WifiCIDR Blog (Posts about rsa)https://blog.wificidr.net/enFri, 22 Dec 2023 16:15:04 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rssThe RSA Algorithmhttps://blog.wificidr.net/posts/the-rsa-algorithm/Daniel Justice<div class="cell border-box-sizing text_cell rendered" id="cell-id=f2bda544"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h2 id="The-RSA-Algorithm">The RSA Algorithm<a class="anchor-link" href="https://blog.wificidr.net/posts/the-rsa-algorithm/#The-RSA-Algorithm">¶</a></h2><p>Ron Rivest, Adi Shamir and Leonard Adleman shared their encryption scheme with the world in 1977.
The algorithm that bears their name was independently discovered by the British GCHQ a few years ealier, but they deemed it too sensitive to share with the world.
This is another great example of <a href="https://www.math.fsu.edu/~wxm/Arnold.htm">Arnold's Principle</a>.
My goal is to finally work through an example of the full algorithm.
Please see my previous three posts on the subject if you need more details on the individual steps.
I am not picking on this article in particular; it just happens to be the most recent one I have read.
Most articles on the topic involve quite a bit of hand waving as in
<a href="https://pagedout.institute/download/PagedOut_003_beta1.p">Beyond The
Illusion -Breaking RSA Encryption</a> by
<a href="https://www.divd.nl/people/Max%20van%20der%20Horst/">Max Van Der Horst</a>.
They are absolutely correct in asserting that you should not roll your own cryptography, but I hope to explain the steps with a bit more clarity.
At a high level, RSA isn't the most complicated algorithm in the world, but breaking it is non-trivial.
It would not be so ubiquitous otherwise.</p>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=415fdb4e-00d7-4d5c-b148-ff0d692c96d2"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h3 id="Key-selection">Key selection<a class="anchor-link" href="https://blog.wificidr.net/posts/the-rsa-algorithm/#Key-selection">¶</a></h3><ol>
<li>The receiver chooses two prime numbers $p$ and $q$ and calculates their product $N$.</li>
<li>Compute $\phi(N)$. Since $N$ is the product of two primes, $\phi(N) = (p − 1)(q − 1)$.</li>
<li>Choose a number $e$ that is relatively prime to both $N$ and $\phi(N)$. 65,537 is frequently used due to its <a href="https://brilliant.org/wiki/rsa-encryption/">desirable binary properties</a>.</li>
<li>$(e, N)$ is the public key.</li>
<li>Calculate the <a href="https://blog.wificidr.net/posts/the-modular-inverse/">modular inverse</a> $d$ of $e$ $(\pmod \phi(N))$. $(d, N)$ is the private key.</li>
</ol>
<h4 id="Key-selection---example">Key selection - example<a class="anchor-link" href="https://blog.wificidr.net/posts/the-rsa-algorithm/#Key-selection---example">¶</a></h4><ol>
<li>Choose $p = 331$ and $q = 283$. Compute $N = 331 · 283 = 93673$.</li>
<li>Compute $\phi(N) = (p − 1)(q − 1) = 330 \cdot 282 = 93060$.</li>
<li>Choose $e = 307$.</li>
<li>$(307, 93673)$ is the public key.</li>
<li>Calculate the modular inverse $d$ of $307 (\pmod \phi(93673)) = 307 (\pmod 93060) = 73963$.</li>
</ol>
<p>This step is demonstrated using the <a href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/">Extended Euclidean Algorithm</a> that I wrote about previously.
$(73963, 93673)$ is the private key where the first value is the modular inverse d and the second is the product N computed in step 1.</p>
<h3 id="Message-Encryption-and-Decryption">Message Encryption and Decryption<a class="anchor-link" href="https://blog.wificidr.net/posts/the-rsa-algorithm/#Message-Encryption-and-Decryption">¶</a></h3><p>Let's encrypt "ET TU, BRUTE".
As a side note, real-world implmentations encrypt/decrypt blocks of bytes, not a character at a time.
Begin by converting the letters to numbers using a simple map where A=0, B=1, ..., Z=25.
This results in $[4, 19, 26, 19, 20, 27, 26, 1, 17, 20, 19, 4]$.
Using the public key $(307, 93673)$, compute $c^{307} (\pmod 93673)$ for each character.
These numbers can be quite large, so be mindful of the limitations of the software you are using as many programming languages fail to warn of overflow errors.
Python has native support for large integers which makes this calculation easy to perform without precision issues.</p>
</div>
</div>
</div>
<div class="cell border-box-sizing code_cell rendered" id="cell-id=b80c7681-48d5-4509-9326-d2252a461e93">
<div class="input">
<div class="prompt input_prompt">In [1]:</div>
<div class="inner_cell">
<div class="input_area">
<div class="highlight hl-ipython3"><pre><span></span><span class="n">et_tu</span> <span class="o">=</span> <span class="p">[</span><span class="mi">4</span> <span class="p">,</span> <span class="mi">19</span> <span class="p">,</span> <span class="mi">26</span> <span class="p">,</span> <span class="mi">19</span> <span class="p">,</span> <span class="mi">20</span> <span class="p">,</span> <span class="mi">27</span> <span class="p">,</span> <span class="mi">26</span> <span class="p">,</span> <span class="mi">1</span> <span class="p">,</span> <span class="mi">17</span> <span class="p">,</span> <span class="mi">20</span> <span class="p">,</span> <span class="mi">19</span> <span class="p">,</span> <span class="mi">4</span><span class="p">]</span>
<span class="n">ciph</span> <span class="o">=</span> <span class="nb">list</span> <span class="p">(</span><span class="nb">map</span> <span class="p">(</span><span class="k">lambda</span> <span class="n">n</span><span class="p">:</span> <span class="nb">pow</span> <span class="p">(</span><span class="n">n</span> <span class="p">,</span> <span class="mi">307</span> <span class="p">,</span> <span class="mi">93673</span><span class="p">)</span> <span class="p">,</span> <span class="n">et_tu</span> <span class="p">))</span>
<span class="nb">print</span><span class="p">(</span><span class="n">ciph</span><span class="p">)</span>
</pre></div>
</div>
</div>
</div>
<div class="output_wrapper">
<div class="output">
<div class="output_area">
<div class="prompt"></div>
<div class="output_subarea output_stream output_stdout output_text">
<pre>[43857, 26421, 21480, 26421, 44114, 11186, 21480, 1, 54440, 44114, 26421, 43857]
</pre>
</div>
</div>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=67ae7b71-5114-499c-921f-a7e65f4e47e2"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<p>These are the integers that someone would send over an insecure medium to the receiver.
