 All right, wow, this room carries voice really well. Yes. Hi. Hi. All right, maybe I'll teach them this room next year. OK. What camera class is this? 365? Exactly. 466 Lite, let's say. OK, welcome to 365. Adam, I can't make it. It's only about eight. Some class, some maybe this class. Went off to these. No, he's somewhere on these coasts at a very important meeting. So, professor, it's OK. And we're going to talk about crypto to begin with. And you started it on public heat your pharmacy, am I right? Yes. This all sounds familiar. Any announcements since last time? No announcements. Awesome. Any announcements will be encrypted and distributed to you? OK, so the box represents public key cryptography where you can basically create keys that can go one way in the box. And this allows you to do all sorts of interesting cryptographic derivatives. So you have a public key and a secret key. That's called secret instead of a private key because otherwise it'd be P and P. And that's very confusing. And you talked about various properties that public key crypto enables the content of the cryptic messages, the ability to have a task that an encrypted message or that a message is coming from you. And it requires asymmetry, hence asymmetric cryptography where you can generate your public and private key easily. But if you distribute a public key, someone can't use that to recover your private key. And of course, your public keys are all public. So you went through all of this already, right? The encryption, signing, and so forth. So we're just going to move on from there. You went through signing, non-refudiation. Say if you basically encrypt something with your private key so that it can be decrypted with a public key, then you're in essence saying, I'm the only one that can make this encrypted message. And you're basically saying, I made this encrypted message. This is super important. This is what's, you know, whatever, your bank.com. There's that little lock message. One of the things, or lock icon, one of the things that that depends on is this property of being able to sign something. And you went through kind of the master combination of all this sort of theoretical concept of a public key. You can, if Alice wants to talk to Bob, Alice is going to encrypt something to Bob and so forth. And my understanding, well, that sucks. My understanding is you stop at this lock, which is a really cool quote that Google. So unfortunately Adam uses PowerPoint, which causes issues. I don't know why he does it. No one uses PowerPoint. So now we're going to open this up an open office. It's going to look like shit. We got to see the quote. Presumably it's a very important quote. I read it. So I know what it says. You should really fire this guy. All right. All right. So let's scroll all the way down in this. Brilliant program. Are you shitting me? Google for that. Let's see if there's like a quote from that. There's got to be a quote from this somewhere. My wiki quote. So you think that's how Adam got it? Like just for quotes about cryptography. No, no, no, it's, it's a, no, man. Adam is pretty serious about these things. All right. Hold on. We can solve this problem. All right. I'm going to put this up and I'm going to pull. Okay. That's a class loading. And this quote, as you can see, All right. So you can see on my phone that it is a readable quote. So this, this is a quote from 1874. And for a smat. going to need a way to generate public and private keys using a technique that you can very easily generate a public and private key and they're kind of bound together in some way but given a public key you can't recover the private key. So the quote is by William Stanley Gevins of the English Code of Fame and it says the following from 1874 over a hundred fifty years ago is that okay the same difference arises in many signs of processes given h2 numbers may by a simple and infallible process obtain their product but it is quite another matter when the large number is given to determine its factors. The leader says what two numbers multiplied together will reduce the number 8,616,460,799. Anybody? It's a hard problem. Of course if I say what numbers multiplied together will reduce the number 15 you can get that quickly but it becomes much, much more complicated than the number 16. Much, much, much harder very quickly as the number gets bigger and this was true in 1874 and it's still true today which is an embarrassment to humanity because with all of our technology there are lodging spaceships and Teslas at Mars but we still can't factor the extreme of life under the court. We have the processing power now to factor a billion whatever but not an arbitrarily large number. An interesting thing actually a counterpoint is William Stanley Gevins goes out to say similarly there's no direct process for discovering whether any output is prime or not which is interesting because he thinks that it is equivalent to discovering the factors of a number because a prime number of course has no factors that aren't one itself but that's incorrect. Now 150 years later through extreme efforts of all of society we can test whether a number is prime or not. The primality test exists but factoring still doesn't. Modulo quantum computer. So suddenly you have something that is very asymmetric right of course you can take two numbers, two very large numbers, multiply them together and have a big mess of a number very quickly but