A Study and Implementation of RSA Cryptosystem ∗

†
[Implementing the well known Rivest Shamir Adleman Public Key Cryptosystem]

‡
Sinjan Chakraborty Vineet Kumar
Computer Science and Engineering Department Computer Science and Engineering Department
Jadavpur University Jadavpur University
Kolkata, 700032 | WB IN Kolkata, 700032 | WB IN
[email protected] [email protected]
arXiv:1506.04265v1 [cs.CR] 13 Jun 2015

ABSTRACT of how generation of random primes, key generation and en-

This project involves an implementation of the Rivest Shamir cryption and decryption process takes place in RSA. Being
Adleman (RSA)[1] encryption algorithm in C. It consists of an undergrad students our search for an easy-to-understand
generation of two random prime numbers and a number co- C implementation of RSA that involved generation of ran-
prime to φ(n) also called euler toitent function. These three dom primes lead no where. On not finding a satisfactory
are used to generate a public key and private key. The user implementation, we implemented it.
has to enter a message which is encrypted by the public
key. The algorithm also decrypts the generated cipher text 2. PUBLIC-KEY CRYPTOSYSTEMS
with the help of the private key and returns the plain text In a public key cryptosystem each user places in a public
message which was encrypted earlier. file an encryption procedure E. That is, the public file is a
directory giving the encryption procedure of each user. The
General Terms user keeps secret the details of his corresponding decryp-
Plain Text: The general message needed to be encrypted is tion procedure D. These procedures have the following four
called plain text. properties:
Cipher Text: The Garbage like looking string having no
information about plain text is called cipher text. 1. Deciphering the enciphered form of a message M yields
M. Formally,
Keywords
RSA, Public Key Cryptosystem, Asymmetric Key Cryp-
D(E(M ) = M
tosystem, Cryptography, Security.
2. Both E and D are easy to compute
1. INTRODUCTION 3. By publicly revealing E the user does not reveal an
This project has been done so that people interested in cryp-
easy way to compute D. This means that in practice
tography, especially students can get a better understanding
only he can decrypt messages encrypted with E, or
∗Permission to make digital or hard copies of all or part of compute D efficiently
this work for personal or classroom use is granted without fee 4. If a message M is first deciphered and then enciphered,
provided that copies are not made or distributed for profit
or commercial advantage and that copies bear this notice M is the result. Formally,
and the full citation on the first page.
†A full code of this implementation is availble at
E(D(M ) = M
https://github.com/lugju/rsa
‡Both author of this paper are freshman students audit-
ing the RC Bose Summer Research Internship Program on
3. IMPLEMENTATION RSA ALGORITHM
Cryptography at Indian Statistical Institute, Calcutta. Both For Implementation of RSA these four famous algorithms
authors are members of Linux User’s Group Jadavpur Uni- have been used: -
versity.
• Sieve of Eratosthenes (for prime number generation)
• Fermat Primality Test
• Miller-Rabin Primality Test
• Encryption-Decryption Algorithms.

