 All right, we're now ready to describe an encryption system that's known as RSA after the initials of the three creators. And this is an interesting one because it's what's known as an asymmetric encryption system. Many of the encryption systems we've described are symmetric, which means that if I know how the message was encrypted, I can figure out how to decrypt the message. If I know the key that was used to encrypt the message, I can use the same key or information about that key to decrypt the message. So how does this work? Well, what I'm going to do is I'm going to choose two secret primes, p and q. I'm not going to tell anybody what if they are. I know what they are, but I'm not going to tell you. I'm going to then compute a public value, k equals p times q, that's the product of the two primes, and some public encryption exponent, e. And again, note that we're relying on this hard problem of factorization. If you know the value of k, it's believed to be pretty much impossible to determine what the factors p and q are going to be. We'll have a little bit more to say about what this public encryption exponent has to be in a second. But for right now, we announced some public encryption exponent, some public value k. And if you want to send me a message, the idea is that you're going to encrypt it using the following congruence. Your ciphertext is going to be whatever your message is, raised to power e mod k. And there's your encrypted text. Now, if I want to break this encryption, I have to solve the congruence something to power e congruent to c. And again, this is one of those non-linear congruences, and it's believed that these are very, very hard to solve. Well, hopefully I can figure it out. So what I'm going to do then is I'm going to look for some value of d, so that m to power ed gives me m again. Now, pigeonhole principle suggests that this might actually be possible. We'll actually have to give a little bit more detail as to how we know that that will be the case. And incidentally in practice, this is where this choice of this public exponent comes from. We actually start by looking for a pair of numbers e and d so that this relationship actually holds. So I figure out what those are. I tell you one of them. I keep the other one secret. And how do I decrypt my message? Well, if I take my message, the encrypted form, and raise it to power d. Well, remember my encrypted ciphertext is m to power e. Raising that to power d gives me m to power ed, which is m, which is the original message. And there's the basis of RSA encryption. Well, let's see how that works in practice. So I'm going to pick two primes. How about 37 and 89? And I'm going to look for a suitable e, d pair for an RSA encryption system using these two numbers. Now, first thing we want to find is we want to find k equals pq. So that's going to be 3293. And again, we tell everybody 3293 is the number. And again, if you can't factor this, you can't recover certain critical information. And again, the basic assumption here is that if these two primes are large enough, this is very difficult to factor. Now, Fermat's theorem guarantees that a to power phi of k is congruent to 1 mod k for all a that are relatively prime. So we do want to find that value of phi of k. And because 37 and 89 are distinct primes, then I can find the value phi of k by multiplying the two phi values for the two numbers. It could be 3168. And so that guarantees that a to power 3168 is congruent to 1 for almost all values of a. Now, more usefully, if a to power 3168 is congruent to 1, I also know that if I raise everything to the k power, I still get 1. And if I, and here's the importance, multiply by a, I get this relationship. a to power 3168 k plus 1 is congruent to a. And so now I'm back at this point where I now have a power of a that's going to give me a once again. So what I want is d and e to satisfy a to some power giving you a again. So that says I'm going to make this equal to e times d. Now, this should look familiar. This is a linear diaphontian equation that corresponds to finding the multiplicative inverse of some number mod 3168. Now, remember that any number that's relatively prime to the modulus will have a multiplicative inverse. So I'll pick some value of e that's relatively prime to 3168, how about 35? Again, it's a fine to suitable pair. Well, let's take e equals 35. And so now I want to solve the diaphontian equation. 35d equals 3168 k plus 1. And I'll find the solutions. d equals 2987, k equals 33. I don't care what k is, but I do need to know what d is. And I'm going to announce k, this product of primes, and e, this public exponent, 35. And there's my e and d pair, 35, 2987, that I can use for RSA encryption. Well, let's see how that works. So again, the public modulus, 3293, the public encryption exponent, 35, and my message is going to be the number 75. So how do I do that? Well, I will find the encrypted text by taking the message 75, raising it to the public exponent 35 mod 3293. And after all the dust settles, that works out to be 852. So there's my encrypted text. Now I want to work backwards. Well, remember that we determined that the decryption exponent was d equals 2987. So what I need to do is I need to take the encrypted message 852, raise it to power 2987, and then reduce it mod 3293. So nothing up my sleeves. I'm going to 852, raise to the power 2987, and after all the dust settles, I get p equals 75, and I recover the original message. Now it's worth noting that this is not a symmetric encryption system. So in other words, I know that I'm using, everybody knows that we're using 3293 as our public modulus, and everybody knows that we're using equals 35 as our public encryption key. The problem is that in order to decrypt this, you need to know something that is not out in the public. That is this number 2987. In fact, under an ideal circumstances, this number never leaves your possession. You never communicate this number, and so there's no way that this number can be intercepted. And the fact that you are keeping in your own hands and never communicating them, two things, D, your decryption exponent, and the two primes whose product is 3293, because those bits of information never leave your hands, this contributes to the security of the system.