The RSA AlgorithmIntroductionRSA is one of the most important algorithms in modern cryptography. It protects online shopping, banking, messaging, and almost every secure connection on the internet.This article explains:Why RSA was inventedThe simple number‑theory ideas behind itHow keys are createdHow encryption and decryption workWhy RSA is secure in practiceWhy We Need Secure CommunicationWhen you send information online, it often travels through:Public networksShared serversUntrusted intermediariesWithout protection, anyone could:Read your messagesSteal passwordsAlter dataPretend to be someone elseCryptography solves these problems by:Scrambling informationRequiring special keys to read itEnsuring messages cannot be forgedRSA is one of the most famous tools for doing this.A Gentle Overview of Public‑Key CryptographyTraditional (symmetric) cryptography:Uses one shared secret keyBoth sides must know itHard to distribute keys safelyPublic‑key cryptography:Each person has two keysA public key (shared openly)A private key (kept secret)Anyone can encrypt using the public keyOnly the private key can decryptKey idea:The public key does not reveal the private keyThis allows secure communication with strangersThe Big Idea Behind RSARSA is built on a simple but powerful concept:Some mathematical operations are easy to doBut very hard to undo without special informationIn RSA:Multiplying two large primes is easyFactoring the product is extremely hardRSA uses this asymmetry to create:A public key (easy to compute)A private key (easy to compute if you know the primes)A system that is hard to break without those primesPrime Numbers and Factorisation: The Hidden DifficultyPrime numbers are the backbone of RSA.Important facts:A number like $n = pq$ (product of two primes) is easy to computeBut given $n$, finding $p$ and $q$ is extremely difficult when they are largeWhy this matters:RSA keys use primes hundreds of digits longNo known efficient method exists to factor such numbersThis difficulty is what keeps RSA secureEven powerful computers struggle with factorisation at RSA sizes.Modular Arithmetic for RSA (Light Version)RSA uses modular arithmetic, but only a few ideas are needed:Key concepts$a \bmod n$ means the remainder when $a$ is divided by $n$Modular multiplication works like normal multiplication, then reduceModular exponentiation means repeated multiplication with reductionWhy it’s usefulKeeps numbers manageableAllows reversible operationsMakes encryption and decryption efficientTwo key operations in RSAEncryption: $$c \equiv m^e \pmod{n}$$Decryption: $$m \equiv c^d \pmod{n}$$Where:$m$ = message$c$ = ciphertext$e$ = public exponent$d$ = private exponent$n$ = product of two primesHow RSA Keys Are CreatedKey generation steps (simplified):Choose two large primesCall them $p$ and $q$Multiply them$n = pq$This becomes part of the public keyCompute$\varphi(n) = (p-1)(q-1)$$\varphi$ is a Greek letter pronounced "Phi"$\varphi(n)$ is called "Euler’s totient"It counts how many numbers are “compatible” with $n$Choose a public exponent $e$Usually a small number like $65537$Must be coprime with $\varphi(n)$Compute the private exponent $d$$d$ is the number satisfying $$ed \equiv 1 \pmod{\varphi(n)}$$This means $d$ “undoes” the effect of $e$PublishPublic key: $(n, e)$Private key: $(n, d)$Only $p$ and $q$ must remain secret.How Encryption and Decryption WorkEncryptionTo send a message $m$:Compute $$c \equiv m^e \pmod{n}$$Send $c$Anyone can do