On the other end, the receiver uses the private key $(73963, 93673)$ to compute $i^{73963} (\pmod 93673)$ for each integer received.</p>
</div>
</div>
</div>
<div class="cell border-box-sizing code_cell rendered" id="cell-id=8717122e-dbd1-4b8c-b454-6d0aac627b3e">
<div class="input">
<div class="prompt input_prompt">In [2]:</div>
<div class="inner_cell">
<div class="input_area">
<div class="highlight hl-ipython3"><pre><span></span><span class="n">msg</span> <span class="o">=</span> <span class="nb">list</span> <span class="p">(</span><span class="nb">map</span><span class="p">(</span> <span class="k">lambda</span> <span class="n">n</span><span class="p">:</span> <span class="nb">pow</span> <span class="p">(</span><span class="n">n</span> <span class="p">,</span> <span class="mi">73963</span> <span class="p">)</span> <span class="o">%</span> <span class="mi">93673</span> <span class="p">,</span> <span class="n">ciph</span><span class="p">))</span>
<span class="nb">print</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span>
</pre></div>
</div>
</div>
</div>
<div class="output_wrapper">
<div class="output">
<div class="output_area">
<div class="prompt"></div>
<div class="output_subarea output_stream output_stdout output_text">
<pre>[4, 19, 26, 19, 20, 27, 26, 1, 17, 20, 19, 4]
</pre>
</div>
</div>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=5796b5b8-00a5-4645-be9e-4675f684f78f"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<p>A simple review quickly validates that this is indeed our original message!
It is worth highlighting once more that the private key is never shared.
The RSA algorithm is not paricularly fast, especially for handheld devices like cellular phones.
It is typically used to exchange a <a href="https://www.cloudflare.com/learning/ssl/what-is-a-session-key/">randomly generated key</a> that is unique to each HTTPS session between a client and server.
The remainder of the data can be sent using much faster symmetric encryption schemes using session keys.</p>
<h3 id="Intermezzo---Multiplying-Large-Integers">Intermezzo - Multiplying Large Integers<a class="anchor-link" href="https://blog.wificidr.net/posts/the-rsa-algorithm/#Intermezzo---Multiplying-Large-Integers">¶</a></h3><p>The encryption and decryption steps of the RSA Algorithm require computing the products of very large integers.
93,673 only requires 17 bits of storage, or less than 3 bytes.
What about a number such as $26^{93673}$?
The Python programming language will gladly attempt to compute it and succeeds on a modern laptop.</p>
<div class="highlight"><pre><span></span><span class="o">>>></span> <span class="nb">pow</span><span class="p">(</span><span class="mi">26</span><span class="p">,</span> <span class="mi">93673</span><span class="p">)</span><span class="o">.</span><span class="n">bit_length</span><span class="p">()</span>
<span class="mi">440305</span>
</pre></div>
<p>That is a massive number over 134,000 digits long!
Thankfully, this particular result is not needed, but the result modulus another number.
For example, using a number easily computed by hand, what is $26^{307}\pmod{47}$?
Start by converting the exponent to binary.
307 in base-2 is equal to 100110011.
Exponentiation works in $\mathbb{Z}_n$ because of the properties listed earlier.
An exponent is simply repeated multiplication.
If $b \equiv a^x \pmod{n}$ and $c\equiv a^y\pmod{n}$, then $bc \equiv a^{x+y}\pmod{n}$.
$$
\begin{aligned}
26^{307} &= 26^{2^0+2^1+2^4+2^5+2^8} \\
&\equiv 307^{2^0}+307^{2^1}+307^{2^4}+307^{2^5}+307^{2^8}\pmod{47} \\
\end{aligned}
$$
Calculate $2^i$ where $i=0, 1, 4, 5, 8$.
$$26^{2^1}=676\equiv18 \pmod{47}$$
This can be squared to find $26^{2^2}\pmod{47}$.
$$\begin{aligned}
26^{2^2}&\equiv (26^{2^1})^2\pmod{47} \\
&\equiv (18)^2\pmod{47} \\
&\equiv 324\pmod{47} \\
&\equiv 42\pmod{47} \\
\end{aligned}$$
Use the fact that $(a^{2^n})^2\equiv a^{2\cdot2^n}\equiv a^{2^{n+1}}\pmod{n}$ \parencite{abstract}.
$$\begin{aligned}
26^{2^4}&\equiv 14\pmod{47} \\
26^{2^5}&\equiv 8\pmod{47} \\
26^{2^8}&\equiv 2\pmod{47} \\
26^{307}&\equiv 26*18*14*8*2 \pmod{47}\\
&\equiv 104832 \pmod{47}\\
&\equiv 22 \pmod{47}\\
\end{aligned}$$</p>
<p>Other than speed, this method saves memory as well since the largest number the computer must store is $2\log_2{exp}$ bits.
In general, an $n$-bit number multiplied by an $n$-bit number is $2n$-bits long.
There are two approaches known as left-to-right (LR) and right-to-left (RL) depending on the direction that the bits of the exponent are scanned.
The method above uses the RL method, but <a href="https://cetinkayakoc.net/docs/r02.pdf">LR is more common in hardware implementations</a> of the calculation.</p>
<h3 id="Euler%E2%80%99s-theorem">Euler’s theorem<a class="anchor-link" href="https://blog.wificidr.net/posts/the-rsa-algorithm/#Euler%E2%80%99s-theorem">¶</a></h3><p>The RSA algorithm works because of Euler’s theorem.
This is consistently the most hand-wavy aspect of most articles I read on this subject.
It appears magical, but it's a beautiful result in mathematics if you dig into it a bit!</p>
<h4 id="Theorem">Theorem<a class="anchor-link" href="https://blog.wificidr.net/posts/the-rsa-algorithm/#Theorem">¶</a></h4><p>Let $a$ and $n$ be integers such that $n > 0$ and $gcd(a, n) = 1$.
Then $a^{\phi(n)} \equiv 1 (\pmod n)$.</p>
<p>Recall that step 5 of the key selection requires finding</p>
$$td\equiv 1\pmod{\phi(N)}.$$<p>Using the definition of <a href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/">modular congruence</a>,</p>
$$td = 1 + k\cdot \phi(N)$$<p>for some integer $k$.
The message is encrypted by finding $a^t \pmod{N}$ and decrypted by raising the encrypted message to the power of $d\pmod{N}$.</p>
$$(a^t)^d \pmod{N}$$<p>This gives back $a$, the original message.</p>
$$\begin{aligned}
(a^t)^d &= a^{td} \\
&= a^{1+k\cdot\phi(N)} \\
&= a\cdot \left( a^{\phi(N)} \right)^k \\
&\equiv a\cdot1^k \\
&\equiv a\pmod{N} \\
\end{aligned}$$<p>Euler's theorem may appear a bit magical at first.
