Skip to content

RSA Cryptosystem

Classical cryptography uses a shared secret key. Both sender and receiver must know the same secret information in advance.

number-theory book chatgpt

Public-Key Cryptography

Classical cryptography uses a shared secret key. Both sender and receiver must know the same secret information in advance.

Public-key cryptography introduced a radically different idea:

  • encryption uses a public key,
  • decryption uses a private key.

Anyone may encrypt messages using the public key, but only the holder of the private key can decrypt them.

The RSA cryptosystem, introduced by entity[“people”,“Ron Rivest”,“American cryptographer”], entity[“people”,“Adi Shamir”,“Israeli cryptographer”], and entity[“people”,“Leonard Adleman”,“American computer scientist”], was the first widely practical public-key cryptosystem.

RSA relies fundamentally on arithmetic properties of prime numbers and modular exponentiation.

Modular Arithmetic Background

RSA operates in the ring

Z/nZ. \mathbb{Z}/n\mathbb{Z}.

Arithmetic is performed modulo a composite integer

n=pq, n=pq,

where pp and qq are large primes.

The key mathematical principle behind RSA is Euler’s theorem.

If

(a,n)=1, (a,n)=1,

then

aφ(n)1(modn) a^{\varphi(n)}\equiv1\pmod n

where

φ(n) \varphi(n)

is Euler’s totient function.

When

n=pq n=pq

with distinct primes,

φ(n)=(p1)(q1). \varphi(n)=(p-1)(q-1).

This theorem makes modular inversion through exponentiation possible.

Key Generation

RSA key generation proceeds as follows.

Step 1. Choose Two Large Primes

Select large distinct primes

p,q. p,q.

These primes must remain secret.

Step 2. Form the Modulus

Compute

n=pq. n=pq.

The integer nn becomes part of the public key.

Step 3. Compute the Totient

Compute

φ(n)=(p1)(q1). \varphi(n)=(p-1)(q-1).

This value must remain secret because knowledge of φ(n)\varphi(n) essentially reveals the factorization of nn.

Step 4. Choose a Public Exponent

Choose an integer

e e

satisfying

1<e<φ(n),(e,φ(n))=1. 1<e<\varphi(n), \qquad (e,\varphi(n))=1.

Common choices include

65537. 65537.

Step 5. Compute the Private Exponent

Find

d d

such that

ed1(modφ(n)). ed\equiv1\pmod{\varphi(n)}.

Thus

d=e1(modφ(n)). d=e^{-1}\pmod{\varphi(n)}.

The public key is

(n,e), (n,e),

while the private key is

d. d.

Encryption

Suppose a message is represented as an integer

m,0m<n. m, \qquad 0\leq m<n.

Encryption computes the ciphertext

c c

using modular exponentiation:

cme(modn). c\equiv m^e\pmod n.

The sender needs only the public key.

Efficient modular exponentiation algorithms make this practical even for extremely large integers.

Decryption

The receiver computes

mcd(modn). m\equiv c^d\pmod n.

Substituting the encryption formula gives

med(modn). m^{ed}\pmod n.

Since

ed1(modφ(n)), ed\equiv1\pmod{\varphi(n)},

there exists an integer kk such that

ed=1+kφ(n). ed=1+k\varphi(n).

Euler’s theorem then yields

$$ m^{ed}

m^{1+k\varphi(n)}

m(m^{\varphi(n)})^k \equiv m\pmod n. $$

Thus decryption recovers the original message.

Correctness of RSA

The correctness of RSA depends fundamentally on modular arithmetic and Euler’s theorem.

The system works because exponentiation by ee and exponentiation by dd are inverse operations modulo nn.

The algebraic structure of

(Z/nZ)× (\mathbb{Z}/n\mathbb{Z})^\times

makes this inversion possible.

Example with Small Numbers

Real RSA systems use enormous primes, but a small example illustrates the mechanism.

Choose:

p=61,q=53. p=61, \qquad q=53.

Then

n=3233, n=3233,

and

φ(n)=3120. \varphi(n)=3120.

Choose

e=17. e=17.

Compute dd satisfying

17d1(mod3120). 17d\equiv1\pmod{3120}.

One obtains

d=2753. d=2753.

Suppose the message is

m=123. m=123.

Encryption gives

c12317(mod3233). c\equiv123^{17}\pmod{3233}.

Decryption computes

mc2753(mod3233). m\equiv c^{2753}\pmod{3233}.

The original message is recovered.

Real systems use integers hundreds or thousands of bits long.

Security of RSA

RSA security depends primarily on the difficulty of factoring large integers.

If an attacker factors

n=pq, n=pq,

then:

  1. φ(n)\varphi(n) becomes known,
  2. the private exponent dd can be computed.

Thus breaking RSA reduces essentially to integer factorization.

No efficient classical algorithm for factoring large RSA moduli is currently known.

Padding Schemes

Raw RSA encryption is insecure.

Deterministic encryption leaks structural information and is vulnerable to chosen-message attacks.

Practical RSA therefore uses padding schemes such as:

  • OAEP,
  • PKCS standards,
  • probabilistic encodings.

Padding introduces randomness and prevents many attacks.

Modern cryptographic security depends critically on correct padding.

Digital Signatures

RSA also supports digital signatures.

Instead of encrypting with the public key, one signs with the private key:

smd(modn). s\equiv m^d\pmod n.

Verification uses the public exponent:

mse(modn). m\equiv s^e\pmod n.

This proves that the signer possessed the private key.

Digital signatures are fundamental in secure communication and authentication systems.

Chinese Remainder Optimization

Decryption can be accelerated using the Chinese remainder theorem.

Instead of computing modulo nn, one computes separately modulo:

pandq. p \quad\text{and}\quad q.

This substantially speeds up modular exponentiation.

Most practical RSA implementations use CRT optimization.

Attacks on RSA

Many attacks target poorly implemented RSA systems.

Examples include:

Attack TypeIdea
Factoring attackFactor nn
Timing attackMeasure execution time
Padding oracleExploit padding structure
Small exponent attackAbuse weak parameter choices
Side-channel attackUse physical leakage

Thus practical security depends on careful implementation as well as theoretical mathematics.

Quantum Threat

RSA is vulnerable to quantum algorithms.

Shor’s algorithm can factor integers in polynomial time on a sufficiently powerful quantum computer.

If large fault-tolerant quantum computers become practical, RSA would become insecure.

This motivates the development of post-quantum cryptography.

Practical Importance

RSA became one of the foundational systems of internet security.

Applications include:

  • HTTPS,
  • digital certificates,
  • email encryption,
  • secure authentication,
  • software signing.

Although newer systems such as elliptic curve cryptography often provide better efficiency, RSA remains historically and practically significant.

Conceptual Importance

RSA demonstrates how deep number theory can produce practical technology.

The system combines:

  • prime numbers,
  • modular arithmetic,
  • Euler’s theorem,
  • fast exponentiation,
  • computational complexity.

Its security relies not on secrecy of algorithms but on the presumed computational hardness of factorization.

RSA therefore represents one of the clearest and most influential connections between pure mathematics and modern digital infrastructure.