Article illustration 1

For nearly five decades, RSA encryption has silently powered the secure connections protecting everything from online banking to email. Yet as cryptographer William J. Buchanan notes, this asymmetric algorithm remains widely misunderstood despite its foundational role. Let's unravel its mathematical elegance and sobering vulnerabilities.

The Trapdoor at RSA's Core

Public key cryptography relies on trapdoor functions—operations easy to compute in one direction but computationally infeasible to reverse without secret knowledge. When Alice encrypts a message with Bob's public key (e, n), only his private key (d, n) can unlock it. This asymmetry enables trustless secure channels.

Mathematical Machinery

RSA's security springs from number theory:
- Coprimality: Two numbers sharing no common factors (e.g., 3 and 5)
- Euler’s totient φ(n): Counts integers coprime to n (e.g., φ(6)=2)
- Modular arithmetic: The "clock math" wrapping values at modulus n

Key Generation Walkthrough

Generating RSA keys involves precision engineering:

1. Choose large distinct primes p and q
2. Compute n = p * q
3. Calculate φ(n) = (p-1)*(q-1)
4. Select e where 1 < e < φ(n) and gcd(e, φ(n)) = 1
5. Compute d = e⁻¹ mod φ(n)  # Modular inverse

The public key becomes (e, n), while (d, n) remains private. Any error in these steps creates catastrophic weaknesses.

Attack Vectors: Where RSA Cracks

Despite its robustness, RSA succumbs to:
- Factorization attacks: Factoring n into p and q breaks everything
- Fermat's method: Exploits primes that are too close
- Wiener's attack: Targets small decryption exponents d
- ROCA (CVE-2017-15361): Compromised Infineon chips via Coppersmith's method

"Small exponents, poor randomness, or mathematical shortcuts transform theoretical security into Swiss cheese," warns Buchanan. The 2023 breach of PyPI packages via stolen RSA keys underscores this fragility.

Beyond Textbook RSA

Modern implementations mitigate risks through:
- Probabilistic padding (OAEP)
- Hybrid encryption pairing RSA with symmetric algorithms
- Zero-knowledge proofs for authentication without key exposure

While quantum computing looms as an existential threat, RSA endures through rigorous implementation—a testament to elegant mathematics hardened by decades of cryptanalysis. Yet as the ROCA vulnerability proved, complacency remains our greatest adversary.

Ref: Buchanan, William J (2025). RSA. Asecuritysite.com. https://asecuritysite.com/rsa/