Consider the Caley table of integers $\pmod{9}$.</p>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=e550e20c-ca6c-4dca-8f11-fac29a5b184e"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<p><img alt="Caley table" src="https://blog.wificidr.net/images/caley.png"></p>
<p>Take note of the entries with a value of 1.
These only occur when a number is coprime with 9.
The number of 1 entries in the Caley table is the same value as $\phi(n)$.
For example, 11 is coprime with 9.</p>
$$\begin{aligned}
2 \equiv 11 \pmod{9} \\
11^2 \equiv 4 \pmod{9} \\
11^3 \equiv 8 \pmod{9} \\
11^4 \equiv 7 \pmod{9} \\
11^5 \equiv 5 \pmod{9} \\
11^6 \equiv 1 \pmod{9} \\
\end{aligned}$$<p>This process works the same even if you start with a value of 2.
Increasing the power will always work towards a value of 1 as long as the GCD of $a$ and $n$ is 1.</p>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=88fb48e4-a454-4477-9b18-154aaae2faa0"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h3 id="Conclusion">Conclusion<a class="anchor-link" href="https://blog.wificidr.net/posts/the-rsa-algorithm/#Conclusion">¶</a></h3><p>I hope my previous writing on this subject coupled with this explanation will give you a better idea of how RSA works under the hood.
I think it rests on a beautiful set of results in mathematics, and the genius of the original creators is how they crafted these ideas into a useful protocol.
Quantum computing has already made an impact on cryptography, but I trust this algorithm will be around for many more years as we transition to new, post-quantum technologies.</p>
</div>
</div>
</div>mathrsahttps://blog.wificidr.net/posts/the-rsa-algorithm/Wed, 20 Dec 2023 00:26:05 GMTThe Modular Inversehttps://blog.wificidr.net/posts/the-modular-inverse/Daniel Justice<div class="cell border-box-sizing text_cell rendered" id="cell-id=9b40912a"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h2 id="The-Modular-Inverse">The Modular Inverse<a class="anchor-link" href="https://blog.wificidr.net/posts/the-modular-inverse/#The-Modular-Inverse">¶</a></h2><p>This is the third post in my short series on the RSA algorithm.
We met most of the cast of characters used in the algorithm in the <a href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/">last post</a>.
Prime numbers, Euclid's algorithm, Bézout's identity, and of course, one of Euler's identities come together to form the foundation of our work.
The last detail is the modular inverse.
Conceptually, the idea is straightforward, but I feel many articles on RSA don't give it the attention it deserves.</p>
<h3 id="Identities">Identities<a class="anchor-link" href="https://blog.wificidr.net/posts/the-modular-inverse/#Identities">¶</a></h3><p>Many operations paired with sets have an element known as the identity element.
This should be a familiar idea even if you haven't seen the formal definition.</p>
<ul>
<li>0 is the identity of the set $\mathbb{R}$ and the operation of addition. 42 + 0 = 42</li>
<li>1 is the identity of the set $\mathbb{R}$ and the operation of multiplication. 42 * 1 = 42</li>
<li>[] is the identity of list concatenation. [40, 41, 42] + [] = [40, 41, 42]</li>
</ul>
<p>Can you think of other examples?
What about the identity of a 3x3 matrix?</p>
$$\begin{bmatrix}
42 & 99 & 2\\
0 & -35 & 12\\
4 & 2 & 8
\end{bmatrix} \cdot
\begin{bmatrix}
1 & 0 & 0\\
0 & 1 & 0\\
0 & 0 & 1
\end{bmatrix} =
\begin{bmatrix}
42 & 99 & 2\\
0 & -35 & 12\\
4 & 2 & 8
\end{bmatrix}$$<h3 id="Inverses">Inverses<a class="anchor-link" href="https://blog.wificidr.net/posts/the-modular-inverse/#Inverses">¶</a></h3><p>Informally, and inverse simply "undoes" an operation.
Specifically, we are interested in an element that gives us back the identity.</p>
<ul>
<li>$42 + -42 = 0$</li>
<li>$42 \cdot \frac{1}{42} = 1$</li>
</ul>
<p>This works for matrices as well, but keep in mind that not all matrices have an inverse!</p>
$$\begin{bmatrix}
42 & 99 & 2\\
0 & -35 & 12\\
4 & 2 & 8
\end{bmatrix} \cdot
\begin{bmatrix}
\frac{38}{967} & \frac{197}{1934} & \frac{-629}{3868}\\
\frac{-6}{967} & \frac{-41}{967} & \frac{63}{967}\\
\frac{-35}{1934} & \frac{-39}{967} & \frac{735}{3868}
\end{bmatrix} =
\begin{bmatrix}
1 & 0 & 0\\
0 & 1 & 0\\
0 & 0 & 1
\end{bmatrix}$$<h4 id="Put-the-modular-in-the-inverse">Put the modular in the inverse<a class="anchor-link" href="https://blog.wificidr.net/posts/the-modular-inverse/#Put-the-modular-in-the-inverse">¶</a></h4><p>Consider a multiplication table for $\pmod 9$ (excluding 0).</p>
$$\begin{array}{c|c|c|c|c|c|c|c|c|}
& 1 & 2 & 3 & 4 & 5 & 6 & 7 & 8 \\
\hline
1 & 1 & 2 & 3 & 4 & 5 & 6 & 7 & 8 \\
\hline
2 & 2 & 4 & 6 & 8 & 1 & 3 & 5 & 7 \\
\hline
3 & 3 & 6 & 0 & 3 & 6 & 0 & 3 & 6 \\
\hline
4 & 4 & 8 & 3 & 7 & 2 & 6 & 1 & 5 \\
\hline
5 & 5 & 1 & 6 & 2 & 7 & 3 & 8 & 4 \\
\hline
6 & 6 & 3 & 0 & 6 & 3 & 0 & 6 & 3 \\
\hline
7 & 7 & 5 & 3 & 1 & 8 & 6 & 4 & 2 \\
\hline
8 & 8 & 7 & 6 & 5 & 4 & 3 & 2 & 1 \\
\hline
\end{array}$$<p>A quick inspection will reveal that 1 is indeed the identity element for integers and the multiplication operation.
Our intuition is preserved! 😅
As I noted earlier, not all matrices have an inverse.
Likewise, not all integers have a modular inverse.
