such that it is easy for Nikita to compute , but extremely difficult for anybody else to do so.
Here is how Nikita makes a one-way function on the set of integers modulo .
Anybody can compute fairly quickly using the repeated-squaring algorithm from Section 2.3.2.
Nikita's public key is the pair of integers , which is just enough information for people to easily compute . Nikita knows a number such that , so, as we will see, she can quickly compute .
To send Nikita a message, proceed as follows. Encode your message, in some way, as a sequence of numbers modulo (see Section 3.2.2)
then send
to Nikita. (Recall that for .)
When Nikita receives , she finds each by using that a fact that follows from the following proposition.
sage: def rsa(bits): ... # only prove correctness up to 1024 bits ... proof = (bits <= 1024) ... p = next_prime(ZZ.random_element(2**(bits//2 +1)), ... proof=proof) ... q = next_prime(ZZ.random_element(2**(bits//2 +1)), ... proof=proof) ... n = p * q ... phi_n = (p-1) * (q-1) ... while True: ... e = ZZ.random_element(1,phi_n) ... if gcd(e,phi_n) == 1: break ... d = lift(Mod(e,phi_n)^(-1)) ... return e, d, n ... sage: def encrypt(m,e,n): ... return lift(Mod(m,n)^e) ... sage: def decrypt(c,d,n): ... return lift(Mod(c,n)^d) ... sage: e,d,n = rsa(20) sage: c = encrypt(123, e, n) sage: decrypt(c, d, n) 123
William 2007-06-01