're going to have to do to determine the correct value for D. A typical thing in public key cryptography is to measure the size of your modulus or N based on how many bits you need to represent it in binary. So that first key has a size of 22 bits. And then it took, you know, .0069977 seconds, so almost no time for my computer to brute force the value of D based off of E and M, but as we increase the size of the key, so we increase the value of N to be bigger and bigger and bigger, we see the length of time it takes to brute force the value of D from E gets longer and longer. And just a 42 bit key now is over a thousand seconds. So we're talking, you know, minutes and minutes to do. And in practice, N is thousands of bits in size and, you know, 4096 is becoming the new standard at this point in time for a public key encryption. And so you can kind of scale this out and realize we're talking hundreds of years of time, maybe thousands of years of time of computation time to actually brute force a public key with this system. So why don't we use it? Well we mentioned at the end of the last lesson that there's an algorithm that's far more efficient than just trying all the possible values of D, multiplying it against E and C if you get one. And that algorithm is called the Euclidean algorithm and it's actually the extended Euclidean algorithm. And this algorithm can be used to quickly determine the multiplicative inverse of any number in a given modulus assuming that such a number exists. And we're going to use this table approach to kind of make a compact representation of a system of equations. So we're going to take our N and we're going to put it in the top row and then to the right of it we're going to put our value for E. And then in that first column we're going to put N and then E again and then some ones and zeros. And here's what this all means. That first row is basically saying that in order to compute the value of N you're going to need one factor of N and zero factors of E and the second row is saying to compute the value of E you'll need zero factors of N and one factor of E and then sum them up. And here's the plan. We're going to use this representation to create new equations by subtracting multiples from the lowest or the last row in this table from the row above it with the goal of trying to reduce the value on the left hand side all the way down to one to eventually obtaining an equation that's in this form one equals X times N so X factors of N plus Y times E so Y factors of E. So in the table that would look like one on the in that first column with the numbers X and then Y in the same row. If we can do that then it turns out that that value in the table for Y ends up being the multiplicative inverse for E in the modulus of N. This is all kind of hard to wrap our heads around with these kind of variables in place. Let's work through an example that uses real numbers. So here's an example of the extended Euclidean algorithm will abbreviate that with EA and we're going to use the public key two thousand two hundred forty nine comma twenty nine thousand five hundred and sixty one. So those are the values for E and N and let's go ahead and set up our table. So we put the twenty nine five sixty one in the top row and then to the right of that the twenty two forty nine and then going down the first column again you put twenty nine five sixty one and twenty two forty nine with the one the zero the zero and the one and again that's just shorthand for this system of equations that we have on the right. I'm going to show all of these systems of equations as we're learning about this algorithm but it's very common that once you get used to it that you only need the table with the shorthand representation you're welcome to use either one but I think once you get the hang of this you'll really only need the representation on the left. So our first step is we want to take this bottom row equation and determine what multiple could I subtract from of this equation from the row above. And the way that we're going to do that is we're going to take the value on the left hand side of this twenty two forty nine and determine well how many times does that divide evenly into twenty nine thousand five hundred and sixty one meaning if I were to divide that what's the whole part of of the quotient ignoring the decimal and it turns out that twenty two forty nine goes in thirteen times with a remainder but it goes in thirteen times. So we're going to multiply every element in this equation so basically multiply the whole equation by the value of thirteen to obtain this new value I'm going to temporarily put this in the table it doesn't really go there as we'll see in a second but it's going to help for our calculation next. So we've created a new equation that's equivalent to the old equation we've just scaled it up by a factor of thirteen and now we're going to subtract off this new equation from the top row to create yet one more new equation. So we can do twenty nine five sixty one minus twenty nine two thirty seven to get three hundred and twenty four. We could also do one minus zero to get one. And we can do zero minus thirteen to get negative thirteen in our table. And I've written the corresponding equation to the right. And we'll go ahead and put back that original value in the second row. So we used some multiples of the second row subtracted off from the values in the first row to generate these new values in the third row. And the third row is still a true statement