 What's up everybody? My name is John Hammond. We're looking at Pico CTF 2017 and we are on the last challenge in the cryptography category of level one. So this challenge is called compute RSA. It says RSA encryption or decryption is based on a formula that anyone can find and use as long as I know the values to plug in. So given the encrypted number this thing d equals this thing and n equals this thing, what is the decrypted number? And check out the hint here. It says decrypted equals encrypted, raised to the power of d, mod n. So if you've never seen RSA before, that's totally okay. It's super duper common in capture-to-flag competitions in the cybersecurity scene. You'll see it in like computer science stuff, blah, blah, blah. But it is an example of cryptography. It is one of the first public key cryptosystems and like an example or method of cryptography. So it is based on math like pretty much all of cryptography is and it's a really great example of basic like example public key cryptosystems. So I'm not going to get exactly into all of the cool tidbits or even all of the attacks and crazy cool things we can do with RSA, but I do want to showcase how we can solve this challenge and still explain, okay, what is really happening behind the scenes of RSA? They give us all of the actual like information that we need in this prompt right here. So all we have to do is literally do the operation and we could get the flag just like that, but I do want to explain a little bit of RSA before we dive into doing it for more for real in later videos. So I'm in the key generation portion of the Wikipedia page and it says at the basics of this is how RSA really works is that there are two original numbers P and Q and they are chosen and that they are different prime numbers. So prime numbers and that like there isn't a factor in between it other than 1 like 3 and 5 and 7 etc. For security purposes the integers P and Q should be chosen at random and should be similar in magnitude but different in length. You will see a lot of attacks that will get into more in RSA like Wieners little d-attack or using a like I think it's multi-prime or something that or twin-primes etc etc but for now just press the I believe button for P and Q and that you'll see is the modulus and that's the word that you'll hear more often than not and you'll see and in the public key or one half of the RSA algorithm and that is the product of P and Q multiplied together and then we compute this looks like lambda here as the least common multiple of P and Q or least common multiple of P minus 1 and Q minus 1 because lambda here is the Carmichael Totion function which is not the Euler's Totion function apparently. When I first looked at this I was like what I thought it was Euler's Totion and they explained this a little bit down below. Euler's Totion function is Phi and you'll hear me refer to Phi a lot more than usual because it's just for these prime numbers P and Q the Phi will return P or the prime number minus 1 and that Totion is just the count of positive integers up to them number that are relatively prime to that number. Maybe that doesn't make a whole lot of sense when I just say it out loud but for a prime number it will just be that prime number minus 1 so it also has a property in that the product here when we're using prime numbers again the Phi of n will just be the Phi of P multiplied by the Phi of Q because n is P multiplied by Q. So keep that in mind now we choose an integer E which is the exponent that is greater than 1 and less than that Phi or lambda in our case and the greatest common denominator is one of those. So those are co-prime. E you'll typically see as the common exponent of 0x1001 or hex a thousand a thousand ten thousand one what one of those numbers and that's six five five three seven I think in decimal. You'll see that more often but in this case in this problem for bigot CTF they actually don't give us E or the exponent because we don't need it because we're just doing the decryption process with D which is the private key. So D is the exponent modular inverse so raised to the power of negative one all mod lambda n or Phi in whatever we are referring to when we're using when we are using actual Euler's Totion and you'll hear me refer to Phi more often than not so I apologize for that. D is the modular multiplicative inverse of E that is normally mathematically wise hard to compute but we can do it in Python with some cool libraries and modules so we'll keep that in mind again once we later look at RSA. This is a lot of explanation that we don't particularly need to cover for just this task at hand but I want you to know those basics so the public key is N and E the modulus and the exponent the private key is D so that should be kept secret you should not share D but in this case the problem does so all we have to do is do the decryption P Q and Phi or lambda N in Carmichael's Totion function again exception here sorry disclaimer those should be kept secret because they can be used to calculate D obviously if you know P and Q or if you can factor N then you essentially can figure out Phi and you can figure out D because you're normally given E as that is the public key right so P and Q are the gates the the keys the golden gate right if you can figure out P and Q if you can factor N you should be able to solve an RSA problem okay and they give this example of the regular normal E exponent so cool okay now let's jump into this actual problem let's do this in Python here I'm just going to get a terminal open up and I'm going to use Python because that is typically our weapon for solving CTF challenges that is our best sword so we have the encrypted number this thing so that because it's encrypted we know that that is the ciphertext right so that will consider that C for the code the ciphertext D which is our private key we can use to decrypt and N is that modulus right so we'll keep that in mind because we need that now to go through this decryption process if we scroll down a little bit more in the Wikipedia page they give us these equations that are the actual procedure for encrypting or decrypting with RSA and they also give an example choosing a random P and Q finding out lambda or phi whatever you want to consider it as using an E that meets the criteria for this challenge determining D finding the multiplicative inverse and calculating it with encryption and decryption so encryption is taking the original plaintext method M the original plaintext message sorry raising it to E the exponent mod N so modular arithmetic that's the secret of our of our cryptography keeping that secret sauce in and we get C our ciphertext now to decrypt C we have C the ciphertext raised to D the exponent there is the private key and again that is mod N everything in RSA is mod N or modulus and you know the percent sign we've seen before so we saw that in hash 101 right that modular arithmetic is what's keeping the secret sauce of cryptography super cool so we can do that decryption just like that in Python you can do that like actual mathematics here typed out with those symbols so let's say we wanted okay here's our encrypted ciphertext raised to the power of D all mod N if we put that in parentheses just for say keeping you can do it that way but Python's built-in library Lennon and functions and language set is much faster so we could do that written at longhand or you can use the POW function which is built into Python to raise something to the power of something else right so in our case we're taking our ciphertext and the other arguments is the exponent that we want so D in our case but it also can take a third optional argument which is the modulus which is okay this expression mod something else so we can say N here great once I hit enter that is supposedly our flag right and we can assume that that's the right answer because it's it's a lot of leaps we can go ahead and submit that and we win okay we're up 50 points that's that that is the simple decryption process in RSA now if I were to do that how I had done before by hand I wonder if these are small numbers obviously once you get to numbers that like take up more than half the screen it'll take a lot more time so that use that POW function when you're doing this for real let's try that C exponent D all mod N okay it gets it relatively quickly but obviously if we had some much more hardcore RSA problem and data to work with then we would not use that method cool so that's that that is the basics behind RSA probably really hard to understand well I'm just talking about it and I totally get that I totally understand we will be interacting with it in a much more real way once we get to a harder problem to solve or harder catch the flag problem where we're gonna use a real attack against RSA or just solve this challenge to begin with when we're given N and we have to determine PNQ cool so let's move on and we'll do that in the next video but before I get that far I want to give a special shout out to all of my supporters that people that give me some love on patreon thank you so much I cannot say it enough that's why I do this at the end of every video and this list is getting significantly longer than the last time I think I recorded here so thank you it means the world to me I'm so so grateful you're willing to go on this adventure with me $1 a month on patreon will give you an extra shout out just like this at the end of every video $5 a month gives you early access to things that I record before I let them be uploaded and release on YouTube because I normally do like a recording bulk and then gradual daily release schedule thank you if you did like this video please do like maybe leave me a comment maybe subscribe and check me out on patreon or my new website John Hammond org dub dub dub John Hammond org like World Wide Web www.JohnHammond.org I'm trying to get my DNS records right it's something weird between GoDad and DigitalOcean whatever check it out cool thanks see ya