In Chapter 100 we discussed the properties which might be demanded from a family Σ of secret codes. In this chapter we describe the code invented by Rivest, Shamir and Adleman.

We start with two very large primes p and q. Write Ν = pq. In the notation of Chapter 100 we take

U=V= {u∈ℤ:0≤u≤N−1}.

We choose a coprirne to (p−1)(q−1) and define T:U→V by

T(u) = uamod N.

How can we recover u from T(u) knowing p and q?

Lemma 102.1. If p and q are prime then φ(pq) = (p−l)(q−1).

Proof. Any integer with a factor in common with pq must be divisible by p and/or q. Thus the only integers m with 1 ≤ m ≤ pq − 1 having a factor in common with pq are p, 2p,…,(q− 1)p and q, 2q,…,(p− 1)q. Since these are all distinct, we know that there are exactly (p−l) + (g−1) integers m with 1 ≤ m ≤ pq − 1 having a factor in common with pq. Hence

φ(pq) = (Pq−1) − ((q−1) + (p−1)) = (p−1)(q−1).

By Theorem 101.2 it follows that

u(P−1)(q−1) ≡ 1 mod N,

and so

ut= u mod N

whenever t ≡ 1 mod (p−1)(q−1).