{"captions":[{"content":"[RSA]","startTime":0,"duration":2000,"startOfParagraph":false},{"content":"[Rob Bowden] [Tommy MacWilliam] [Harvard University]","startTime":2000,"duration":2000,"startOfParagraph":false},{"content":"[This is CS50.] [CS50.TV]","startTime":4000,"duration":3000,"startOfParagraph":false},{"content":"Let's take a look at RSA, a widely used algorithm for encrypting data.","startTime":7000,"duration":4000,"startOfParagraph":false},{"content":"Encryption algorithms like Caesar and Vigenère ciphers aren't very secure.","startTime":11000,"duration":5000,"startOfParagraph":false},{"content":"With the Caesar cipher, an attacker only needs to try 25 different keys ","startTime":16000,"duration":4000,"startOfParagraph":false},{"content":"to get the message's plain text.","startTime":20000,"duration":2000,"startOfParagraph":false},{"content":"While the Vigenère cipher is more secure than the Caesar cipher","startTime":22000,"duration":3000,"startOfParagraph":false},{"content":"because of the larger search space for keys, once an attacker","startTime":25000,"duration":3000,"startOfParagraph":false},{"content":"knows the length of the key in a Vigenère cipher,","startTime":28000,"duration":2000,"startOfParagraph":false},{"content":"which can be determined via an analysis of patterns in the encrypted text,","startTime":30000,"duration":4000,"startOfParagraph":false},{"content":"the Vigenère cipher is not that much more secure than the Caesar cipher.","startTime":34000,"duration":4000,"startOfParagraph":false},{"content":"RSA, on the other hand, isn't vulnerable to attacks like this.","startTime":38000,"duration":4000,"startOfParagraph":false},{"content":"The Caesar cipher and Vigenère cipher use the same key","startTime":42000,"duration":3000,"startOfParagraph":false},{"content":"to both encrypt and decrypt a message.","startTime":45000,"duration":2000,"startOfParagraph":false},{"content":"This property makes these ciphers symmetric key algorithms.","startTime":47000,"duration":4000,"startOfParagraph":false},{"content":"A fundamental problem with symmetric key algorithms","startTime":51000,"duration":3000,"startOfParagraph":false},{"content":"is that they rely on the one encrypting and sending the message","startTime":54000,"duration":3000,"startOfParagraph":false},{"content":"and the one receiving and decrypting the message","startTime":57000,"duration":2000,"startOfParagraph":false},{"content":"to have already agreed upfront on the key they will both use.","startTime":59000,"duration":4000,"startOfParagraph":false},{"content":"But we have a bit of a startup problem here.","startTime":63000,"duration":3000,"startOfParagraph":false},{"content":"How do 2 computers that want to communicate establish a secret key between them?","startTime":66000,"duration":4000,"startOfParagraph":false},{"content":"If the key must be secret, then we need a way to encrypt and decrypt the key.","startTime":70000,"duration":6000,"startOfParagraph":false},{"content":"If all we have is symmetric key cryptography","startTime":76000,"duration":2000,"startOfParagraph":false},{"content":"then we've just come back to the same problem.","startTime":78000,"duration":3000,"startOfParagraph":false},{"content":"RSA, on the other hand, uses a pair of keys,","startTime":81000,"duration":4000,"startOfParagraph":false},{"content":"one for encryption and another for decryption.","startTime":85000,"duration":3000,"startOfParagraph":false},{"content":"One is called the public key, and the other is the private key.","startTime":88000,"duration":4000,"startOfParagraph":false},{"content":"The public key is used to encrypt messages.","startTime":92000,"duration":2000,"startOfParagraph":false},{"content":"As you might guess by its name, we can share our public key with","startTime":94000,"duration":4000,"startOfParagraph":false},{"content":"anyone we want without compromising the security of an encrypted message.","startTime":98000,"duration":5000,"startOfParagraph":false},{"content":"Messages encrypted using a public key","startTime":103000,"duration":2000,"startOfParagraph":false},{"content":"can only be decrypted with its corresponding private key.","startTime":105000,"duration":4000,"startOfParagraph":false},{"content":"While you can share your public key, you should always keep your private key secret.","startTime":109000,"duration":4000,"startOfParagraph":false},{"content":"Since the private key should be kept a secret and only the private key","startTime":113000,"duration":3000,"startOfParagraph":false},{"content":"can be used to decrypt messages, if 2 users want to send messages","startTime":116000,"duration":4000,"startOfParagraph":false},{"content":"encrypted with RSA back and forth","startTime":120000,"duration":3000,"startOfParagraph":false},{"content":"both users need to have their own public and private key pair.","startTime":123000,"duration":4000,"startOfParagraph":false},{"content":"Messages from user 1 to user 2 only use user 2's key pair,","startTime":127000,"duration":5000,"startOfParagraph":false},{"content":"and messages from user 2 to user 1 only use user 1's key pair.","startTime":132000,"duration":5000,"startOfParagraph":false},{"content":"The