going the other way is very hard right. And now we're going to start thinking about asymmetric crypto. That's why this quote was here that's why we sent the professor our time and you can see it has an age well. So back to this monstrosity. All right. So now the history of publicly tripled. So we reached all the way back to 150 years ago. Talk about this. Of course, between then and now there have been a number of different public debates together on how to exchange these private policies. And then this is known as Diffie helmet he exchange, and I didn't take a critical course and undergrad, so until like late graduate school I thought Diffie helmet was a person, but it turns out it's two people. And we'll talk about that next and then 1977. Three scientists with names that abbreviate to RS and a created RSA. And it's a kind of a general purpose publicly crypto system that in a big way other things, much of modern cybersecurity. It's starting to go out of favor but it's a very big thing and you'll learn about that today. We'll mention that at the same time, of course, governments have had an interest in creating and breaking crypto systems for a very long time. Computing was propelled to rapid development because of the need to break the stigma in World War two, for example. And so, you know, crypto systems have been in one way or another for a while. It's the same with modern cryptography. The concept of public key crypto was explored in the classified realm, just a little before it was going on that by realm, and something like RSA was created four years before the RSA paper was published right so there's always this sort of parallel exploration for these sort of things and some other aspects of security as well. Talk about giving him a key exchange. This is a method for generating and changing keys between two parties over a channel that may be observed. Right, and it's kind of inspired by this concept of pain. You can try to think of it in terms of pain. So, Alice and Bob might want to come up with a common secret color of pain, pain inside of their house, separate houses. Right, because this was invented a long time ago, they'll be living separately. They start with yellow, and they paint the outside of the house with yellow and they want to, from that, derive what's in the inside of the house. Right, so Alice and Bob each used a secret color that they just have in a can, and doesn't really matter what the color is in this example. And they take the public yellow color, and they take their secret color, and they mix it together. Right, and then they mail it to each other. The assumption here is that unmixing paint is impossible. Right, so even if someone intercepts the paint, you know, UPS has a big stolen or there's an evil UPS person that peeks into the paint bucket. It doesn't tell that adversarial party, which of course you probably know is usually named Eve, because they're a baby and Eve is evil. And so you can hopefully know what here is named Eve, because that would be depressing. We can also say that is, or Euclid, Eugene, Eugene, a lot of options. Anyways, so he intercepts the paint. All they get is some weird blue color. I also apologize if this might be incorrect, and then some orange light thing. Although it looks green on my screen. So anyway, the point is they mail this paint to each other and it doesn't matter. They can like, you know, mail it, they can paint a billboard the color, they just publicly exchange these keys. And the interesting thing next is that they take a different secret color. They mix it together and they end up in it with a common paint color. That is secret. So this part is a little bit mysterious. It doesn't work with paint, right? But it works with math. And so here's how it works. First, Alice and Bob reached a two number, a very large prime. In our case, this is 23. It's huge. But in reality, it's going to be a very, very large prime, you know, many, you know, I don't know, 2048 bits or whatever. And a generator. The generator number has some restrictions on it. A lot of crypto systems have this interesting property where throughout their life, special cases of the crypto systems are broken. And so that people say, okay, well, RSA, which we'll get to later, or if you have me to say, as long as the generator is not something, it's not two, it's not, you know, a square even number. Like you get these sort of restrictions. I'm not saying those are valid for the development, but they tend to arise with crypto systems in general over time as mathematicians. So for now, we just say, okay, any prime and a generator, they grab two of these, you know, secret colors and Alice says is four and Bob is three. And they send their generator to the power of their secret modulo, a very large prime across to each other. Right. And this is the operation. That is very easy to compute using modular expansion. And if it wasn't for this month three of my 23, you have nine to the third, and you say, okay, nine to the third is whatever, 81 times nine. And it's very easy to take the cube root of that. Right. You just do that. You know, nine to the third is nine. Without the module, it's all fun and games, but with the modulo, suddenly, you're only going one way. Going backwards is very, very, very hard. And I will show you some math. I think this is probably a little a, we're going kind of off script. Don't tell Adam. We have a pen. Okay. So we have a prime. And that