Inspect the table closely; can you figure out which numbers <strong>do not</strong> have an inverse and why?</p>
<p>The integers < 9 that are coprime with 9 and their <em>modular inverse</em>:</p>
<ul>
<li>$8 * 8 \pmod{9} = 1$, 8 is the modular inverse of of 8 in $\pmod{9}$</li>
<li>$7 * 4 \pmod{9} = 1$, 4 is the modular inverse of of 7 in $\pmod{9}$</li>
<li>$5 * 2 \pmod{9} = 1$, 2 is the modular inverse of of 5 in $\pmod{9}$</li>
<li>$4 * 7 \pmod{9} = 1$, 7 is the modular inverse of of 4 in $\pmod{9}$</li>
<li>$2 * 5 \pmod{9} = 1$, 5 is the modular inverse of of 2 in $\pmod{9}$</li>
<li>$1 * 1 \pmod{9} = 1$, 1 is the modular inverse of of 1 in $\pmod{9}$</li>
</ul>
<h5 id="Seeking-intuition">Seeking intuition<a class="anchor-link" href="https://blog.wificidr.net/posts/the-modular-inverse/#Seeking-intuition">¶</a></h5><p>Given two integers $A$ and $B$, $A$ has a modular inverse in $\pmod{B}$ <em>if and only if A is coprime with B</em>.</p>
<p>Here is how I think about it.
Consider $4 \pmod{9}$.
You can start at <strong>any</strong> number and count by multiples of 4.
In $\pmod{9}$, you are guaranteed to hit 1 at some point!</p>
<ul>
<li>Start with 30</li>
<li>$30 \pmod{9} = 3$</li>
<li>count by 4's</li>
<li>$34 \pmod{9} = 7$</li>
<li>$38 \pmod{9} = 2$</li>
<li>$42 \pmod{9} = 6$</li>
<li>$46 \pmod{9} = 1$</li>
</ul>
<p>Can you think of a way to determine the number of steps needed?
I covered that in the last post, and it involves Euclid's algorithm and Bézout's identity.</p>
<h3 id="Revisiting-B%C3%A9zout-and-Euclid">Revisiting Bézout and Euclid<a class="anchor-link" href="https://blog.wificidr.net/posts/the-modular-inverse/#Revisiting-B%C3%A9zout-and-Euclid">¶</a></h3><p>Bézout's identity states:</p>
<ul>
<li>If $a$ and $b$ are positive integers, then there exist integers $k$ and $l$ such that $\gcd(a,b)=ak+bl$</li>
</ul>
<p>If $a$ and $b$ are chosen so that their $\gcd = 1$, then we want to find some integers $k$ and $l$ where $1=ak+bl$.
This is done using Euclid's algorithm as described in the <a href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/">previous post</a>.</p>
<h3 id="Conclusion">Conclusion<a class="anchor-link" href="https://blog.wificidr.net/posts/the-modular-inverse/#Conclusion">¶</a></h3><p>I hope this brief discussion clears some of the ideas around the modular inverse.
What we are trying to accomplish is given some value, scale it up in a modular space, then be able to get back to where we started.
Kind of sounds like an encryption scheme, doesn't it? 😁
In my next post in this series, I will finally describe the actual RSA algorithm and how all of these pieces fit together.</p>
</div>
</div>
</div>mathrsahttps://blog.wificidr.net/posts/the-modular-inverse/Wed, 20 Sep 2023 19:46:01 GMTPrime numbers, the Extended Euclidean Algorithm, and the GCDhttps://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/Daniel Justice<div class="cell border-box-sizing text_cell rendered" id="cell-id=29ea443c"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h2 id="Prime-Numbers,-the-Extended-Euclidean-Algorithm,-and-the-GCD">Prime Numbers, the Extended Euclidean Algorithm, and the GCD<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Prime-Numbers,-the-Extended-Euclidean-Algorithm,-and-the-GCD">¶</a></h2><p>This is the second post in a short series on the RSA algorithm.
The first post was an overview of modular arithmetic, and this article will attempt to cover a few more ideas needed before we dig into the weeds of the algorithm.
It may seem like I am jumping around a bit, but I think this highlights the brilliance of Rivest, Shamir, and Adleman.
They were able to compose an algorithm from pieces that may not seem immediately related to one another.</p>
<h3 id="A-note-on-studying">A note on studying<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#A-note-on-studying">¶</a></h3><p>I skipped some important points in the last article hoping to spark a few people's interest.
I will continue with the goal of keeping the writing light, but we do have to work with a few important theorems and definitions along the way.
Some of the best math advice I ever heard or read is that whenever you are faced with a Definition or a Theorem, stop what you are doing and write down some examples!
"The Math Sorcerer" has a great video about self-study on <a href="https://youtu.be/fb_v5Bc8PSk">YouTube</a>.</p>
<h3 id="More-review">More review<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#More-review">¶</a></h3><p>Formally speaking, the Division Algorithm is the basis of modular arithmetic.
This may feel pedantic, but the aim is to build our argument in small, clear steps.</p>
<h4 id="Definition:-Division-Algorithm">Definition: Division Algorithm<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Definition:-Division-Algorithm">¶</a></h4><p>For all integers $a$ and $m$ with $m>0$, there exist unique integers $q$ and $r$ such that
$$a=mq+r$$
where $0≤r<m$ (Cummings 2022).</p>
<p>A bar or "pipe" is used to mean divides.
For example, if you see $3|6$, this means that 3 divides 6.
A bar with a slash across it means doesn't divide.
$3\nmid 7$.
One integer divides another only if the remainder is zero.</p>
<h4 id="Theorem:-Modular-arithmetic">Theorem: Modular arithmetic<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Theorem:-Modular-arithmetic">¶</a></h4><p>For integers $a$,$r$, and $m$, it is said that $a$ is congruent to $r$ modulo $m$, and one writes $a \equiv r \pmod m$, if $m|(a−r)$ (Cummings 2022).</p>
<p>This concept should be familiar if you read my last article.
The new piece here is the idea of congruency.</p>
<h5 id="Equivalent,-but-not-equal">Equivalent, but not equal<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Equivalent,-but-not-equal">¶</a></h5><p>You will see the word "congruent" in almost any article about the mathematical machinery of the RSA algorithm.
We all know that 4 is not equal to 16.
But what about our $\pmod{12}$ number system?
We can exchange them in equations and get the same result.
This is what it means to be congruent.
In a modular system, we say that 4 is congruent to 16 in $\pmod{12}$.
This is a good point to stop and write down some examples of your own!</p>
<h3 id="Prime-numbers">Prime numbers<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Prime-numbers">¶</a></h3><p>I hope you aren't bored yet!