three hundred and twenty four is equal to one times twenty nine thousand five hundred and sixty one plus negative thirteen times twenty two forty nine. That's true. We don't know why that's helpful yet but we're going to see we're going to get there in just a moment. We're going to do the same thing. We want to think about now focusing on the new bottom row in the table. How many times can I multiply this equation by to generate a new equation where the product on the left is less than twenty two forty nine. So we can take twenty two forty nine divided by three hundred and twenty four. And we see that that goes in six times with the remainder. But that means we're going to scale this up by a factor of six. So I'll show that here now. Again, we'll take our bottom row of the table and subtract it from the previous row. So twenty two forty nine minus nineteen forty four gives us three oh five zero minus six gives us negative six and one minus negative seventy eight gives us seventy nine. And that gives us a new bottom row in the table. And again, you can check that that calculation is true. Three oh five is in fact equal to negative six times twenty two five sixty one plus seventy nine times twenty two forty nine. Again, this is not helpful for us yet, but we're getting there. Remember, the goal is that we want that left hand number in the table, whether in the shorthand version or in the elongated equation. We want that value to be one. It started at twenty two five sixty one. We've got it down to three oh five and we're going to keep working. OK, how many times does this equation go into the one above it? Well, three oh five only goes in one time cleanly, which means that we could just subtract this equation as is to get our next row. Three twenty four minus three oh five is nineteen. One minus negative six gives us the seven negative thirteen minus seventy nine gives us the negative ninety two. And again, there's the long version right up next to it. We're getting close. We want to figure out how many times does nineteen go into three oh five? It goes in sixteen times. And when you do that, multiply this up, subtract the bottom row from the second to last row. And here we are. We've got our equation we were looking for one negative one eighteen one five five one. And this is the equation that gives us the private key. That private key is at fifteen fifty one. So we'll verify that in just a moment. But if you were to encrypt a message using the public key of twenty two forty nine with a mod of twenty two twenty nine five sixty one, you now know that the decryption key on the other end is fifteen fifty one. They are inverses of each other. We've just found somebody's private key with only the public information. That's not what we want if we're going to use this system. Let's verify real quick that these two are inverses of each other. And to do that, we're going to use this long form equation, not the last row on the table, but the corresponding equation for the last row on the table. So let's take a look at it. This is going to be helpful for us. Here's why. If we take the factor that includes the twenty nine five sixty one. So that negative one eighteen times twenty nine five sixty one. And we add that term to the other side. So now we've got one plus one hundred and eighteen times twenty nine five sixty one. We know that's equal to fifteen fifty one times twenty two forty nine. That's the private key times the public key. At least that's what we believe to be true. Let's see why that actually is known to be true. If we take this equation and we reduce it mod twenty nine five sixty one. That left hand side is going to just boil down to one. Now, why is that? Let's take a look at that left hand side on the previous row. One plus some multiple of twenty nine five sixty one. Modded by twenty nine five sixty one. The larger numbers make it hard to think about, but let's take it down smaller. Let's imagine that was one plus twenty six. And we modded by twenty six. It shouldn't be a stretch for us to think about. Well, twenty seven mod twenty six is back to one. And if we did one plus two times twenty six, which would be fifty two. It's not hard for us to compute that. Yeah, one plus fifty two mod twenty six is back down the one and so on. So in that small scale system, one plus any multiple of twenty six. Once we mod by twenty six goes back to one. Same thing here is true. One plus any multiple of twenty nine five sixty one modded by twenty nine five sixty one is going to yield us back the number one. So now we have this statement. We didn't do the calculation on the right yet, but we can see on the left. It's going to be equivalent to one. And what is it equivalent to the product of fifteen fifty one, the private key in twenty two forty nine, the public key modded by twenty nine five sixty one. We have just shown that those two numbers are in fact multiplicative inverses in the given mod, and that is the only requirement for a key pairing in this system. So what we've shown is that we have an efficient way now to determine the private key from the public key. And that is made kid RSA insecure. And our next lesson we're going to look at how can we adapt the kid RSA algorithm to make it secure? We're going to need to do better, I guess, than trying to just rely on that it's hard to calculate multiplicative inverses. So you can take a minute and think about how could you make that more complicated? But that's it for now. Thanks for watching. We'll catch you in the next one.