prime is P. They have a generator that prime is G. And then we have, you know, these two numbers, A and B. I have myself a little bit by saying that it is impossible to reverse that, but here's how this generally works. So you have G to the A. And let's say you're just kind of in the normal math here. There's no one. First of all, everyone's familiar with the concept of module. Let me know if not, we can very quickly go into that, but you have G to the A. And then if you want to get G back, you raise it to the negative A. Right. Very cool. Very easy. Now, if you wait, is this true? I mean one over a thank you. Or you can do G to the A times G to the negative A. But I mean one over it. Okay. So you raise G today to the one over a, and you get back. Okay. In a modular situation. All right. Okay. Another way of saying this is you have G to the A. You should have gone off script. Modulo P. All right now they're in a modular situation. And let's say you want to operate up in the modular level right. So operations on G, if you have, you know, G, Modulo P plus, I don't know, let's say plus a or B Modulo P. This all operates in a field as Modulo P. The numbers, the possible numbers in this field are from zero to P. Everything is good. We know how to operate there. If you want to start operating on this guy. So of course, let's say you have G to the A times G. Right. Normally, this is G to the A plus one. Right. Everyone agrees. If you're in a Modulo field. This is G to the A plus one, of course, Modulo P. And that's fine. Or if you're in a field, Modulo, a large prime, but this interestingly is in its own field that is kind of induced by this module. And operations that happen here happen Modulo, the Totion of P. And the Totion of a prime is that number minus one. The point is Math here operates in this module, Math in this exponent operates under a different Modulo. This makes it not for Diffie-Hellman, but for RSA. So we jump a little ahead. Very difficult to go backwards and I'll explain why once we get to RSA. Let's finish up Diffie-Hellman. So Alice sends Bob this G to the A Mod T. Bob sends Alice G to the B Mod B. And Alice computes the secret key by raising what Bob sent her with her secret, computes that same secret key by raising what Alice sent with his secret. And then they have a common secret key. And it works out again because we are under the Modulo of this large prime. Let's go on to what is more my field, which is not my field, but what I'm more experienced with, which is RSA, and then we'll talk about what I just told you about in that context. So RSA works in a different way. Diffie-Hellman works to distribute keys or to come up with keys in a distributed fashion with two parties. RSA says, okay, given a key, RSA is the more basic version of Oblique Crypto where you have a public key, a secret key, and you can send messages to each other. The Diffie-Hellman, why are they even sending a private key to each other? Should you only keep that to yourself? The private key, Diffie-Hellman is a key exchange mechanism where they together, Alice and Bob come up with a symmetric key that they can think of. Right, so yeah, these are kind of private numbers that they only send along through these mathematical operations, but in that, what's important is this nine. It's the secret key that is their common secret that they paint the inside of their house with and then can asymmetrically encrypt data when they pass it back and forth. RSA is a little different. RSA is that kind of quintessential public key cryptography where Bob can say, this is my public key. You put it on the billboard, paint it on Bob's house, and then Alice can take that, use that to encrypt information and send it to Bob. So how does RSA work? RSA has two prime numbers, P and Q, they should both be large, et cetera, et cetera, et cetera, and we compute N. And N is the product of P and Q, and so as William Stanley, whatever said earlier, this is very easy to do, multiplication is not hard. But once you have N, going back to P and Q is not currently computationally feasible for large values of P and Q that satisfy some safety properties without a quantum computer. And yeah, sometime I'll talk about why a computer can kind of get to that point faster than a classical computer. So, given N, it's very hard to factor P and Q. And then we do this step, that is the encryption step, basically, we choose a value E, and E is our exponent, and E can be a lot of different values. I mean, basically E has to be basically bigger than one, otherwise it's a NOAA, of course. There are some other safety properties where if you have an E that is very small, certain attacks can be carried out to recover your encrypted message. If you have an E that is extremely big, then these operations are very slow. Generally speaking, people choose E to be 2 to the 16 plus 1, nowadays. But an E of 7 in certain situations is also fine, absolutely. And then making this computation, doing a modular expansion of some message A to the E, module N is very easy. Rather, we have algorithms that do it. However, given C, the result of the encryption, even if you know E and I, even if you know N, which are both public, it's very hard to calculate A. Again, going one way is easy, going the other way is hard. Why is this? Back to the paper. Let's talk about operations here being done in this portion of P field. So we have, let's build this cast of characters. In RSA, you have A, which is going to be your message. But of course, the most important things are P and RQ. And then we have N, which is P times Q, and also serves as our module under which all operations take place. We have E, which is something, it's whatever number, it's our exponent. And we'll have one more thing, actually let's get to through this slide and, no, let's not. Let's do it on paper. Alright, so encryption is A to the E mod N, right? Make sense? So let's say E was three. This is a very bad E, but you'll do it because it is reasonable. So here's what we're going to do. We're going to have E be three. What are some primes for P and Q? 11 and 17 will be our primes. What's the product of that? 187. And what's the number of you want to encrypt? 