1. Introduction to Algorithms Second Edition by
Cormen, Leiserson, Rivest & Stein
Chapter 31

2. Using the definition of multiplication modulo n, we define the multiplicative group modulo n as . The elements of this group are the set of elements in Zn that are relatively prime to n:

3. An example of such a group is
The size of is denoted (n). This function, known as Euler's phi function, satisfies the equation
where p runs over all the primes dividing n (including n itself)

4. For example, since the prime divisors of 45 are 3 and 5,

5. The RSA cryptosystem-(1)
The RSA system, named after its inventors Ron Rivest, Adi Shamir, and Len Adleman, was the first public-key cryptosystem and is still most important
Its security is closely related to the difficulty of finding the factorization of a composite integer that is the product of two large primes

6. The RSA cryptosystem-(2)
We explain how Bob generates his private and public RSA keys
n=pq, where p, q are randomly and independently two large prime numbers
Bob also chooses an integer e with 1<e<(n)=(p-1)(q-1) and gcd(e, (n))=1
Bob computes an integer d with 1<d<(n)=(p-1)(q-1) and de=1 mod (p-1)(q-1), since gcd(e, (p-1)(q-1))=1, such a number d exists

7. The RSA cryptosystem-(3)
Bob’s public key is the pair (n,e), his private key is d
The number n is called the RSA modulus, e is called the encryption exponent, and d is called the decryption exponent

8. The RSA cryptosystem-(4)
Encryption: A plaintext m is encrypted by computing c=me mod n, 0m<n
The ciphertext is c, if Alice knows the public key (n,e), she can encrypt efficient

9. The RSA cryptosystem-(5)
Decryption: The decryption of RSA is based on the following theorem: (me)d mod n =m for any integer m with 0m<n
Proof: since ed=1 mod (p-1)(q-1), there is an integer l with ed=1+l(p-1)(q-1)
Therefore (me)d=med=m1+l(p-1)(q-1)=m(m(p-1)(q-1))l
It follows that med=m(m(p-1))(q-1)l=m mod p
Analogously, we see that (me)d=m mod q
Because p and q are distinct prime numbers, we obtain (me)d=m mod n
The assertion follows form the fact that 0m<n

10. The RSA cryptosystem-(6)
Example:
Bob choose p=11 and q=23, then n=pq=253 and (p-1)(q-1)=220, the smallest possible e is 3, then d=147
We know the plaintext space is {0,1,…,252}, encrypting m=165, we obtain 1653 mod 253=110
Then mod 253=165

11. The RSA cryptosystem-(7)
Security of the secret
We show that computing d from (n,e) is as difficult as finding the prime factors p and q of n
There is no proof that factoring RSA modules is difficult, however, if the factor p and q of the RSA module n are sufficiently large, then nobody yet knows how to factor n

12. Powers of an element
Just as it is natural to consider the multiples of a given element a, modulo n, it is often natural to consider the sequence of powers of a, modulo n, where :
a0,a1,a2,a3,... ,
modulo n. Indexing from 0, the 0th value in this sequence is a0 mod n = 1, and the ith value is ai mod n.

13. Example . For example, the powers of 3 modulo 7 arei
3imod

14. Theorem(Euler)
For any integer n > 1,

15. Theorem(Fermat)
If p is prime, then