Proper discussion about each algorithm is mentioned in next

subsections.
3.1 Sieve of Eratosthenes p ) or a ∗ s ∗ 2r = −1(modp). If both of them fail, then p
The sieve of Eratosthenes is one of the most efficient ways is definitely composite. Otherwise p is probably prime. We
to find all primes smaller than n when n is smaller than can choose another a and repeat the same test. We can stop
10 million or so. Following is the algorithm to find all the after some fixed number of iterations and claim that either
prime numbers less than or equal to a given integer n by p is definitely composite, or it is probably prime. It can
Eratosthenes method: be shown that for any composite number p, at least (3/4)
of the numbers less than p will witness p to be composite
1. Create a list of consecutive integers from 2 to n : (2, 3, when chosen as a in the above test. Which means that if we
4,.... , n). do 1 iteration, probability that a composite number is re-
turned as prime is (1/4). With k iterations the probability
2. Initially, let p equal 2, the first prime number. of test failing is (1/4)k or 4(-k). This test is comparatively
slower compared to Fermat’s test but it doesn’t break down
3. Starting from p, count up in increments of p and mark for any specific composite numbers and 18-20 iterations is a
each of these numbers greater than p itself in the list. These quite good choice for most applications.
numbers will be 2p, 3p, 4p, etc.; note that some of them
may have already been marked.
int Miller(long long p,int iteration){
4. Find the first number greater than p in the list that is if(p<2){ /*this conditional statement is
not marked. If there was no such number, stop. Otherwise, not required for our given program.
let p now equal this number (which is the next prime), and We write it for maintaining generality.*/
repeat from step 3. But When the algorithm terminates, all return 0;
the numbers in the list that are not marked are prime. }
if(p!=2 && p%2==0){
3.2 Fermat’s Primality Test return 0;
If p is the number which we want to test for primality, then }
we could randomly choose a, such that a < p and then calcu- long long s=p-1;
late a(p−1) modulo p. If the result is not 1, then by Fermat’s while(s%2==0){
Little Theorem p cannot be prime. What if that is not the s/=2;
case? We can choose another a and then do the same test }
again. We could stop after some number of iterations and if int i=0;
the result is always 1 in each of them, then we can state with for(i=0;i<iteration;i++){
very high probability that p is prime. The more iterations long long a=rand()%(p-1)+1,temp=s;
we do, the higher is the probability that our result is cor- long long mod=modulo(a,temp,p);
rect. You can notice that if the method returns composite, while(temp!=p-1 && mod!=1 && mod!=p-1){
then the number is sure to be composite, otherwise it will mod=mulmod(mod,mod,p);
be probably prime. temp *= 2;
}
if(mod!=p-1 && temp%2==0){
int Fermat(long long p,int iterations){ return 0;
if(p == 1){ /*1 isn’t prime; this conditional }
statement is not required for our given program. }
We write it for maintaining generality.*/ return 1;
return 0; }
}
int i=0; 3.4 RSA Algorithm
for(i=0;i<iterations;i++){ The algorithm of RSA consists of the following steps:
/* choose a random integer between
1 and p-1 ( inclusive )*/ 1. Select two prime nos p & q such as p!=q
long long a = rand()%(p-1)+1;
/* modulo is the function we developed 2. Calculate n as product of p & q, i.e. n=p*q
above for modular exponentiation */
if(modulo(a,p-1,p) != 1){ 3. Calculate m as product of (p-1) & (q-1) i.e. m=(p-1)(q-
return 0; /* p is definitely composite */ 1)
}
} 4. Select any integer e<m such that it is co-prime to m,
return 1; /* p is probably prime */ co-prime means gcd(e,m) = 1.
}
5. Calculate d such that (d*e) mod m = 1 ,
i.e. d = e-1 mod m
3.3 Miller-Rabin Primality Test
Let p be the given number which we have to test for pri- 6. The public key is e,n The private key is d,n
mality. First we rewrite p-1 as 2d ∗ s . Now we pick some So these are the keys, now if you want to perform some
a in range [1,n-1 ] and then check whether a*s = 1 ( mod encryption operation using these keys here are the steps,
if you have a text P, its encrypted version(cipher text C is)
C = P e modn Table 1: Data Types Used in Implementation
To decrpty it back to plain text use P = C d modn Variable Name DataType Use
p,q long long Stores the two generated primes
n long long Stores product of p and q.
4. IMPLEMENTATION M long long Stores the message entered
Successful Implementation of above discussed algorithms can phi long long Stores value of φ(n)=(p-1)(q-1)
be achieved in following steps. e long long Stores the public exponent e
d long long Stores the private exponent d
C long long Stores the Cipher
4.1 Generating Two Large Primes
In the implementation of RSA, the first thing we have to do
is generate two large prime numbers, p and q. The standard 4.2 Key Generation
way to generate big prime numbers is to take a preselected Calculate n as the product of p & q, the two generated
random number of the desired length, apply a Fermat Test primes. The next thing to do is to generate a number e
(best with the base 2 as it can be optimized for speed) and such that e < φ(n) and gcd(e, φ(n)) = 1. Here generated a
then to apply a certain number of Miller-Rabin tests (de- random number less than φ(n) and checked their gcd. Con-
pending on the length and the allowed error rate like 2−100 tinued the process until their gcd is 1. After generating
) to get a number which is very probably a prime number. e,Calculated the value of d such that d = e−1 modφ(n). The
The pre-selection is done either by test divisions by small public key is {e,n}. The private key is {d,n}.
prime numbers (up to few hundred) or by sieving out primes
up to 10,000 - 1,000,000 considering many prime candidates 4.3 Encryption
of the form b+2i(b big, i upto a few thousands). Created a function encrypt() to encrypt a message with
the help of public key {e,n}. The encrypted keyword C is
Here pre selection of a random prime by first creating an calculated by doing C = M e modn.
array of primes of size 10000 by the Sieve of Eratosthenes1 .
Then generated a random number ‘gen’ with the help of
rand() function such that the number is greater than 1000 void encrypt(){
and less than 10000. I have extracted the number at ‘gen’-th long long i;
index position of the array of primes2 . C = 1;
for(i=0;i< e;i++)
Now as the extracted number might not be a prime number, C=C*M%n;
applied the Fermat Primality Test. Though Fermat is highly C = C%n;
accurate in practice there are certain composite numbers p printf("\n\tEncrypted keyword : %lld",C);
known as Carmichael numbers for which all values of a<p for }
which gcd(a,p)=1 .(a(p − 1))modulo p =1. If apply Fermat’s
test on a Carmichael number the probability of choosing an
a such that gcd(a,p) != 1 is very low ( based on the nature
4.4 Decryption
Created a function decrypt() to decrypt a cipher with the
of Carmichael numbers), and in that case, the Fermat’s test
help of private key{d,n}. The decrypted message M is cal-
will return a wrong result with very high probability.
culated by doing M = C d modn.
For this reason, applied Miller Rabin Primality Test on the
number in case it satisfies Fermat test. If the number sat- void decrypt(){
isfies all the tests, we get a large number with a very high long long i;
probability of being prime. M = 1;
for(i=0;i< d;i++)
Now put the entire set of above operations in a loop such M=M*C%n;
that if the number generated does not satisfy the Miller Ra- M = M%n;
bin Primality Test, the above operations will be repeated printf("\n\tDecrypted keyword : %lld\n",M);
again and this will go on until we generate a prime number. }
As needed to generate two prime numbers, we provide an-
other loop outside this which runs two times and stores the
generated primes in an array of size 2. 5. SIMPLE EXAMPLES
Example 1:
1
all numbers in this array created by sieving may not be
prime
2
It is customary to use numbers of this range because imple- 62011
mentation is done on a INTEL(R) CORET M i5-4210U CPU @ 12269
1.7 GHz 2.4 Ghz. Otherwise if not confined in given range,
it was taking a lot of time to decrypt a cipher. For this range, F(n) phi value = 760738680
the probability that a number in the array is not a prime Public Key : {11723299,760812959}
is really very low. But as we increase the upper bound of
these numbers, this probability increases. So applying Fer- Private Key : {288096259,760812959}
mat Primality Test and Miller-Rabin Primality Test on the
number is very essential. Enter The Plain Text : 5321
Encrypted keyword : 573183424