fact that there are 2 separate keys to encrypt and decrypt messages","startTime":137000,"duration":4000,"startOfParagraph":false},{"content":"makes RSA an asymmetric key algorithm.","startTime":141000,"duration":3000,"startOfParagraph":false},{"content":"We don't need to encrypt the public key in order to send it to another computer","startTime":144000,"duration":4000,"startOfParagraph":false},{"content":"since the key is public anyway.","startTime":148000,"duration":2000,"startOfParagraph":false},{"content":"This means that RSA doesn't have the same startup problem as a symmetric key algorithm.","startTime":150000,"duration":4000,"startOfParagraph":false},{"content":"How do 2 computers that want to communicate ","startTime":154000,"duration":3000,"startOfParagraph":false},{"content":"establish a secret key between them?","startTime":157000,"duration":2000,"startOfParagraph":false},{"content":"If the key must be secret, then we need a way to encrypt and decrypt the key.","startTime":159000,"duration":6000,"startOfParagraph":false},{"content":"If all we have is symmetric key cryptography then we've just","startTime":165000,"duration":3000,"startOfParagraph":false},{"content":"come back to the same problem.","startTime":168000,"duration":2000,"startOfParagraph":false},{"content":"RSA, on the other hand, uses a pair of keys,","startTime":170000,"duration":4000,"startOfParagraph":false},{"content":"one for encryption and another for decryption.","startTime":174000,"duration":3000,"startOfParagraph":false},{"content":"One is called the public key, and the other is the private key.","startTime":177000,"duration":4000,"startOfParagraph":false},{"content":"The public key is used to encrypt messages.","startTime":181000,"duration":3000,"startOfParagraph":false},{"content":"As you might guess by its name, we can share our public key with anyone we want","startTime":184000,"duration":4000,"startOfParagraph":false},{"content":"without compromising the security of an encrypted message.","startTime":188000,"duration":4000,"startOfParagraph":false},{"content":"Messages encrypted using a public key can only be decrypted","startTime":192000,"duration":3000,"startOfParagraph":false},{"content":"with its corresponding private key.","startTime":195000,"duration":2000,"startOfParagraph":false},{"content":"While you can share your public key, you should always keep your private key secret.","startTime":197000,"duration":5000,"startOfParagraph":false},{"content":"Since the private key should be kept a secret","startTime":202000,"duration":3000,"startOfParagraph":false},{"content":"and only the private key can be used to decrypt messages","startTime":205000,"duration":3000,"startOfParagraph":false},{"content":"if 2 users want to send messages encrypted with RSA","startTime":208000,"duration":4000,"startOfParagraph":false},{"content":"back and forth both users need to have their own public and private key pair.","startTime":212000,"duration":5000,"startOfParagraph":false},{"content":"Messages from user 1 to user 2","startTime":217000,"duration":3000,"startOfParagraph":false},{"content":"only use user 2's key pair, and messages from user 2 to user 1","startTime":220000,"duration":5000,"startOfParagraph":false},{"content":"only use user 1's key pair.","startTime":225000,"duration":2000,"startOfParagraph":false},{"content":"The fact that there are 2 separate keys to encrypt and decrypt messages","startTime":227000,"duration":4000,"startOfParagraph":false},{"content":"makes RSA an asymmetric key algorithm.","startTime":231000,"duration":3000,"startOfParagraph":false},{"content":"We don't need to encrypt the public key in order to send it to another computer","startTime":234000,"duration":4000,"startOfParagraph":false},{"content":"since the key is public anyway.","startTime":238000,"duration":3000,"startOfParagraph":false},{"content":"This means that RSA doesn't have the same startup problem ","startTime":241000,"duration":2000,"startOfParagraph":false},{"content":"as the symmetric key algorithms.","startTime":243000,"duration":3000,"startOfParagraph":false},{"content":"So if I want to send a message using RSA encryption ","startTime":246000,"duration":3000,"startOfParagraph":false},{"content":"to Rob, I'll first need Rob's public key.","startTime":249000,"duration":3000,"startOfParagraph":false},{"content":"To generate a pair of keys, Rob needs to pick 2 large prime numbers.","startTime":252000,"duration":5000,"startOfParagraph":false},{"content":"These numbers will be used in both the public and private keys,","startTime":257000,"duration":3000,"startOfParagraph":false},{"content":"but the public key will only use the product of these 2 numbers,","startTime":260000,"duration":4000,"startOfParagraph":false},{"content":"not the numbers themselves.","startTime":264000,"duration":2000,"startOfParagraph":false},{"content":"Once I've encrypted the message using Rob's public key","startTime":266000,"duration":3000,"startOfParagraph":false},{"content":"I can send the message to Rob.","startTime":269000,"duration":2000,"startOfParagraph":false},{"content":"For a computer, factoring numbers is a hard