Number theory begins with many of the ideas you were taught about whole numbers as a child.
Prime numbers play a key role in RSA.
What does it mean to be prime?
Prime numbers are the "atoms" of the integers; they compose all other integers.
I have a bag of small wooden cubes that I have used when teaching my kids math.
A prime number is a number that can only be arranged in a line.
Composite numbers can be built as rectangles, squares or 3-dimensional combinations of squares and rectangles.</p>
<h5 id="Homework">Homework<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Homework">¶</a></h5><p>I leave prime factorization and a formal definition of primes as an exercise for the reader.
If you are a programmer, write an implementation of the <a href="https://mathworld.wolfram.com/SieveofEratosthenes.html">Sieve of Eratosthenes</a> in your favorite language.
Want an old-school challenge?
Write it in <a href="https://n8ta.com/projects/awk_intermediate.html"><code>awk</code></a>.</p>
<h3 id="GCD">GCD<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#GCD">¶</a></h3><h4 id="Theorem:-Greatest-common-divisor">Theorem: Greatest common divisor<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Theorem:-Greatest-common-divisor">¶</a></h4><p>Let $a$ and $b$ be integers. If $c|a$ and $c|b$ ,then $c$ is said to be a common divisor of $a$ and $b$.
The greatest common divisor of $a$ and $b$ is the largest integer $d$ such that $d|a$ and $d|b$.
This number is denoted $gcd(a,b)$ (Cummings 2022).</p>
<p>This should be more grade school maths.</p>
<ul>
<li>$\gcd(20, 24) = 4$</li>
<li>$\gcd(28, 35) = 7$</li>
</ul>
<h4 id="Co-prime-numbers">Co-prime numbers<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Co-prime-numbers">¶</a></h4><p>Two numbers are called "co-prime" if they only have 1 as a common divisor.
In other words, their GCD = 1.
Some examples of co-prime pairs:</p>
<ul>
<li>7, 13</li>
<li>24, 71</li>
<li>112341234120042, 112341234120043</li>
</ul>
<p>Take a look at that last one and notice that they differ by 1.
Take a moment and convince yourself that any two integers with a difference of 1 are co-prime.
Are you convinced?</p>
<h5 id="Homework">Homework<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Homework">¶</a></h5><p>Use this fact to explore one of the earliest proofs that there are an infinite number of primes!</p>
<h3 id="Euler's-totient-function">Euler's totient function<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Euler's-totient-function">¶</a></h3><p><img alt="Euler" src="https://upload.wikimedia.org/wikipedia/commons/thumb/6/60/Leonhard_Euler_2.jpg/384px-Leonhard_Euler_2.jpg" title="Euler"></p>
<p>This guy shows up everywhere in math, doesn't he?!</p>
<p>Euler's totient function is also known as the Euler $\phi$-function.
Don't let the names spook you away; the concept is straightforward.</p>
<p>We are interested in how many numbers are co-prime with a number.
This calls for examples.
Think of the function as the length of a list.</p>
<ul>
<li>$\phi(7) = 6$ because 1, 2, 3, 4, 5, 6 are co-prime with 7; $\gcd(7, 1..6) = 1$.</li>
</ul>
<p>$\phi$ of any prime number is equal to $p - 1$ by the definition of a prime number (you looked that up, earlier, right?).</p>
<ul>
<li>$\phi(11) = 10$</li>
<li>$\phi(65537) = 65536$, AKA $(2^{16} + 1)$ and $2^{16}$ for you programmers.</li>
</ul>
<p>Composite numbers are a little trickier.
We have to perform a prime factorization and eliminate numbers with <strong>any</strong> common factors $\ne$ 1 (because 1 is a divisor of all integers).</p>
<ul>
<li>$\phi(24) = 8$ because 1, 5, 7, 11, 13, 17, 19, 23 are co-prime with 24.</li>
</ul>
<p>Again, 8 is the length of this list.</p>
<p>This topic will be new to many of you without much college-level math, even former engineering students.
It is not horribly complicated at first sight, but my brain exploded when I saw it used in other formulas...
Spoiler alert, we will see it used in another formula!</p>
<h4 id="Prime-factorization">Prime factorization<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Prime-factorization">¶</a></h4><p>The strength of RSA depends solely on the ability to factor large numbers.
Quantum computers could theoretically provide a huge increase in our ability to factor these numbers, and efforts are underway by governments, academic institutions, and corporations to find replacement algorithms that are "post-quantum" safe.
If you want to know more about this, do a search for Peter Shor's algorithm.
The NIST (USA) has already chosen one key exchange suite called Kyber.
As of this writing, it has not been standardized, but companies such as <a href="https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html">Google</a> and <a href="https://cloudflare.net/news/news-details/2023/Cloudflare-Democratizes-Post-Quantum-Cryptography-By-Delivering-It-For-Free-By-Default/default.aspx">Cloudflare</a> are fast at work deploying it across their networks (articles linked in their names).
We don't have scalable quantum computers today, but there is a real threat that encrypted conversations recorded on the internet now could be decrypted in a decade or two.</p>
<h3 id="B%C3%A9zout's-identity">Bézout's identity<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#B%C3%A9zout's-identity">¶</a></h3><p><img alt="Étienne Bézout" src="https://mathshistory.st-andrews.ac.uk/Biographies/Bezout/Bezout_2.jpeg"></p>
<p>We need one more theorem before I wrap up with the Euclidean algorithm.
<strong>This theorem is very important to the inner machinery of RSA</strong>, so make sure you play with it and understand how it works.</p>
<h4 id="Theorem:-B%C3%A9zout's-identity">Theorem: Bézout's identity<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Theorem:-B%C3%A9zout's-identity">¶</a></h4><p>If $a$ and $b$ are positive integers, then there exist integers $k$ and $l$ such that $\gcd(a,b) =ak+bl$ (Cummings 2022).</p>
<p>Note that $k$ and $l$ aren't necessarily positive.
Given $\gcd(28, 35) = 7$, how do we find $k$ and $l$?
In this case, simple inspection tells us that $k=-1$ and $l=1$, thus</p>
$$\gcd(28, 35)=(-1)(28) + (1)(35) = 7$$<p>Do you think $k$ and $l$ are unique?
Existence and uniqueness questions appear frequently in the study of mathematics.</p>
<p>7 and 3 are prime, and $\gcd(7, 3) = 1$.</p>
$$\gcd(7, 3) = 1 = (-2)(3) + (1)(7)$$<p>Before going much further, I want to introduce Cayley tables.</p>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=5184351e"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h5 id="Cayley-tables">Cayley tables<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Cayley-tables">¶</a></h5><p>Recall addition and multiplication tables from grade school.