732. 732. Let's go with that, actually, and we'll demonstrate a property of RSA. Okay, so everything's under this modulo N, right? And our modulo N is 187. Yes? It has to be less than N, because you can't really represent that many numbers within the field. The integer is modulo N, right? What happens if you're in modulo 10, right? So let's pretend we're in mod 10, and we have the number 9. What is 9 mod 10? Cool. What if we tried to represent the number 13? Number 13 is really three. So what is 732 mod N? Okay, 171. So let's do that instead. So it's 732. So we have 171. Are we going to do that to the E mod N? So what does this end up with? 171 to the third power mod N, right? What is that sum of the calculator? 18. So 18 is our psychotest. All right. So for a second, let's pretend that we weren't doing mod N. So just A to the E, 171 to the third. What is that? 5 million, and then 0, 0, 0, 2, 111. Brilliant. So 5 million, $200. All right. Now let's say, okay, enough encryption. No more encryption. Everyone has decrypt. How do we decrypt the thing on the right? You brewed. In other words, we raise it to one third. As someone pointed out, not negative three. The one third. Can somebody calculate that out? 171, right. So 171, we decrypted it nice and easy, right? There's no real problem. And recall, we don't care if anyone knows these two things, right? So just by knowing E and by ignoring that right now, we figure out, you know, this one second. And in fact, don't quote me on this, but probably you can even figure out on E whatever, you know, perfect square one over some integer that works to figure out. You can choose E every time. E is more or less independent of N, right? But generally speaking, E is a well-known value. Like I said, there are certain values of E that are problematic, very small ones. And so people start out on the P being three, and there are certain attacks that can happen if E is very small. That people start using E being seven. And then kind of probably years ago, the kind of state E was considered to be two to the 16 plus one. And six by five, three, seven. And then, yeah, I mean, you can choose a different E, but basically what I'm going to say is your poverty is N. And you say, this is just, any number that I come in, I'm going to assume it was raised to the power of N. All right. So we did the non-modular scenario, and there's no security here, right? You can trivially encrypted, trivially encrypted. Let's talk about this. In order to, like I said, this operation happens in a slightly different module, right? This operation happened in mod phi of N rather than mod N. Why is this the case? I don't know. That's some math, very heavy math thing. You can talk to Euler who died a very, very, very long time ago, so you can't really talk to him. But that totion function is Euler's totion function. So again, operations here take place mod, and the reason I hesitate drawing totion, I always draw it upside down by accident, totion of N. And like I said, the totion of a prime is that prime minus one, right? Because what is the totion of the sum of numbers or something that is not a prime? Turns out the totion of something that is not a prime, so the totion of, let's have another sidebar here, the totion of, let's see if we're getting better, the totion of something that is like A, B, C equals the totion of A times the totion of B times the totion of C and so on. And what is the totion of a prime? So the totion of N is P minus one times P minus one. So the totion of N is the totion of P times the totion of Q, which is P minus one, Q minus one. Okay, now. Okay, so our 171 to the third, whereas this operation is all mod N down here, this in reality, mathematically takes place, and you don't have to worry about this in anything but us deriving our essay right now. It takes place in mod P minus one times Q minus one, right? And we call this number M. But what's interesting about M? If we know P and Q, can we calculate M? We take P, we subtract one. Can we do that in a computation-efficient way? Absolutely. Q minus one times A-efficient, can we multiply two numbers together in a computation-efficient way? Absolutely. Okay, so given P and Q, we can compute M. Given N, which is the product of P and Q, can we compute M? Who thinks he has? The person outside of the phone. So turns out, no. And this underpins RSA, at least RSA-style public key crypto, turns out that if we have N, we cannot compute M. Suddenly we have our asymmetry. And again, what's so interesting about M? This takes place mod M, that's M, right? So, you recall over here, we did this one-third. The reason that this works, of course, is this is equivalent to one-seventy-one