Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
duyuefeng0708
GitHub Repository: duyuefeng0708/Cryptography-From-First-Principle
 Path: blob/main/foundations/01-modular-arithmetic-groups/connect/rsa-key-generation.ipynb
483 views
unlisted
Kernel: SageMath 10.0

Connect: RSA Key Generation

Module 01 | Real-World Connections

Every concept from this module shows up in RSA. Here's exactly where.

Introduction

You've learned about modular arithmetic, groups, generators, subgroups, and Lagrange's theorem. RSA uses all of these. Let's trace the connections.

(Z/nZ)(\mathbb{Z}/n\mathbb{Z})^* Is the RSA Group

RSA operates in the multiplicative group of units modulo n=pqn = pq, where pp and qq are distinct primes. This is exactly the group (Z/nZ)(\mathbb{Z}/n\mathbb{Z})^* that we studied in Module 01 --- the set of integers from 11 to n1n-1 that are coprime to nn, under multiplication.

# RSA setup: pick two primes
p, q = 61, 53
n = p * q
print(f'RSA modulus n = {p} * {q} = {n}')
print(f'The RSA group is (Z/{n}Z)*, the units mod n')
print(f'Group size: phi({n}) = {euler_phi(n)}')
print(f'Manual: ({p}-1)*({q}-1) = {(p-1)*(q-1)}')

φ(n)\varphi(n) = Group Size --- The Secret at the Heart of RSA

The order of the RSA group is φ(n)=(p1)(q1)\varphi(n) = (p-1)(q-1).

This is the secret. Anyone can know nn (it's public), but computing φ(n)\varphi(n) requires knowing the factorization n=pqn = pq. Without φ(n)\varphi(n), you cannot compute the private key.

This is why RSA security reduces to the hardness of integer factorization: if you can factor nn, you learn pp and qq, compute φ(n)=(p1)(q1)\varphi(n) = (p-1)(q-1), and recover the private key.

Key Generation

The key generation algorithm:

  1. Choose ee coprime to φ(n)\varphi(n) --- this uses gcd from Module 01.

  2. Compute d=e1modφ(n)d = e^{-1} \bmod \varphi(n) --- this is a modular inverse, which exists precisely because gcd(e,φ(n))=1\gcd(e, \varphi(n)) = 1.

phi_n = (p-1) * (q-1)
e = 17  # public exponent, must be coprime to phi_n
assert gcd(e, phi_n) == 1
d = inverse_mod(e, phi_n)  # private exponent
print(f'Public key:  (n={n}, e={e})')
print(f'Private key: d={d}')
print(f'Verification: e*d mod phi(n) = {(e*d) % phi_n}')

Encryption and Decryption

  • Encrypt: c=memodnc = m^e \bmod n

  • Decrypt: m=cdmodnm = c^d \bmod n

Both operations are modular exponentiation --- the same power_mod we used throughout Module 01.

m = 65  # message (must be < n)
c = power_mod(m, e, n)  # encrypt
m_recovered = power_mod(c, d, n)  # decrypt
print(f'Message:    m = {m}')
print(f'Ciphertext: c = m^e mod n = {c}')
print(f'Decrypted:  c^d mod n = {m_recovered}')
print(f'Success: {m == m_recovered}')

Why It Works: Euler's Theorem

Decryption works because of Euler's theorem, which says that for any unit a(Z/nZ)a \in (\mathbb{Z}/n\mathbb{Z})^*:

aφ(n)1(modn)a^{\varphi(n)} \equiv 1 \pmod{n}

Since ed1(modφ(n))ed \equiv 1 \pmod{\varphi(n)}, we can write ed=1+kφ(n)ed = 1 + k\varphi(n) for some integer kk. Then:

cd=(me)d=med=m1+kφ(n)=m(mφ(n))k=m1k=mc^d = (m^e)^d = m^{ed} = m^{1 + k\varphi(n)} = m \cdot (m^{\varphi(n)})^k = m \cdot 1^k = m

This is exactly Lagrange's theorem in action: every element of a group, raised to the order of the group, gives the identity.

# Verify Euler's theorem directly
a = 42  # arbitrary unit
print(f'a = {a}')
print(f'a^phi(n) mod n = {power_mod(a, phi_n, n)}  (should be 1)')
print(f'e*d = {e*d} = 1 + {(e*d - 1) // phi_n} * {phi_n}')
print(f'a^(e*d) mod n = {power_mod(a, e*d, n)}  (should be {a})')

Concept Map: Module 01 \to RSA

Module 01 ConceptRSA Application
Z/nZ\mathbb{Z}/n\mathbb{Z}RSA works in Z/nZ\mathbb{Z}/n\mathbb{Z} where n=pqn = pq
Units and φ(n)\varphi(n)φ(n)\varphi(n) determines key generation
Modular exponentiationEncryption (mem^e) and decryption (cdc^d)
gcdChoosing ee coprime to φ(n)\varphi(n)
Modular inverseComputing private key d=e1modφ(n)d = e^{-1} \bmod \varphi(n)
Euler's theoremWhy decryption reverses encryption

What's Next

Module 04 builds all of this from scratch --- the extended Euclidean algorithm for computing inverses, a full proof of Euler's theorem, and a complete RSA implementation with proper padding and security analysis.

Summary

ConceptKey idea
RSA group(Z/nZ)(\mathbb{Z}/n\mathbb{Z})^*, the multiplicative group of units mod n=pqn = pq
Group order φ(n)\varphi(n)(p1)(q1)(p-1)(q-1) is the secret that enables key generation
Key generationUses gcd (to choose ee) and modular inverses (to compute dd)
Encryption and decryptionBoth are modular exponentiation: c=mec = m^e, m=cdm = c^d
CorrectnessFollows from Euler's theorem: aφ(n)1a^{\varphi(n)} \equiv 1

Every tool from this module, modular arithmetic, groups, orders, and Euler's theorem, is load-bearing in RSA. None of it was abstract for its own sake.