problem.","startTime":271000,"duration":4000,"startOfParagraph":false},{"content":"The public key, remember, used the product of 2 prime numbers.","startTime":275000,"duration":4000,"startOfParagraph":false},{"content":"This product must then have only 2 factors,","startTime":279000,"duration":3000,"startOfParagraph":false},{"content":"which happen to be the numbers that make up the private key.","startTime":282000,"duration":4000,"startOfParagraph":false},{"content":"In order to decrypt the message, RSA will use this private key","startTime":286000,"duration":4000,"startOfParagraph":false},{"content":"or the numbers multiplied together in the process of creating the public key.","startTime":290000,"duration":5000,"startOfParagraph":false},{"content":"Because it's computationally hard to factor the number ","startTime":295000,"duration":3000,"startOfParagraph":false},{"content":"used in a public key into the 2 numbers used in the private key","startTime":298000,"duration":4000,"startOfParagraph":false},{"content":"it's difficult for an attacker to figure out the private key ","startTime":302000,"duration":4000,"startOfParagraph":false},{"content":"that will be necessary to decrypt the message.","startTime":306000,"duration":3000,"startOfParagraph":false},{"content":"Now let's go into some lower level details of RSA.","startTime":309000,"duration":4000,"startOfParagraph":false},{"content":"Let's first see how we can generate a pair of keys.","startTime":313000,"duration":3000,"startOfParagraph":false},{"content":"First, we'll need 2 prime numbers.","startTime":316000,"duration":3000,"startOfParagraph":false},{"content":"We'll call these 2 numbers p and q.","startTime":319000,"duration":3000,"startOfParagraph":false},{"content":"In order to pick p and q, in practice we would pseudorandomly generate","startTime":322000,"duration":4000,"startOfParagraph":false},{"content":"large numbers and then use a test for determining whether or not","startTime":326000,"duration":3000,"startOfParagraph":false},{"content":"those numbers are probably prime.","startTime":329000,"duration":3000,"startOfParagraph":false},{"content":"We can keep generating random numbers over and over again","startTime":332000,"duration":3000,"startOfParagraph":false},{"content":"until we have 2 primes that we can use.","startTime":335000,"duration":3000,"startOfParagraph":false},{"content":"Here let's pick p = 23 and q = 43.","startTime":338000,"duration":7000,"startOfParagraph":false},{"content":"Remember, in practice, p and q should be much larger numbers.","startTime":345000,"duration":4000,"startOfParagraph":false},{"content":"As far as we know, the larger the numbers, the harder it is ","startTime":349000,"duration":3000,"startOfParagraph":false},{"content":"to crack an encrypted message.","startTime":352000,"duration":3000,"startOfParagraph":false},{"content":"But it's also more expensive to encrypt and decrypt messages.","startTime":355000,"duration":4000,"startOfParagraph":false},{"content":"Today it's often recommended that p and q are at least 1024 bits,","startTime":359000,"duration":4000,"startOfParagraph":false},{"content":"which puts each number at over 300 decimal digits.","startTime":363000,"duration":4000,"startOfParagraph":false},{"content":"But we'll pick these small numbers for this example.","startTime":367000,"duration":3000,"startOfParagraph":false},{"content":"Now we'll multiply p and q together to get a 3rd number,","startTime":370000,"duration":3000,"startOfParagraph":false},{"content":"which we'll call n.","startTime":373000,"duration":2000,"startOfParagraph":false},{"content":"In our case, n = 23 * 43, which = 989.","startTime":375000,"duration":10000,"startOfParagraph":false},{"content":"We have n = 989.","startTime":385000,"duration":3000,"startOfParagraph":false},{"content":"Next we'll multiply p - 1 with q - 1","startTime":388000,"duration":4000,"startOfParagraph":false},{"content":"to obtain a 4th number, which we'll call m.","startTime":392000,"duration":3000,"startOfParagraph":false},{"content":"In our case, m = 22 * 42, which = 924.","startTime":395000,"duration":10000,"startOfParagraph":false},{"content":"We have m = 924.","startTime":405000,"duration":3000,"startOfParagraph":false},{"content":"Now we'll need a number e that is relatively prime to m","startTime":408000,"duration":4000,"startOfParagraph":false},{"content":"and less than m.","startTime":412000,"duration":3000,"startOfParagraph":false},{"content":"Two numbers are relatively prime or coprime ","startTime":415000,"duration":3000,"startOfParagraph":false},{"content":"if the only positive integer that divides them both evenly is 1.","startTime":418000,"duration":5000,"startOfParagraph":false},{"content":"In other words, the greatest common divisor of e and m ","startTime":423000,"duration":4000,"startOfParagraph":false},{"content":"must be 1.","startTime":427000,"duration":2000,"startOfParagraph":false},{"content":"In practice, it's common for e to be the prime number 65537","startTime":429000,"duration":5000,"startOfParagraph":false},{"content":"as long as this number doesn't happen to be a factor of m.","startTime":434000,"duration":4000,"startOfParagraph":false},{"content":"For our