We can do the same thing in modular arithmetic systems.
Using the $\pmod{3}$ system, here is the addition table:</p>
<div style="text-align: center"> $a + b \pmod{3}$ </div>
<pre><code> | -7 | -6 | -5 | -4 | -3 | -2 | -1 | 0 | 1 | 2 | 3 | 4 |
+----+----+----+----+----+----+----+----+----+----+----+----+----+
-7 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 |
-6 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 |
-5 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 |
-4 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 |
-3 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 |
-2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 |
-1 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 |
0 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 |
1 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 |
2 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 |
3 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 |
4 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 |
</code></pre>
<p>And here is the multiplication table:</p>
<pre><code> | -7 | -6 | -5 | -4 | -3 | -2 | -1 | 0 | 1 | 2 | 3 | 4 |
+----+----+----+----+----+----+----+----+----+----+----+----+----+
-7 | 1 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 2 |
-6 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
-5 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 |
-4 | 1 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 2 |
-3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
-2 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 |
-1 | 1 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 2 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 |
2 | 1 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 2 |
3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
4 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 | 2 | 0 | 1 |
</code></pre>
<p>These can be quite useful in your study of the modular world, and they will make another appearance in the next aritcle.</p>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=ec77023c"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h4 id="Back-to-B%C3%A9zout">Back to Bézout<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Back-to-B%C3%A9zout">¶</a></h4><p>Do you notice any patterns in the previous tables?
It may not be immediately obvious that the tables are helpful, so I will provide an additional clue.
Consider a "clock" in $\pmod{3}$.</p>
<p><img alt="mod3" src="https://blog.wificidr.net/images/mod3.png"></p>
<p>Now take a tape with all the integers (positive and negative) written on it.
Center is at zero and wrap it around both ways.
Write this down on a piece of paper; do you see the result?
Pay special attention to where <em>multiples</em> of 7 land on the $\pmod{3}$ circle.</p>
<p>Again, Bézout tells us that there is a $k$ and $l$ that satisfies $\gcd(7, 3) =7k+3l$.
Multiples of 7 give us $k$, and corresponding multiple of 3 give us $l$.
I say corresponding because not every muliple of 3 will do.
Notice that it takes two "wraps" of our tape to hit a multiple of 7.</p>
<p><img alt="numline" src="https://blog.wificidr.net/images/numline.png"></p>
<p>Consider the sequence of differences between multiples of 7 and its nearest neighbor.
This results in the sequence</p>
$$[9−7, 15−14, 21−21, 30−28, 36−35, 42−42, 51−59, 57−56, . . .]$$<p>or</p>
$$[2, 1, 0, 2, 1, 0, 2, 1, . . .]$$<p>The pattern should be clear, and one knows it repeats because of the properties of modular arithmetic.</p>
<p>I hope this is starting to make a bit of sense now.
The symmetry of modular systems is fascinating to me, and I hope you have a better intuition of Bézout's identity.
This is a critical Theorem, and I feel like it gets overlooked in a lot of math books and articles.</p>
<h3 id="Extended-Euclidean-Algorithm">Extended Euclidean Algorithm<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Extended-Euclidean-Algorithm">¶</a></h3><p>I am not going to spend much time on this point because the method well-documented in books and across the web.
The mechanics of it should start to feel familiar by this point.
If not, create some examples of your own and work a couple problems (you should do it regardless!).</p>
<p>The table here follows the procedure <a href="https://www.math.cmu.edu/~bkell/21110-2010s/extended-euclidean.html">described by Brian Kell</a>.</p>
<p>Beginning with $a=93060$ and $b=307$, use the division algorithm to find the values $q$ and $r$.
$a$ and $b$ were chosen such that $\gcd(a,b) =1$.
Back-substitute $a$ and $b$ appropriately, and iterate until the remainder is zero.</p>
<style type="text/css">
tr:nth-child(even) {
background-color: #ECE1DE;
}
.thead { font-weight: bold; }
table, th, td {
border: 1px solid black;
border-collapse: collapse;
padding: 10px;
}
</style>
<table class="tg">
<thead>
<tr>
<td class="thead">c</td>
<td class="thead">d</td>
<td class="thead">q</td>
<td class="thead">r</td>
<td class="thead">out</td>
</tr>
</thead>
<tbody>
<tr>
<td class="tg-0lax">93060</td>
<td class="tg-0lax">307</td>
<td class="tg-0lax">303</td>
<td class="tg-0lax">39</td>
<td class="tg-0lax">39 = 93060 - (303)(307) = a - 303b</td>
</tr>
<tr>
<td class="tg-0lax">307</td>
<td class="tg-0lax">39</td>
<td class="tg-0lax">7</td>
<td class="tg-0lax">34</td>
<td class="tg-0lax">34= 307 - 397 = b - 7(a - 303b) = -7a + 2122b</td>
</tr>
<tr>
<td class="tg-0lax">39</td>
<td class="tg-0lax">34</td>
<td class="tg-0lax">1</td>
<td class="tg-0lax">5</td>
<td class="tg-0lax">5 = 39 - 34 = (a - 303b) - (-7a + 2122b) = 8a - 2425b</td>
</tr>
<tr>
<td class="tg-0lax">34</td>
<td class="tg-0lax">5</td>
<td class="tg-0lax">6</td>
<td class="tg-0lax">4</td>
<td class="tg-0lax">4 = 34 - 65 = (-7a + 2122b) - 6(8a - 2425b)</td>
</tr>
<tr>
<td class="tg-0lax">5</td>
<td class="tg-0lax">4</td>
<td class="tg-0lax">1</td>
<td class="tg-0lax">1</td>
<td class="tg-0lax">1 = 5 - 4 = (8a - 2425b) - (-55a + 161672b) = 63a - 19097b</td>
</tr>
</tbody>
</table>
<p>The last row gives us the values of $k$ and $l$ that can be plugged into Bézout's identity.</p>
$$\gcd(93060, 307) = 1 = 63(93060) + -19097(307)$$<h3 id="Wrapping-up">Wrapping up<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Wrapping-up">¶</a></h3><p>This article is quite a bit different than the <a href="https://blog.wificidr.net/posts/modular-arithmetic/">last one</a>, but we have to face the nitty-gritty details at some point.
I hope you are starting to see the connections between these three subjects even though you may be wondering where all this is going.
The next article will introduce the star of the show, the modular inverse!
