Public Key Encryption (RSA)

External RSA Information:

RSA Patent

Public Key Encryption:

     To explain the concept of the public key encryption process, we will use a message, box, lock and key. The message is locked inside the box with the lock (encryption algorithm) and the only way to read the message is to unlock the lock (decipher) with the correct key (encipher key).

     I am going to send you a secret message. I will write the message, lock it in my box, and send the box to you via Pony Express. You will of course need the key to unlock the box and read the message. I will send you that key via a Secret Agent. Why is this not secure? The Secret Agent could be a double-agent and copy the key before giving it to you, thus he would also have access to the message and we would suspect nothing.

     There is no real way of giving you the key to the box without outside interference. Now, you may think, why don't you personally give me the key. In that case, I could just whispher the message in your ear; thus eliminating the need for the secret message all together.

     The public key system works like this: Instead of putting my lock on the box, you could give me your lock and I would lock the message in the box using your lock. You can distribute your lock via Pony Express, or a Secret Agent. Using this method, there is never an instance where a key is exchanged (yours or mine), only locks. When you receive the box, you unlock it with your key because it is locked with your lock. If you were to send me a reply, you would lock the box with my lock, and only I can unlock it with my key. Once you or I lock the box with the other's lock you or I can no longer unlock the box either because it is locked with the other's lock.

     Now to translate the above concept to digital encryption: Your public key is your lock. My public key is my lock. All public keys have a matching secret key (to unlock the lock). In public key encryption, the secret key is never exchanged. Both you and I have secret keys that correspond with our public keys. If I were going to send you an enciphered message, I would get your public key, encipher the message with your public key, and send the message to you via email. Only you can decipher the message b/c the decipher process requires your secret key. If my ciphertext message is intercepted with a packet sniffer, the secret message is still secure because there was never a secret key exchanged.

     The process of designing the public key encryption algorithm was a major acomplishment for cryptographers and mathematicians in the 21st century. The mathematical function must correspond both keys but cannot return the private key when the function is reversed with the public key. The process is actually reversible but the numbers are so large and the mathematics are so complex that it would take clustered supercomputers milleniums to find the secret key. By that time, the English language may be more secret than the encryption process. Remember the Navaho language was used in World War 2 by the United States and was more secure than the German Enigma Machine.

     You can obtain one's secret key by using the $finger command on a unix system. $finger the user@isp.com and many people who use public key encryption will have a file that returns their public key. Pretty Good Privacy (PGP) is the most common software used in the public domain.

RSA Encryption:

     RSA stands for the initials of the three men who invented it in 1977 at MIT: Ron Rivest, Adi Shamir, and Len Adleman. The security behind RSA lies in the difficulty of factoring large numbers into their primes. The process involves selecting two large (hundreds of digits) prime numbers (p and q), and multiplying them together to get the sum, n. These numbers are pased through a mathematical algorithm to determine the public key KU = {e,n} and the private key KR = {d,n}, which are mathematically related. It is extremely difficult to determine e and/or d given n, thus the security of the algorithm. Once the keys have been created a message can be encrypted in blocks, and passed though the following equation:

	(1):  $C = M$ ^e mod n

		C = ciphertext
		M = plaintext
		e = recipient's public key.

Similarly, the above message could be decrypted by the following equation:

	(2):  $M = C$ ^d mod n

		d = recipient's private key.

For example: let's assume that our M is 19 (we will use smaller numbers for simplicity, normally theses numbers would be MUCH larger). We will use 7 as p and 17 as q. Thus, n = 7 * 17 = 119. Our e is then calculated to be 5 and d is calculated to be 77. Thus our KU is {5, 119} and our KR is {77, 119}. We can then pass the needed values through equation (1) to compute C. In this case C is 66. We could then decrypt C (66) to get back our original plain text. We pass the needed values through equation (2) and get 19, our original plaintext.

Note: To determine e and d, perform the following:

Calculate f(n) = (p - 1)(q - 1)
Choose e to be relatively prime to f(n) and less than f(n).
Determine d such that de = 1 mod f(n) and d < f(n).