keys, we'll pick e = 5","startTime":438000,"duration":5000,"startOfParagraph":false},{"content":"since 5 is relatively prime to 924.","startTime":443000,"duration":4000,"startOfParagraph":false},{"content":"Finally, we'll need one more number, which we'll call d.","startTime":447000,"duration":4000,"startOfParagraph":false},{"content":"D must be some value that satisfies the equation de = 1(mod m).","startTime":451000,"duration":10000,"startOfParagraph":false},{"content":"This mod m signifies we'll use something called modular arithmetic. ","startTime":461000,"duration":6000,"startOfParagraph":false},{"content":"In modular arithmetic, once a number gets higher than some upper bound","startTime":467000,"duration":4000,"startOfParagraph":false},{"content":"it will wrap back around to 0.","startTime":471000,"duration":3000,"startOfParagraph":false},{"content":"A clock, for example, uses modular arithmetic.","startTime":474000,"duration":3000,"startOfParagraph":false},{"content":"One minute after 1:59, for example, is 2:00, ","startTime":477000,"duration":4000,"startOfParagraph":false},{"content":"not 1:60.","startTime":481000,"duration":2000,"startOfParagraph":false},{"content":"The minute hand has wrapped around to 0","startTime":483000,"duration":3000,"startOfParagraph":false},{"content":"upon reaching an upper bound of 60.","startTime":486000,"duration":3000,"startOfParagraph":false},{"content":"So, we can say 60 is equivalent to 0 (mod 60)","startTime":489000,"duration":7000,"startOfParagraph":false},{"content":"and 125 is equivalent to 65 is equivalent to 5 (mod 60).","startTime":496000,"duration":11000,"startOfParagraph":false},{"content":"Our public key will be the pair e and n","startTime":507000,"duration":5000,"startOfParagraph":false},{"content":"where in this case e is 5 and n is 989.","startTime":512000,"duration":7000,"startOfParagraph":false},{"content":"Our private key will be the pair d and n,","startTime":519000,"duration":6000,"startOfParagraph":false},{"content":"which in our case is 185 and 989.","startTime":525000,"duration":7000,"startOfParagraph":false},{"content":"Notice that our original primes p and q don't appear","startTime":532000,"duration":3000,"startOfParagraph":false},{"content":"anywhere in our private or public keys.","startTime":535000,"duration":4000,"startOfParagraph":false},{"content":"Now that we have our pair of keys, let's take a look at how we can encrypt","startTime":539000,"duration":4000,"startOfParagraph":false},{"content":"and decrypt a message.","startTime":543000,"duration":3000,"startOfParagraph":false},{"content":"I want to send a message to Rob,","startTime":546000,"duration":2000,"startOfParagraph":false},{"content":"so he will be the one to generate this key pair.","startTime":548000,"duration":4000,"startOfParagraph":false},{"content":"Then I'll ask Rob for his public key, which I'll use ","startTime":552000,"duration":4000,"startOfParagraph":false},{"content":"to encrypt a message to send to him.","startTime":556000,"duration":2000,"startOfParagraph":false},{"content":"Remember, it's totally okay for Rob to share his public key with me.","startTime":558000,"duration":5000,"startOfParagraph":false},{"content":"But it would not be okay to share his private key.","startTime":563000,"duration":3000,"startOfParagraph":false},{"content":"I don't have any idea what his private key is.","startTime":566000,"duration":4000,"startOfParagraph":false},{"content":"We can break our message m up into several chunks","startTime":570000,"duration":3000,"startOfParagraph":false},{"content":"all smaller than n and then encrypt each of those chunks.","startTime":573000,"duration":4000,"startOfParagraph":false},{"content":"We'll encrypt the string CS50, which we can break up into 4 chunks,","startTime":577000,"duration":5000,"startOfParagraph":false},{"content":"one per letter.","startTime":582000,"duration":2000,"startOfParagraph":false},{"content":"In order to encrypt my message, I'll need to convert it into ","startTime":584000,"duration":3000,"startOfParagraph":false},{"content":"some kind of numeric representation. ","startTime":587000,"duration":3000,"startOfParagraph":false},{"content":"Let's concatenate the ASCII values with the characters in my message.","startTime":590000,"duration":5000,"startOfParagraph":false},{"content":"In order to encrypt a given message m ","startTime":595000,"duration":3000,"startOfParagraph":false},{"content":"I'll need to compute c = m to the e (mod n).","startTime":598000,"duration":9000,"startOfParagraph":false},{"content":"But m must be smaller than n, ","startTime":607000,"duration":3000,"startOfParagraph":false},{"content":"or else the full message can't be expressed modulo n.","startTime":610000,"duration":5000,"startOfParagraph":false},{"content":"We can break m up into several chunks, all of which are smaller than n,","startTime":615000,"duration":4000,"startOfParagraph":false},{"content":"and encrypt each of those chunks.","startTime":619000,"duration":3000,"startOfParagraph":false},{"content":"Encrypting each of these chunks, we get c1 = 67 to the 5 (mod 989)","startTime":622000,"duration":11000,"startOfParagraph":false},{"content":"which = 658.","startTime":633000,"duration":3000,"startOfParagraph":false},{"content":"For our second chunk we have 83 to the 5 (mod 989)","startTime":636000,"duration":9000,"startOfParagraph":false},{"content":"which = 15.","startTime":645000,"duration":3000,"startOfParagraph":false},{"content":"For our third chunk we have 53 to the 5 (mod 989)","startTime":648000,"duration":8000,"startOfParagraph":false},{"content":"which = 799.","startTime":656000,"duration":4000,"startOfParagraph":false},{"content":"And finally, for our last chunk we have 48 to the 5 (mod 989)","startTime":660000,"duration":9000,"startOfParagraph":false},{"content":"which = 975.","startTime":669000,"duration":4000,"startOfParagraph":false},{"content":"Now we can send over these encrypted values to Rob.","startTime":673000,"duration":5000,"startOfParagraph":false},{"content":"Here you go, Rob.","startTime":684000,"duration":4000,"startOfParagraph":false},{"content":"While our message is in flight, let's take another look","startTime":688000,"duration":3000,"startOfParagraph":false},{"content":"at how we got that value for d.","startTime":691000,"duration":6000,"startOfParagraph":false},{"content":"Our number d needed to satisfy 5d = 1 (mod 924).","startTime":697000,"duration":10000,"startOfParagraph":false},{"content":"This makes d the multiplicative inverse of 5 modulo 924.","startTime":707000,"duration":7000,"startOfParagraph":false},{"content":"Given 2 integers, a and b, the extended Euclidean algorithm ","startTime":714000,"duration":4000,"startOfParagraph":false},{"content":"can be used to find the greatest common divisor of these 2 integers. ","startTime":718000,"duration":5000,"startOfParagraph":false},{"content":"It will also give us 2 other numbers, x and y,","startTime":723000,"duration":4000,"startOfParagraph":false},{"content":"that satisfy the equation ax + by = the greatest common divisor of a and b.","startTime":727000,"duration":10000,"startOfParagraph":false},{"content":"How does this help us?","startTime":737000,"duration":2000,"startOfParagraph":false},{"content":"Well, plugging in e = 5 for a ","startTime":739000,"duration":3000,"startOfParagraph":false},{"content":"and m = 924 for b","startTime":742000,"duration":4000,"startOfParagraph":false},{"content":"we already know that these numbers are coprime.","startTime":746000,"duration":3000,"startOfParagraph":false},{"content":"Their greatest common divisor is 1.","startTime":749000,"duration":4000,"startOfParagraph":false},{"content":"This gives us 5x + 924y = 1","startTime":753000,"duration":6000,"startOfParagraph":false},{"content":"or 5x = 1 - 924y.","startTime":759000,"duration":8000,"startOfParagraph":false},{"content":"But if we only care about everything modulo 924","startTime":767000,"duration":5000,"startOfParagraph":false},{"content":"then we can drop the - 924y.","startTime":772000,"duration":3000,"startOfParagraph":false},{"content":"Think back to the clock.","startTime":775000,"duration":2000,"startOfParagraph":false},{"content":"If the minute hand is on 1 and then exactly 10 hours pass,","startTime":777000,"duration":4000,"startOfParagraph":false},{"content":"we know the minute hand will still be on the 1.","startTime":781000,"duration":4000,"startOfParagraph":false},{"content":"Here we start at 1 and then wrap around exactly y times,","startTime":785000,"duration":4000,"startOfParagraph":false},{"content":"so we'll still be at 1.","startTime":789000,"duration":2000,"startOfParagraph":false},{"content":"We have 5x = 1 (mod 924).","startTime":791000,"duration":8000,"startOfParagraph":false},{"content":"And here this x is the same as the d we were looking for before,","startTime":799000,"duration":6000,"startOfParagraph":false},{"content":"so if we use the extended Euclidean algorithm ","startTime":805000,"duration":3000,"startOfParagraph":false},{"content":"to get this number x, that's the number we should use as our d.","startTime":808000,"duration":6000,"startOfParagraph":false},{"content":"Now let's run the extended Euclidean algorithm for a = 5","startTime":814000,"duration":3000,"startOfParagraph":false},{"content":"and b = 924.","startTime":817000,"duration":4000,"startOfParagraph":false},{"content":"We'll use a method called the table method.","startTime":821000,"duration":3000,"startOfParagraph":false},{"content":"Our table will have 4 columns, x, y, d, and k.","startTime":824000,"duration":7000,"startOfParagraph":false},{"content":"Our table starts off with 2 rows.","startTime":831000,"duration":2000,"startOfParagraph":false},{"content":"In the first row we have 1, 0, then our value of a, which is 5,","startTime":833000,"duration":5000,"startOfParagraph":false},{"content":"and our second row is 0, 1, and our value for b, which is 924.","startTime":838000,"duration":9000,"startOfParagraph":false},{"content":"The value of the 4th column, k, will be the result ","startTime":847000,"duration":3000,"startOfParagraph":false},{"content":"of dividing the value of d in the row above it with the value of d","startTime":850000,"duration":5000,"startOfParagraph":false},{"content":"on the same row.","startTime":855000,"duration":4000,"startOfParagraph":false},{"content":"We