Enter the Cipher text : 573183424

Decrypted keyword : 5321

Example 2:

39703
66883 Figure 1: Computational Complexity (Graph)

F(n) phi value = 2655349164

Public Key : {8068769,2655455749} 8. REFERENCES
Private Key : {149069429,2655455749} [1] R.L. Rivest, A. Shamir, and L. Adleman, A Method
for Obtaining Digital Signatures and Public-Key
Enter The Plain Text : 5321 Cryptosystems, Comm. of ACM, 1983.
Encrypted keyword : 2521426694 [2] W. Stallings, Cryptography and Network Security
Principles and Practice, 5th ed. USA: Pearson
Enter the Cipher text : 2521426694 Education, Inc, 2nd edition, 2011.
[3] Knuth, D. E., The Art of Computer Programming,
Decrypted keyword : 5321 Vol 2: Seminumerical Algorithms., Addison-Wesley,
Reading, Mass., 1969.
[4] Diffie, W., and Hellman, M. New directions in
Comment: These two examples show how on entering the cryptography. IEEE Trans. Inform. Theory IT-22,
same message on two different runs, the value of the cipher (Nov. 1976), 644-654. (Nov. 1976), 644-654.
text is different because of the generation of different prime [5] Diffie, W., and Hellman, M. New directions in
numbers p and q and the different public and private expo- cryptography. IEEE Trans. Inform. Theory IT-22,
nents e and d, each time the program is run. (Nov. 1976), 644-654. (Nov. 1976), 644-654.
[6] Diffie, W., and Hellman, M. Exhaustive cryptanalysis
6. PROBLEMS IN IMPLEMENTATION of the NBS data encryption standard, Computer 10,
The main problem faced is that for a given message M, the June 1977), 74-84.
cipher text C generated is large, nearly a 10 digit number. [7] Miller, G.L. RiemannâĂŹs hypothesis and tests for
Also, the value of d, i.e., the private exponent is of 10 digits. primality. Proc. Seventh Annual ACM Symp. on the
To decrypt M, we have to calculate M = C d modn. This Theory of Comptng, Albuquerque, New Mex., May
calculation is taking a long time in some cases. 1975, pp. 234-239
[8] Goldwasser, S. and Bellare, M., Lecture Notes on
Cryptography, MIT, July 2008.
7. ANALYSIS [9] Rabin, M.O., Probabilistic algorithms. In Algorithms and
The time taken on computing is not fixed it changes in each
Complexity, J. F. Traub, Ed., Academic Press, New York,
& every run. After performing a statistical test of encrypting
1976, pp. 21-40.
a plain text (which is 25000) & decrypting it time taken is
noted

Value of F(n) Time (in sec.)

1614044880 16.5
946335840 21.5
2186888896 60.0
1927086672 17.6
1595209116 18.8
1424163096 9.4
2917216608 28.2

Table 2: Computational Complexity (Data)

Plotting the data it is extremely clear that computational

time of phi function, encryption & decryption of plain text &
cipher text respectively is not predictable. Some runs of test
with takes more time, some takes less time while complexity
of computations remaining approximately fixed.