this using the public key.DecryptionTo recover the message:Compute $$m \equiv c^d \pmod{n}$$Only the private key holder knows $d$, so only they can decrypt.Why it worksThe exponents $e$ and $d$ are chosen so that: $$m^{ed} \equiv m \pmod{n}$$ This is a deep result from number theory, but the intuition is:$e$ scrambles$d$ unscramblesWhy RSA Is Hard to BreakBreaking RSA means:Recovering $d$ from $(n, e)$Or factoring $n$ into $p$ and $q$Both are believed to be extremely difficult.Reasons:No known fast algorithm for factoring large numbersRSA keys are hundreds or thousands of bits longEven supercomputers take impractically long to factor themSecurity relies on:Prime numbersFactorisation difficultyModular arithmetic propertiesReal‑World Uses of RSA TodayRSA is everywhere:Secure websites (HTTPS)Online bankingEmail encryptionDigital signaturesSoftware updatesSecure messagingVirtual private networks (VPNs)RSA often works alongside other algorithms to create secure systems.Limitations of RSA and Modern AlternativesRSA is powerful but not perfect.LimitationsSlow for large amounts of dataRequires large keys for strong securityVulnerable to future quantum computersModern alternativesElliptic Curve Cryptography (ECC)Smaller keysFaster operationsPost‑quantum cryptographyDesigned to resist quantum attacksHybrid systemsRSA for key exchangeFaster symmetric ciphers for dataExercisesBuild a Tiny RSA KeyChoose two small primes:Pick any two primes between 5 and 20Compute$n = pq$$\varphi(n) = (p-1)(q-1)$Write down your chosen primes and the results.SolutionAnswers vary; here’s one concrete example.Choose primes: $p = 7$, $q = 11$Compute $n$: $$n = pq = 7 \cdot 11 = 77$$Compute $\varphi(n)$: $$\varphi(n) = (p-1)(q-1) = 6 \cdot 10 = 60$$Any correct pair of primes and correct $n,\ \varphi(n)$ is fine.Choose a Valid Public ExponentUsing your $\varphi(n)$ from Exercise 1:List all numbers between 2 and $\varphi(n)$Circle the ones that are coprime to $\varphi(n)$Choose one to be your public exponent $e$(You can check coprimality by seeing if they share any common factors.)SolutionWe need to find all integers $e$ such that:$2 \le e < \varphi(n)$$\gcd(e, 60) = 1$Since $$60 = 2^2 \cdot 3 \cdot 5,$$ a number is coprime with 60 if and only if it is divisible by none of 2, 3, or 5.So we list all numbers from 2 to 59 and remove those divisible by 2, 3, or 5.All valid public exponents $e$ (coprime with 60)$$7,\ 11,\ 13,\ 17,\ 19,\ 23,\ 29,\ 31,\ 37,\ 41,\ 43,\ 47,\ 49,\ 53,\ 59$$Notes49 is valid, because $\gcd(49, 60) = 1$.These are exactly the integers less than 60 that avoid the prime factors 2, 3, and 5.Compute Your Private KeyFind $d$ such that: $$ed \equiv 1 \pmod{\varphi(n)}$$ Tasks:Try small values of $d$Multiply $e \cdot d$ each timeStop when the product is one more than a multiple of $\varphi(n)$This $d$ is your private key.SolutionWe want $d$ such that: $$ed \equiv 1 \pmod{\varphi(n)}$$ With $e = 7$ and $\varphi(n) = 60$:Try multiples of $7$: $7 \cdot 43 = 301$Check modulo $60$: $$301 \equiv 1 \pmod{60}$$So:$d = 43$Encrypt a Message You ChoosePick a small message number $m$ (for example, your favourite number between 1 and $n-1$).Compute: $$c \equiv m^e \pmod{n}$$ Write down:Your message $m$Your ciphertext $c$SolutionExample:$m = 5$, $e = 7$, $n = 77$Compute: $$c \equiv 5^7 \pmod{77}$$ Step by step:$5^2 = 25$$5^3 = 125 \equiv 48 \pmod{77}$$5^4 = 48 \cdot 5 = 240 \equiv 9 \pmod{77}$$5^7 = 5^4 \cdot 5^3 = 9 \cdot 48 = 432 \equiv 47 \pmod{77}$So:Ciphertext $c = 47$Decrypt the MessageUsing your private key $d$, compute: $$m \equiv c^d \pmod{n}$$ Check that you recover the original message.