have 5 divided by 924 is 0 with some remainder.","startTime":859000,"duration":7000,"startOfParagraph":false},{"content":"That means we have k = 0.","startTime":866000,"duration":3000,"startOfParagraph":false},{"content":"Now the value of every other cell will be the value of the cell 2 rows above it","startTime":869000,"duration":6000,"startOfParagraph":false},{"content":"minus the value of the row above it times k.","startTime":875000,"duration":4000,"startOfParagraph":false},{"content":"Let's start with d in the 3rd row.","startTime":879000,"duration":2000,"startOfParagraph":false},{"content":"We have 5 - 924 * 0 = 5.","startTime":881000,"duration":8000,"startOfParagraph":false},{"content":"Next we have 0 - 1 * 0 which is 0","startTime":889000,"duration":6000,"startOfParagraph":false},{"content":"and 1 - 0 * 0 which is 1.","startTime":895000,"duration":5000,"startOfParagraph":false},{"content":"Not too bad, so let's move on to the next row.","startTime":900000,"duration":3000,"startOfParagraph":false},{"content":"First we need our value of k.","startTime":903000,"duration":3000,"startOfParagraph":false},{"content":"924 divided by 5 = 184 with some remainder,","startTime":906000,"duration":7000,"startOfParagraph":false},{"content":"so our value for k is 184.","startTime":913000,"duration":3000,"startOfParagraph":false},{"content":"Now 924 - 5 * 184 = 4.","startTime":916000,"duration":8000,"startOfParagraph":false},{"content":"1 - 0 * 184 is 1 and 0 - 1 * 184 is -184.","startTime":924000,"duration":11000,"startOfParagraph":false},{"content":"All right, let's do the next row.","startTime":935000,"duration":2000,"startOfParagraph":false},{"content":"Our value of k will be 1 because ","startTime":937000,"duration":3000,"startOfParagraph":false},{"content":"5 divided by 4 = 1 with some remainder.","startTime":940000,"duration":5000,"startOfParagraph":false},{"content":"Let's fill in the other columns.","startTime":945000,"duration":2000,"startOfParagraph":false},{"content":"5 - 4 * 1 = 1.","startTime":947000,"duration":4000,"startOfParagraph":false},{"content":"0 - 1 * 1 = -1.","startTime":951000,"duration":4000,"startOfParagraph":false},{"content":"And 1 - -184 * 1 is 185.","startTime":955000,"duration":8000,"startOfParagraph":false},{"content":"Let's see what our next value of k would be.","startTime":963000,"duration":2000,"startOfParagraph":false},{"content":"Well, it looks like we have 4 divided by 1, which is 4.","startTime":965000,"duration":5000,"startOfParagraph":false},{"content":"In this case where we're dividing by 1 such that k is equal to ","startTime":970000,"duration":3000,"startOfParagraph":false},{"content":"the value of d in the above row means that we're done with our algorithm.","startTime":973000,"duration":7000,"startOfParagraph":false},{"content":"We can see here that we have x = 185 and y = -1 in the last row.","startTime":980000,"duration":8000,"startOfParagraph":false},{"content":"Let's now come back to our original goal.","startTime":988000,"duration":2000,"startOfParagraph":false},{"content":"We said that the value of x as a result of running this algorithm ","startTime":990000,"duration":4000,"startOfParagraph":false},{"content":"would be the multiplicative inverse of a (mod b).","startTime":994000,"duration":4000,"startOfParagraph":false},{"content":"That means that 185 is the multiplicative inverse of 5 (mod 924)","startTime":998000,"duration":7000,"startOfParagraph":false},{"content":"which means that we have a value of 185 for d.","startTime":1005000,"duration":5000,"startOfParagraph":false},{"content":"The fact that d = 1 in the last row","startTime":1010000,"duration":3000,"startOfParagraph":false},{"content":"verifies that e was coprime to m.","startTime":1013000,"duration":3000,"startOfParagraph":false},{"content":"If it weren't 1 then we would have to pick a new e.","startTime":1016000,"duration":4000,"startOfParagraph":false},{"content":"Now let's see if Rob has received my message.","startTime":1020000,"duration":3000,"startOfParagraph":false},{"content":"When someone sends me an encrypted message","startTime":1023000,"duration":2000,"startOfParagraph":false},{"content":"as long as I've kept my private key a secret","startTime":1025000,"duration":3000,"startOfParagraph":false},{"content":"I'm the only one who can decrypt the message.","startTime":1028000,"duration":3000,"startOfParagraph":false},{"content":"To decrypt a chunk c I can calculate the original message","startTime":1031000,"duration":5000,"startOfParagraph":false},{"content":"is equal to the chunk to d power (mod n).","startTime":1036000,"duration":7000,"startOfParagraph":false},{"content":"Remember that d and n are from my private key.","startTime":1043000,"duration":4000,"startOfParagraph":false},{"content":"To get a full message from its chunks we decrypt each chunk","startTime":1047000,"duration":4000,"startOfParagraph":false},{"content":"and concatenate the results.","startTime":1051000,"duration":3000,"startOfParagraph":false},{"content":"Exactly how secure is RSA?","startTime":1054000,"duration":4000,"startOfParagraph":false},{"content":"The truth is, we don't