to the third, to the one-third, which is equivalent to one-seventy-one to the three times one-third, which is equivalent to one-seventy-one to the one, which is one-seventy-one, right? Let's find something similar here. Let's hypothesize that there's a number D, that when we raise this monster to, we'll do the same thing, negate everything and decrypt our stuff. So we have our one-seventy-one to the third mod N raised to the D. All this is mod N. And of course, we hope that this will end up being one-seventy-one. How can we rewrite this? We have one-seventy-one to the third times D, or really one times one-third mod N. We're writing it this way, the little, what's it called, in accurate. What we actually have here is A to the E mod N. And we want to find a D such that A to the E times D mod N equals A mod N, right? And we want, this means that you want E to the D, E times D, to be one. But it's not just one. This operation takes place under a modulo. What is that modulo? That modulo is M. And in other words, E or rather D equals one over E. And here's the negative exponent, E to the negative one mod M. Again, in order to compute D, we need to know M. And it turns out, actually, this computation is super easy. Euler also has an algorithm for this. Really, Euler put all the heavy lifting and then, by our say guys, put it all together. But that's fine. I'm sure Euler doesn't mind because he's dead. So, we are challenged to compute D, which is E to negative one mod M. You're going to have to trust me. There is a way to compute D to negative one mod M. This is, of course, not a not one third. What are possible types of numbers in mod M in this field? They're integers. So, it's going to be some other integer that when multiplied by three is going to give us one. Let's actually compute that real quick. So, our N is, what was our P11? Q was 17. N was P times Q. Okay, here's our N. E was three. And so, our message was 171. And what we did was we did A to the power mod N. And that was 18, right? So, what might D be for us? There's some API to compute this all automatically. Should we do it live? Do you remember, Max? Oh, really? That's embarrassing. It's the, it's not here. It's the EGCD formula from Euler. Okay, we're going to kind of do a yellow thing here. So, we have this, okay. Because I don't remember the actual problem, we're just going to brute force the E, rather the E to the negative one. So, for every number that is possible under this modulo, whoops. Oh, I forgot in. Okay. See, Max, if you knew Python, you could have comment. For every number that is valid under this modulo, we're going to see this number. I'm going to print I times, let's do D here. For every potential D times E mod N is, and here we do D, or whatever we do, result equals D times E modulo N. And then if the result is one, you'll break. And we just computer, until we hit 125 and turned out 125 times 3 modulo 187 is one. So we found the inverse of E modulo 187. Of course, we did this in the stupidest possible way. I forgot what package, what module the EGCD is in. Is it in GMP? I forgot. Again, most of programming is googling stuff, so I'm sure we can do it, but now we have it. We don't need to do it. So we have 125 is our inverse. But that's in modulo M. Modulo M. Was that correct? Let's see what happens when we try to use that. So this is our D. And what we said is if we have A to the E modulo N, and then we raise that to the D modulo N, it should give us our A back, right? Did it? No. It was some random garbage. William, whatever would be very disappointed in us. Well, as with the Euler, why would Euler be disappointed in us? I couldn't find the right Python package, but the Euler probably didn't even know that there was a snake saw Python. We used the wrong modulo, guys. I used the wrong modulo, but I blame Max for not catching the mistake because he doesn't use Python. What did we say? All of this is modulo M because you're talking about operations up in the exponent. That's what Euler gave us among a lot of other things. Maybe Euler invented coffee. Probably not. But Euler definitely invented a lot of math that deals with exponents. So it turns out we screwed up here. It's not mod N. It's mod M that you're looking at, right? Shame on us. We also didn't define M. What was M? Detotient of N? 3 minus 1 times Q minus 1. Now we can go. Boom. Okay, we have a new candidate. 107. Cool. 107 times 3 mod M, which is the modulo that functions in the exponent, is 1. So 107 is 3 to the negative 1 mod M. Now let's try this again. Cool, huh? We took, raise it to the E, modulo by N. We have a secret number D that only we know because only we know that. And you're able to use that to cancel out this exponentiation and recover our secret number. This is RSA at work. We just derived the entire basic ecosystem of RSA. This is it. Cool. Who likes RSA? All right. Well, that's fine. You can't win them all. All right. So much in a much drier way. This is RSA. We choose two distinct primes. We compute their product and we choose an E. I mean, they're a slight typo here. This is a little backwards. We compute their product and choose E. That becomes our public key. And then our secret key is basically the M that only we know. And from that, we can derive D. There's a lot of relationships where given one, you can derive another. The important thing for any N and E, which is a public key, we can derive by knowing underlying crimes, M