Don't worry, there will be no surprises there if you can understand the ideas in this post.</p>
<h4 id="Resources">Resources<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Resources">¶</a></h4><p>The web is full of great articles, but I stare at a screen all day.
If you are interested in basic number theory and an absolutely incredible introduction to proofs, I highly recommend "Proofs: A Long-Form Mathematics Textbook" by Jay Cummings.
For my technology friends, Kenneth Rosen's "Discrete mathematics and its applications" has earned itself a permanent spot on my desk.
It covers the number theory used here as well as many other topics relevant to programmers.</p>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=e29b4ff0"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h3 id="References">References<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#References">¶</a></h3><ul>
<li>Cummings, J. (2021). Proofs: A Long-Form Mathematics Textbook.</li>
<li>Judson, T. (2021). Abstract algebra: Theory and Applications. Orthogonal Publishing L3c.</li>
<li>Kell, B. (2010). The extended euclidean algorithm. <a href="https://www.math.cmu.edu/~bkell/21110-2010s/extended-euclidean.html">https://www.math.cmu.edu/~bkell/21110-2010s/extended-euclidean.html</a></li>
<li>Rosen, K. (2011). Discrete mathematics and its applications. McGraw-Hill Education.</li>
</ul>
<h3 id="Photos">Photos<a class="anchor-link" href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/#Photos">¶</a></h3><ul>
<li>Euler portrait: <a href="https://commons.wikimedia.org/wiki/File:Leonhard_Euler_2.jpg">https://commons.wikimedia.org/wiki/File:Leonhard_Euler_2.jpg</a></li>
<li>Bézout portrait: <a href="https://mathshistory.st-andrews.ac.uk/Biographies/Bezout/">https://mathshistory.st-andrews.ac.uk/Biographies/Bezout/</a></li>
</ul>
</div>
</div>
</div>mathrsahttps://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/Sat, 12 Aug 2023 17:31:38 GMTModular arithmetichttps://blog.wificidr.net/posts/modular-arithmetic/Daniel Justice<div class="cell border-box-sizing text_cell rendered" id="cell-id=87a5ecbc"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h2 id="An-introduction-to-modular-arithmetic">An introduction to modular arithmetic<a class="anchor-link" href="https://blog.wificidr.net/posts/modular-arithmetic/#An-introduction-to-modular-arithmetic">¶</a></h2><p>Most of my tech-savvy peers have heard of the RSA algorithm or RSA certificates.
It is commonly used to generate ssh key pairs, for example.</p>
<div class="highlight"><pre><span></span>ssh-keygen<span class="w"> </span>-t<span class="w"> </span>rsa<span class="w"> </span>-f<span class="w"> </span>mykey
</pre></div>
<p>The command above produces two files, a private and public key.</p>
<div class="highlight"><pre><span></span>ll<span class="w"> </span>mykey*
.rw-------<span class="w"> </span><span class="m">2</span>.6k<span class="w"> </span>djustice<span class="w"> </span><span class="m">7</span><span class="w"> </span>Aug<span class="w"> </span><span class="m">18</span>:25<span class="w"> </span>mykey
.rw-r--r--<span class="w"> </span><span class="m">586</span><span class="w"> </span>djustice<span class="w"> </span><span class="m">7</span><span class="w"> </span>Aug<span class="w"> </span><span class="m">18</span>:25<span class="w"> </span>mykey.pub
</pre></div>
<p>You can share the public key, but the private key must be kept secure (also note the file permission differences).
Public means public, too!
You can see someone's public key on Github by appending <code>.keys</code> to their username.
It may respond with <code>ssh-rsa ...</code> or something else depending on the algorithm used to generate the key (EdDSA is common).</p>
<div class="highlight"><pre><span></span>curl<span class="w"> </span>https://github.com/some-user.keys
ssh-rsa<span class="w"> </span>lots-o-chars...
</pre></div>
<p>Many of us in the tech world have seen this base64-encoded soup daily, but have you ever peeked under the hood?
I think the RSA algorithm is one of the more tractable subjects in cryptography, and it opens the door to many other ideas in number theory.</p>
<p>The RSA algorithm works because of the properties of prime numbers and modular arithmetic.
I will start with the latter, and I hope to work the former into another post as I develop this topic.
My goal is to spark an interest, not to provide a rigorous discussion.
There is plenty of jargon to discuss, so please try to work through it.
There is a reason for many of these terms, and I will do my best to justify them as we go.</p>
<p>We will only be working with integers in this article, so think of the set of whole numbers from -∞ to ∞.
For example: {..., -3, -2, -1, 0, 1, 2, 3, ...}.
This set is known in mathematical circles as ℤ.
The symbol is used because it represents a precise idea in a compact space.</p>
<h3 id="Clock-arithmetic">Clock arithmetic<a class="anchor-link" href="https://blog.wificidr.net/posts/modular-arithmetic/#Clock-arithmetic">¶</a></h3><p>Some mathematicians don't like the clock metaphor for modular arithmetic, but I think it is a great starting point.
In my own experiences, I have had the most success explaining this subject to other people using clocks, and the comparison doesn't have any sharp edges that will confuse you later on.</p>
<p><img alt="wall clock" src="https://blog.wificidr.net/images/clock.jpg" title="wall clock"></p>
<p>Starting with a 12-hour wall clock, we will create a number system called "the integers modulus 12".
That is quite a bit to write several times in a row, so you will often see ℤ mod 12, or simply "mod 12".
This wouldn't be a techy post without some code!
The modulus function is essentially the remainder of division by some number; in the current case, 12.
Most programming languages perform the operation using the binary operator <code>%</code> (binary means it takes two arguments).</p>
</div>
</div>
</div>
<div class="cell border-box-sizing code_cell rendered" id="cell-id=b0b9eeb1">
<div class="input">
<div class="prompt input_prompt">In [1]:</div>
<div class="inner_cell">
<div class="input_area">
<div class="highlight hl-ipython3"><pre><span></span><span class="k">for</span> <span class="n">n</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">14</span><span class="p">):</span>
<span class="nb">print</span><span class="p">(</span><span class="s2">"The remainder of </span><span class="si">{n}</span><span class="s2"> divided by 12 is </span><span class="si">{r}</span><span class="s2">."</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">n</span><span class="o">=</span><span class="n">n</span><span class="p">,</span> <span class="n">r</span><span class="o">=</span><span class="n">n</span> <span class="o">%</span> <span class="mi">12</span><span class="p">))</span>
</pre></div>
</div>
</div>
</div>
<div class="output_wrapper">
<div class="output">
<div class="output_area">
<div class="prompt"></div>
<div class="output_subarea output_stream output_stdout output_text">
<pre>The remainder of 1 divided by 12 is 1.