know.","startTime":1058000,"duration":2000,"startOfParagraph":false},{"content":"Security is based on how long it would take an attacker to crack a message","startTime":1060000,"duration":4000,"startOfParagraph":false},{"content":"encrypted with RSA.","startTime":1064000,"duration":2000,"startOfParagraph":false},{"content":"Remember that an attacker has access to your public key,","startTime":1066000,"duration":3000,"startOfParagraph":false},{"content":"which contains both e and n.","startTime":1069000,"duration":2000,"startOfParagraph":false},{"content":"If the attacker manages to factor n into its 2 primes, p and q, ","startTime":1071000,"duration":5000,"startOfParagraph":false},{"content":"then she could calculate d using the extended Euclidean algorithm.","startTime":1076000,"duration":4000,"startOfParagraph":false},{"content":"This gives her the private key, which can be used to decrypt any message.","startTime":1080000,"duration":5000,"startOfParagraph":false},{"content":"But how quickly can we factor integers?","startTime":1085000,"duration":3000,"startOfParagraph":false},{"content":"Again, we don't know.","startTime":1088000,"duration":3000,"startOfParagraph":false},{"content":"Nobody has found a fast way of doing it, ","startTime":1091000,"duration":2000,"startOfParagraph":false},{"content":"which means that given large enough n ","startTime":1093000,"duration":3000,"startOfParagraph":false},{"content":"it would take an attacker unrealistically long","startTime":1096000,"duration":3000,"startOfParagraph":false},{"content":"to factor the number.","startTime":1099000,"duration":2000,"startOfParagraph":false},{"content":"If someone revealed a fast way of factoring integers","startTime":1101000,"duration":3000,"startOfParagraph":false},{"content":"RSA would be broken.","startTime":1104000,"duration":3000,"startOfParagraph":false},{"content":"But even if integer factorization is inherently slow","startTime":1107000,"duration":4000,"startOfParagraph":false},{"content":"the RSA algorithm could still have some flaw in it","startTime":1111000,"duration":3000,"startOfParagraph":false},{"content":"that allows for easy decryption of messages.","startTime":1114000,"duration":3000,"startOfParagraph":false},{"content":"Nobody has found and revealed such a flaw yet,","startTime":1117000,"duration":3000,"startOfParagraph":false},{"content":"but that doesn't mean one doesn't exist.","startTime":1120000,"duration":2000,"startOfParagraph":false},{"content":"In theory, someone could be out there reading all data encrypted with RSA.","startTime":1122000,"duration":5000,"startOfParagraph":false},{"content":"There's another bit of a privacy issue.","startTime":1127000,"duration":2000,"startOfParagraph":false},{"content":"If Tommy encrypts some message using my public key","startTime":1129000,"duration":4000,"startOfParagraph":false},{"content":"and an attacker encrypts the same message using my public key","startTime":1133000,"duration":3000,"startOfParagraph":false},{"content":"the attacker will see that the 2 messages are identical","startTime":1136000,"duration":3000,"startOfParagraph":false},{"content":"and thus know what Tommy encrypted.","startTime":1139000,"duration":3000,"startOfParagraph":false},{"content":"In order to prevent this, messages are typically padded with random bits","startTime":1142000,"duration":4000,"startOfParagraph":false},{"content":"before being encrypted so that the same message encrypted","startTime":1146000,"duration":3000,"startOfParagraph":false},{"content":"multiple times will look different as long as the padding on the message is different.","startTime":1149000,"duration":5000,"startOfParagraph":false},{"content":"But remember how we have to split messages into chunks","startTime":1154000,"duration":3000,"startOfParagraph":false},{"content":"so that each chunk is smaller than n?","startTime":1157000,"duration":3000,"startOfParagraph":false},{"content":"Padding the chunks means that we might have to split things up","startTime":1160000,"duration":2000,"startOfParagraph":false},{"content":"into even more chunks since the padded chunk must be smaller than n.","startTime":1162000,"duration":5000,"startOfParagraph":false},{"content":"Encryption and decryption are relatively expensive with RSA,","startTime":1167000,"duration":4000,"startOfParagraph":false},{"content":"and so needing to break up a message into many chunks can be very costly.","startTime":1171000,"duration":4000,"startOfParagraph":false},{"content":"If a large volume of data needs to be encrypted and decrypted","startTime":1175000,"duration":4000,"startOfParagraph":false},{"content":"we can combine the benefits of symmetric key algorithms","startTime":1179000,"duration":3000,"startOfParagraph":false},{"content":"with those of RSA to get both security and efficiency.","startTime":1182000,"duration":4000,"startOfParagraph":false},{"content":"Although we won't go into it here,","startTime":1186000,"duration":2000,"startOfParagraph":false},{"content":"AES is a symmetric key algorithm like the Vigenère and Caesar ciphers","startTime":1188000,"duration":5000,"startOfParagraph":false},{"content":"but much harder to crack.","startTime":1193000,"duration":2000,"startOfParagraph":false},{"content":"Of