and E, which is the secret key. Using N and E, we encrypt using N and E, we decrypt. Nice and simple. Anyone have any questions on RSA? Anyone a little confused about RSA? Oh, yes, what's up? No. So this is everyone in RSA has their own public key and their own private key. And let's see. I think, yes, this is exactly it. So if Alice wants to send a message to Bob, Alice needs Bob's public key. Why does Adam keep putting D as the private key? Anyway, Alice needs Bob's public key, which is N and E. E is a common number. You really use seven, six, five, five, seven, et cetera. And E is generally chosen to be large enough to be resistant to the tax and talk about it in a sec. And nice enough to be able to make these computations quickly. Alice needs Bob's public key to send Bob a message. And Bob's public key is that N and E, and Alice computes this A to the E mod N, and that's what she sends to Bob. And Bob receives that and decrypts it with his private key by calculating this and gets A back. So I put an assert here, so it's nice and official. Boom with that. So if Bob wants to send something to Alice, then Bob needs Alice's public key. Okay. So Alice computes N to the E mod N. That's the psychotactic sense of Bob. Bob computes T to the D mod N. That's the original message back. In this case, you're using M for the message M is not the notion of M. Cool. So any any questions on the encryption process and the decryption process. Hopefully I've shown to you that this is a real thing and not just not tracking a little too far into the math on paper but it's very cool once you get into like ways that it can go wrong for example. Some interesting facts about RSA. We already ran into this immediately. We can only send numbers that are less than M, only crypt numbers that are less than M. Right. So if you wanted to encrypt 732, you couldn't do it and it was not up to the task. So we had to encrypt 171 instead. So how did we actually work with this to send arbitrary amounts of arbitrary data? Because obviously there are problems already. So let's say, okay, one idea. We take every letter and we send it in a different manner. Right. So if you want to send along. Hello. Of course. This is a bunch of different letters. Each letter has an ASCII value, which we can get in Python with the odd function. Cavalage is 72, for example. And then we just iterate through and encrypt each one. So what we can compute is A to the E mod. Let's make this a little bigger. Did I help? Cool. Don't suffer in silence. And for A in, we forgot, ORD for A in message. And here is our encrypted message. Right. And of course, we can also decrypt this message by raising it to the D and so let's say encrypted. And then we can decrypt it, say, every letter to the D mod N for A in encrypted. Here's the decrypted message. That's 72. Of course, you can make this a little nicer by turning this back into a character. Okay. There's hello. And then we can, of course, join it because Python is awesome and it doesn't use it. Boom. We just implemented character by character encryption in RSA. Are we done? Can we just use this? What might be a problem with this encryption scheme? That's one problem. That's another problem. Maintain the statistical properties of English for a long text. Because with this scheme, every time we encrypt the same letter, it'll be the same thing. You can see these two L's stand out immediately. And someone that's very used to solving these little classical cryptos challenge problems will take a look and probably recognize hello just by that repetition. There's a third problem. Third problem is we have a very small space of plain text and cipher text. So given an encrypted number 72, we can actually, and M and E, because those are public, we can actually iterate for an entire byte range if I to the E mod N is 72, because we're doing this byte by byte again. So we have very few options. Break. We run this. I, why is I 30? Oh, sorry. This isn't encrypted. This is encrypted. Okay, so this 8787 that's the two L's that are encrypted 183 is actually what we're looking for that's the age. So we're saying which letter encrypts to age that letter is or which letter encrypts 183 that level that letter. Because we have a very small space of potential input and a great text, we can generate them all and put them all and see what matches. So in this case, we didn't have to decrypt to decrypt. You just encrypted a bunch of stuff. So that's no good either. Um, this is actually a problem. People get it wrong a lot. What people do often is use our say, of course, the big big enough and our say nowadays, you know, small ends, like we're very using our trivially factor of course, you want a very large and and then you typically use an initial RSA protocol to come up with a symmetric key to then use in later communication. And that's nice and easy and works very well. And so basically, you encrypt a key with your RSA, you know, you're sending to Bob Bob's public key, and then you encrypt your message with the key. There's still a lot of things you have to be careful about in terms of padding and so forth, but that's generally how, for example, when you do yes. Any questions about RSA. I'll mention one more thing are about RSA going off script in a very philosophical way, different attacks that people have developed against RSA. It's an old cat and mouse game. Yes. Right. One interesting attack against RSA is this RSA depends on this