(Hint: break the exponent into smaller powers, e.g. square‑and‑multiply.)SolutionModulus: $n = 77$Public exponent: $e = 7$Private exponent: $d = 43$Ciphertext: $c = 47$We want to recover the original message $m$ by computing $$m \equiv c^d \pmod{n} = 47^{43} \pmod{77}.$$ We’ll use repeated squaring to keep numbers small.Step 1: Compute powers of $47$ modulo $77$$a = 47$$a^2$ $$47^2 = 2209$$ So $$a^2 \equiv 53 \pmod{77}.$$$a^4$ $$a^4 = (a^2)^2 \equiv 53^2 = 2809$$ So $$a^4 \equiv 37 \pmod{77}.$$$a^8$ $$a^8 = (a^4)^2 \equiv 37^2 = 1369$$ So $$a^8 \equiv 60 \pmod{77}.$$$a^{16}$ $$a^{16} = (a^8)^2 \equiv 60^2 = 3600$$ So $$a^{16} \equiv 58 \pmod{77}.$$$a^{32}$ $$a^{32} = (a^{16})^2 \equiv 58^2 = 3364$$ So $$a^{32} \equiv 53 \pmod{77}.$$Step 2: Express the exponent 43 in binary formWe write: $$43 = 32 + 8 + 2 + 1$$ So: $$47^{43} = 47^{32} \cdot 47^8 \cdot 47^2 \cdot 47^1$$ Using our earlier results:$47^{32} \equiv 53$$47^8 \equiv 60$$47^2 \equiv 53$$47^1 \equiv 47$Step 3: Multiply these together modulo 77First: $$53 \cdot 60 = 3180$$ So: $$53 \cdot 60 \equiv 23 \pmod{77}.$$ Next: $$23 \cdot 53 = 1219$$ So: $$23 \cdot 53 \equiv 64 \pmod{77}.$$ Finally: $$64 \cdot 47 = 3008$$ So: $$64 \cdot 47 \equiv 5 \pmod{77}.$$ Therefore: $$47^{43} \equiv 5 \pmod{77}.$$ So the decrypted message is:$m = 5$This matches the original message we encrypted earlier, showing that the RSA decryption step works correctly in this example.Break a Tiny RSA SystemSuppose someone’s public key is:$n = 77$$e = 5$Tasks:Factor $77$Compute $\varphi(77)$Find the private key $d$Decrypt the ciphertext $c = 23$This simulates breaking RSA when $n$ is too small.Compare Two RSA KeysGenerate two tiny RSA keys using different primes.For each:Compute $n$Compute $\varphi(n)$Choose $e$Compute $d$Then answer:Which key has the larger $n$?Which one would be harder to break?Why?SolutionKey APrimes:$p_1 = 7$, $q_1 = 11$Modulus:$n_1 = p_1 q_1 = 7 \cdot 11 = 77$Euler’s totient:$\varphi(n_1) = (7-1)(11-1) = 6 \cdot 10 = 60$Public exponent (chosen coprime with 60):$e_1 = 7$Private exponent:Solve $7d_1 \equiv 1 \pmod{60}$$7 \cdot 43 = 301 \equiv 1 \pmod{60}$So $d_1 = 43$So Key A is:Public: $(n_1, e_1) = (77, 7)$Private: $(n_1, d_1) = (77, 43)$Key BPrimes:$p_2 = 13$, $q_2 = 17$Modulus:$n_2 = p_2 q_2 = 13 \cdot 17 = 221$Euler’s totient:$\varphi(n_2) = (13-1)(17-1) = 12 \cdot 16 = 192$Public exponent (coprime with 192):Take $e_2 = 5$ (since $\gcd(5,192) = 1$)Private exponent:Solve $5d_2 \equiv 1 \pmod{192}$$5 \cdot 77 = 385 \equiv 1 \pmod{192}$ (because $385 - 2\cdot192 = 1$)So $d_2 = 77$So Key B is:Public: $(n_2, e_2) = (221, 5)$Private: $(n_2, d_2) = (221, 77)$Comparison and conclusionWhich key has larger $n$?$n_1 = 77$, $n_2 = 221$ → Key B has the larger modulus.Which is harder to break (in principle)?Key B, because factoring $221$ is (slightly) harder than factoring $77$, and in real RSA, larger $n$ means more security.Why?Security in RSA mainly depends on how hard it is to factor $n$.A larger $n$ built from larger primes is more resistant to factorisation, so Key B is the stronger of the two (even though both are tiny and insecure in practice).Spot the Weak KeyHere are three possible RSA public keys:$(n = 91, e = 5)$$(n = 143, e = 7)$$(n = 221, e = 11)$Tasks:Factor each $n$Decide which one is the weakest and explain whyDecide which one is the strongest