course, we can't use AES without establishing a shared secret key","startTime":1195000,"duration":5000,"startOfParagraph":false},{"content":"between the 2 systems, and we saw the problem with that before.","startTime":1200000,"duration":4000,"startOfParagraph":false},{"content":"But now we can use RSA to establish the shared secret key between the 2 systems.","startTime":1204000,"duration":6000,"startOfParagraph":false},{"content":"We'll call the computer sending the data the sender","startTime":1210000,"duration":3000,"startOfParagraph":false},{"content":"and the computer receiving the data the receiver.","startTime":1213000,"duration":3000,"startOfParagraph":false},{"content":"The receiver has an RSA key pair and sends ","startTime":1216000,"duration":3000,"startOfParagraph":false},{"content":"the public key to the sender.","startTime":1219000,"duration":2000,"startOfParagraph":false},{"content":"The sender generates an AES key,","startTime":1221000,"duration":3000,"startOfParagraph":false},{"content":"encrypts it with the receiver's RSA public key,","startTime":1224000,"duration":3000,"startOfParagraph":false},{"content":"and sends the AES key to the receiver.","startTime":1227000,"duration":3000,"startOfParagraph":false},{"content":"The receiver decrypts the message with its RSA private key.","startTime":1230000,"duration":4000,"startOfParagraph":false},{"content":"Both the sender and the receiver now have a shared AES key between them.","startTime":1234000,"duration":5000,"startOfParagraph":false},{"content":"AES, which is much faster at encryption and decryption than RSA,","startTime":1239000,"duration":5000,"startOfParagraph":false},{"content":"can now be used to encrypt the large volumes of data and send them to the receiver,","startTime":1244000,"duration":4000,"startOfParagraph":false},{"content":"who can decrypt using the same key.","startTime":1248000,"duration":3000,"startOfParagraph":false},{"content":"AES, which is much faster at encryption and decryption than RSA,","startTime":1251000,"duration":5000,"startOfParagraph":false},{"content":"can now be used to encrypt the large volumes of data and send them to the receiver,","startTime":1256000,"duration":4000,"startOfParagraph":false},{"content":"who can decrypt using the same key.","startTime":1260000,"duration":2000,"startOfParagraph":false},{"content":"We just needed RSA to transfer the shared key.","startTime":1262000,"duration":4000,"startOfParagraph":false},{"content":"We no longer need to use RSA at all.","startTime":1266000,"duration":4000,"startOfParagraph":false},{"content":"It looks like I've got a message.","startTime":1270000,"duration":6000,"startOfParagraph":false},{"content":"It doesn't matter if anyone read what's on the paper airplane before I caught it","startTime":1276000,"duration":3000,"startOfParagraph":false},{"content":"because I'm the only one with the private key.","startTime":1279000,"duration":6000,"startOfParagraph":false},{"content":"Let's decrypt each of the chunks in the message.","startTime":1285000,"duration":2000,"startOfParagraph":false},{"content":"The first chunk, 658, we raise to the d power, which is 185,","startTime":1287000,"duration":10000,"startOfParagraph":false},{"content":"mod n, which is 989, is equal to 67, ","startTime":1297000,"duration":11000,"startOfParagraph":false},{"content":"which is the letter C in ASCII.","startTime":1308000,"duration":6000,"startOfParagraph":false},{"content":"Now, onto the second chunk.","startTime":1314000,"duration":7000,"startOfParagraph":false},{"content":"The second chunk has value 15,","startTime":1321000,"duration":4000,"startOfParagraph":false},{"content":"which we raise to the 185th power,","startTime":1325000,"duration":6000,"startOfParagraph":false},{"content":"mod 989, and this is equal to 83","startTime":1331000,"duration":10000,"startOfParagraph":false},{"content":"which is the letter S in ASCII.","startTime":1341000,"duration":6000,"startOfParagraph":false},{"content":"Now for the third chunk, which has value 799, we raise to 185,","startTime":1347000,"duration":9000,"startOfParagraph":false},{"content":"mod 989, and this is equal to 53,","startTime":1356000,"duration":11000,"startOfParagraph":false},{"content":"which is the value of the character 5 in ASCII.","startTime":1367000,"duration":7000,"startOfParagraph":false},{"content":"Now for the last chunk, which has value 975,","startTime":1374000,"duration":6000,"startOfParagraph":false},{"content":"we raise to 185, mod 989, ","startTime":1380000,"duration":11000,"startOfParagraph":false},{"content":"and this is equal to 48, which is value of the character 0 in ASCII.","startTime":1391000,"duration":10000,"startOfParagraph":false},{"content":"My name is Rob Bowden, and this is CS50.","startTime":1401000,"duration":6000,"startOfParagraph":false},{"content":"[CS50.TV]","startTime":1407000,"duration":3000,"startOfParagraph":false},{"content":"RSA at all.","startTime":1416000,"duration":2000,"startOfParagraph":false},{"content":"RSA at all. [laughter]","startTime":1418000,"duration":6000,"startOfParagraph":false},{"content":"At all.","startTime":1424000,"duration":3000,"startOfParagraph":false}]}