operation. This encryption operation, kind of overflowing in some sense, and the module cutting it down more and more and more and more. That's what makes it impossible in the classroom. I mean, I'm not saying it's absolutely possible, but we definitely don't have the algorithm to do that, despite our ability to shoot Teslas at foreign like extra planetary bodies. But we can't do this modular, discrete logarithm, you know, logarithm or module, you can explain it, but we can't go back. Interesting thing, and then actually this requirement that this actually goes over and is critical. Let me show you another failure mode of RSA. If we have a very large P and Q. So let's, let's have a large, I mean, this isn't prime, but that's fine, whatever. Here's our P. Here's our Q. Here's our N. N is now very large, almost certainly not prime, but for now, bear with us. You have your encrypting letter by letter, right, your E, what did we use for an E use three and our letter is going to be H. Okay, 72. If we do a to the E mod N, we have this number suspiciously small given our big N, because and didn't even come into play. 72 to the third power is too small for the modules to matter. And if the modules doesn't matter, then you're fucked. You can just take cube root of this guy. Um, how do I take a cube root of, you don't know, how do I take a cube root of Python? Someone take a cube root of it. Yeah. No, but one third is a decimal number. So let's try it. This is definitely not going to work. Well, okay, it gets close. If it wasn't for floating point insanity, or if if I actually knew how to use math and Python better, or if you were using something like maple or Mathematica, we could trivially decrypt this again, ignoring the modules to the modules to begin big. Right. So, even aside from the fact that letter by letter, it's very enforceable. You're the second problem, a third problem. In that, um, it's, if the result of your encryption is smaller than the module, fundamentally, you're not even encrypting it. So then our saying has this whole thing that in order to use it properly, you have to use the proper pad to make sure that, you know, if your modulo is some amount of bits, that you take up all of the bits, you can say, well, these are very large E. So I mentioned that E is a common E is two to the 16 plus one 65537. If we do this now. Now that's bigger than that. Right. Now that's encrypted. We still have the problem of having to do possible. But you saw that this was slower, although that was more to do with printing it than was computing it, but it was also slower computation. Hence, bigger and being more rare. Um, one final thing I'll say about RSA is this. We saw that, you know, if a to the E is too small to roll over and it's no good. Right. But turns out that there's cases where even having it roll over and is not good. Let's imagine that we have a very bad padding algorithm. We want to encrypt like my bike. But the way we do that is saying, okay, we can encrypt up to, I don't know. I give the size of our modulus. So what we're going to do is, and we're the only one who play my life. So what we're going to do is fill the rest with points. Right. So then we have three numbers. Okay. We have big numbers. So we have some padding. And let's give it a letter. What's the letter you haven't used that's distinguishable. Z. Z is our padding and fundamental, our message now become Z. Plus our letter. Mod n, right, but to the ease of the law mod n equals C. So Z plus A times our single letter E and then you know, see the result. These are fine. That's not too vocal. You pick the terrible letter. I'll cross my D. And now it looks like shit, but at least it doesn't look like it to. Okay, so what is he is small? Very small. What are the E is three? Well, it turns out that the E is three. We can expand this into a polynomial. So let's actually pretend that he is to that this is easier. So this is now a Z squared was Z a two VA. Plus a square. Oil it up. And here's see all all this is modern. Well, if you know that. So now you have a system of equations here and if you create a big system, you encrypt a bunch of different days. A one and then you have the same thing. To Z a two plus a, this D one plus a two squared equals C two and so on and so forth. Now you have a system of equations, some equations. And for each, each one, each equation, you don't know this a, but you know everything else, you know, Z, you know, let's say you have 10 for calls are generally public. You know the C, because that's what you were said. And you can compute this because you know he because that's public as well and you know it. So you have a system of equations module and turns out that when you have a system of equations, even if these numbers are very big and make this generally unsolvable, you can do what is called the lattice reduction algorithm. To go from these numbers to smaller numbers. All right, so little tiny squared plus two to a very little tiny. I mean, these are different concepts, of course, a two plus a two squared equals a little tiny C. And then you can get them small enough that the model doesn't matter. That's called the copper Smith attack against RSA. It's an example of one way RSA failed. If you're having or your message is specific format that allows this example. Okay, so that's the behind an RSA. And so on. Cool. Any questions. I'll be here for a couple of minutes. Good luck. Yeah, absolutely.