The remainder of 2 divided by 12 is 2.
The remainder of 3 divided by 12 is 3.
The remainder of 4 divided by 12 is 4.
The remainder of 5 divided by 12 is 5.
The remainder of 6 divided by 12 is 6.
The remainder of 7 divided by 12 is 7.
The remainder of 8 divided by 12 is 8.
The remainder of 9 divided by 12 is 9.
The remainder of 10 divided by 12 is 10.
The remainder of 11 divided by 12 is 11.
The remainder of 12 divided by 12 is 0.
The remainder of 13 divided by 12 is 1.
</pre>
</div>
</div>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=933a1571"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<p>Those first few lines can trip people up.
Why is 1 the remainder of 1 divided by 12?
It is because <code>12 * 0 + 1 = 1</code>.
Pay close attention to the last few values.
The remainders don't continue to increment without bound, they roll over back to zero!</p>
<p>Okay, I will admit that it probably isn't that exciting.
Most of us should remember these facts from grade school.
Continuing our introduction (or refresher), do you recall that we can perform arithmetic in this number system?
Ask yourself, if the hour hand is on 5 right now, what time will it be in 37 hours?
The answer is</p>
<pre><code>(5 + 37) mod 12 = 42 mod 12 = 6 o'clock
</code></pre>
<p>Here is another way to think of it.
<code>37 mod 12 = 1</code> and <code>5 + 1 = 6</code>.
Is that a coincidence?
It is not!</p>
<p>What about multiplication; does that work in our modular system?
What does <code>5 * 9</code> hours equal?</p>
<pre><code>(5 * 9) mod 12 = 45 mod 12 = 9 o'clock
</code></pre>
<p>This may seem a bit contrived, but there are practical applications.
It is 2 o'clock when you start your delivery run.
You drive 3 hours north to the warehouse, then make 3, 3-hour round-trips to a remote depot and back.
What time do you return to the warehouse?</p>
<pre><code>[(2 + 3) + (3 * 3)] mod 12 = (5 + 9) mod 12 = 14 mod 12 = 2 mod 12 = 2
</code></pre>
<p>This is fairly basic number theory; things you most likely already know.
If we dig a bit deeper, an interesting structure emerges.</p>
<p><img alt="mod12" src="https://blog.wificidr.net/images/mod12.png" title="mod 12"></p>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=17f49147"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<p>Consider the numbers on the ray originating at 4.</p>
<pre><code>{..., -20, -8, 4, 16, 28, 40, ...}
</code></pre>
<p>When performing arithmetic in <code>mod 12</code>, we can substitute any of these numbers with each other and achieve the same result.
Mathematicians call this an <em>equivalence class</em>.
The terminology is necessary because we are trying to describe a precise idea.
Clearly, -20 and 40 are <strong>not</strong> equal to one another.
However, in the <code>mod 12</code> number system, they are equivalent when we perform computations.
This is typically written as <code>[4]</code> where</p>
<pre><code>[4] = {..., -20, -8, 4, 16, 28, 40, ...}
</code></pre>
<p>Each number <code>n</code> in this set is <em>related</em> to ℤ by <code>n mod 12 = 4</code>, or more compactly: <code>{n | n ∈ ℤ, n mod 12 = 4}</code>.</p>
<p>Look at a few more of these equivalence classes:</p>
<pre><code>[0] = {..., -24, -12, 0, 12, 24, 36, ...},
[1] = {..., -23, -11, 1, 13, 25, 37, ...},
[2] = {..., -22, -10, 2, 14, 26, 38, ...},
...
[11] = {..., -13, -1, 11, 23, 35, 47, ...}
</code></pre>
<p>Start at any column and make your way down subtracting 1 each time.
When you get to the bottom, move one column to the right.
Notice anything interesting?
Every single number in ℤ is represented in one of these... partitions.
Division already has a definition in mathematics, so we will use the phrase <em>partition</em> to describe these collections of numbers.
The really neat part is that this system of partitions representing all the integers works in <em>any</em> modular base!
My teenage son who has no use for math even admitted that this is pretty cool, so put that in your pipe and smoke it!</p>
<h3 id="Homework">Homework<a class="anchor-link" href="https://blog.wificidr.net/posts/modular-arithmetic/#Homework">¶</a></h3><p>This wouldn't be an article on math without some homework.
Use your favorite search engine and read about the Caesar cipher.
Write an implementation in your favorite language and see if your friends can break it.
Just don't send it to me; I am terrible at cryptography.
😂
You can strengthen the cipher by using a random permutation of the alphabet, but both ends of the conversation must use the same permutation.
This is still susceptible to frequency attacks, so don't use it to send GPG keys over the internet.</p>
<h3 id="Next-steps">Next steps<a class="anchor-link" href="https://blog.wificidr.net/posts/modular-arithmetic/#Next-steps">¶</a></h3><p>This subject is inspired by the work I did on my research paper to earn my B.S. in Applied Mathematics.
My plan is to translate it in a way that will be consumable by most programmers (really anyone) who have a little bit of mathematics background.</p>
<p>If I don't get hit by a bus, I hope to write:</p>
<ul>
<li><a href="https://blog.wificidr.net/posts/prime-numbers-the-extended-euclidean-algorithm-and-the-gcd/">Prime numbers, the Extended Euclidean Algorithm, and the GCD</a>.</li>
<li><a href="https://blog.wificidr.net/posts/the-modular-inverse/">The Modular Inverse, an attempt to explain it without hand-waving</a>.</li>
<li>How RSA works (the math, not the code).</li>
</ul>
<p>I am going to provide a detailed guide, but it is up to the reader to sit down and draw their own conclusions about how these things work.
Math is not a spectator sport!</p>
</div>
</div>
</div>
<div class="cell border-box-sizing text_cell rendered" id="cell-id=d613bccc"><div class="prompt input_prompt">
</div><div class="inner_cell">
<div class="text_cell_render border-box-sizing rendered_html">
<h3 id="References">References<a class="anchor-link" href="https://blog.wificidr.net/posts/modular-arithmetic/#References">¶</a></h3><p>Clock photo: <a href="https://commons.wikimedia.org/wiki/File:B_%26_HB_Kent_Pocket_Watch_(52584138758).jpg">https://commons.wikimedia.org/wiki/File:B_%26_HB_Kent_Pocket_Watch_(52584138758).jpg</a></p>
</div>
</div>
</div>mathrsahttps://blog.wificidr.net/posts/modular-arithmetic/Mon, 31 Jul 2023 23:42:56 GMT