and explain whySolutionGiven public keys:$(n = 91, e = 5)$$(n = 143, e = 7)$$(n = 221, e = 11)$Factor each $n$:$91 = 7 \cdot 13$$143 = 11 \cdot 13$$221 = 13 \cdot 17$All are small and easy to factor, but:Weakest: $n = 91$ (smallest $n$)Strongest (relatively): $n = 221$ (largest $n$)The reasoning: larger $n$ → harder (in principle) to factor.Experiment With Encryption CollisionsPick two different messages $m_1$ and $m_2$ less than $n$.Encrypt both:$c_1 \equiv m_1^e \pmod{n}$$c_2 \equiv m_2^e \pmod{n}$Check whether $c_1 = c_2$.If they match, explain why that’s a problem. If they don’t, explain why RSA is designed to avoid collisions.SolutionRecall what you did in the exercise:You picked two different messages $m_1$ and $m_2$ with $1 \le m_1, m_2 < n$ and $m_1 \ne m_2$.You encrypted them using the same RSA public key $(n, e)$: $$c_1 \equiv m_1^e \pmod{n}, \qquad c_2 \equiv m_2^e \pmod{n}.$$You checked whether $c_1 = c_2$ (a collision) or $c_1 \ne c_2$.Let’s unpack what this means and why collisions are such a big deal.What would a collision mean?A collision would be a pair of different messages $m_1 \ne m_2$ such that: $$m_1^e \equiv m_2^e \pmod{n}.$$ Rewriting: $$m_1^e \equiv m_2^e \pmod{n} \quad \Longrightarrow \quad (m_1^e - m_2^e) \equiv 0 \pmod{n}.$$ Factor the left-hand side: $$m_1^e - m_2^e = (m_1 - m_2) \cdot x.$$ So if $n$ divides $m_1^e - m_2^e$, then $n$ divides the product $(m_1 - m_2)\cdot x$.If $m_1 \ne m_2$, then $m_1 - m_2$ is not $0$, so this would mean that $n$ shares a non-trivial factor with that $x$ term. In practice, for properly chosen RSA parameters and messages in the right range, this kind of collision is not expected to happen.Why RSA is designed to avoid collisionsIn “ideal” RSA (ignoring padding and practical details), we usually restrict to messages $m$ that are:In the range $1 \le m < n$, andOften also coprime to $n$ (so that $m$ has a multiplicative inverse modulo $n$).On the set of numbers that are coprime to $n$, the map $$m \mapsto m^e \pmod{n}$$ is a permutation when $e$ is chosen correctly (i.e. $\gcd(e, \varphi(n)) = 1$). That means:It is one-to-one: different $m$ give different $c$.It is onto: every possible ciphertext (in that reduced set) comes from some message.It has an inverse map: $$c \mapsto c^d \pmod{n},$$ where $d$ is the private exponent.So, in this idealised setting, collisions should not occur: if $m_1 \ne m_2$, then $m_1^e \not\equiv m_2^e \pmod{n}$.What you likely observed in your experimentWith a small RSA system (like $n = 77$, $e = 7$ or similar), and a couple of different messages $m_1, m_2$, you probably found:$c_1 \ne c_2$.That is, no collision occurred in your test.This is exactly what we expect:The encryption function behaves like a “scrambling” permutation on the allowed messages.Each message has its own unique ciphertext (within that reduced set).Why a collision would be a serious problemIf you did find $m_1 \ne m_2$ with $$m_1^e \equiv m_2^e \pmod{n},$$ then:The encryption function would not be one-to-one.Two different messages would become indistinguishable after encryption.Decryption would be ambiguous: the same ciphertext could correspond to more than one message.In a real cryptographic system, that would be unacceptable:You could not be sure which message was actually sent.It would break the basic idea that encryption is a reversible transformation (given the private key).So, the absence of collisions is part of what makes RSA a sensible encryption scheme.