Mathematics for Computer Science
MIT 6.042J/18.062J
Euler’s Theorem
RSA encryption
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.1
Euler
 function
(n) ::=
# k  0,1,…,n-1 &
k has
rel. an
prime
to n
inverse
(mod n)
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.2
Euler’s Theorem
For k relatively
prime to n,
(n)
k
´ 1 (mod n)
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.3
Fermat’s Theorem
special case of Euler:
p-1
k ´ 1 (mod p)
for prime p
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.4
Proof of Euler’s Theorem
Remark:
If m,k have inverses
(mod n), then so does
rem(mk,n)
WHY?
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.5
Proof of Lemma
inverse of mk is
-1
-1
k m
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.6
Proof of Euler’s Thm
m1,m2,…,mt : the ints from 1
to n-1 with inverses mod n.
k: has inverse mod n. Then
rm(m1k,n),rm(m2k,n),…,rm(mtk,n)
is a permutation of the m’s.
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.7
permuting (mod 9)
(9) =
5=
2
3 -3
=6
1 24578
2248 1 57
775 1 842
-1
2
Copyright © Albert R. Meyer, 2007. All rights reserved.
4=
October 26, 2007
-1
7
lec 8W.8
Proof of Euler’s Thm
why? …k cancels, so
same # of mi’s and
mik remainders.
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.9
Proof of Euler’s Thm
why? … and rem(mik, n)
-1
-1
has inverse mi k , so
rem(mik, n) is an mj.
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.10
Proof of Euler’s Thm
So m1 ∙∙∙ mt
 (m1k)(m2k) ∙∙∙ (mtk) (mod n)
= kt∙m1 ∙∙∙ mt (mod n)
But OK to cancel m1,∙∙∙,mt, so
t
1  k (mod n).
QED
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.12
RSA Public Key Encryption
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.13
Beforehand
•
•
•
•
•
•
receiver generates primes p,q
n ::= pq
selects e rel. prime to (p-1)(q-1)
(e, n) ::= public key, publishes it
finds d, inverse mod (p-1)(q-1) of e
d is secret key, keeps hidden
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.14
Receiver’s abilities
• find two large primes p, q
- ok because: lots of primes
- fast test for primality
• find e rel. prime to (p-1)(q-1)
- ok: lots of rel. prime nums
- gcd easy to compute
• find inverse of e
- easy using Pulverizer or Euler
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.15
RSA
0 m<n
• Encoding message m:
send m’ ::= rem(me, n)
• Decoding m’:
receiver computes
rem((m’)d, n ) = m
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.16
Why does this work?
follows easily from
Euler’s Theorem when
m has inverse mod n
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.17
Why does this work?
actually works for
all m …explained in
recitation problem
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.18
Why is it secure?
• easy to break if can factor n
(find d same way receiver did)
• conversely, from d can factor n,
but factoring appears hard
• RSA has withstood 30 years of
attacks
Copyright © Albert R. Meyer, 2007. All rights reserved.
October 26, 2007
lec 8F.19