Another method for public key cryptography, developed by Michael O. Rabin, similar in intent and spirit to RSA and ElGamal. This scheme depends on the difficulty of computing square roots modulo a composite number, which has been shown to be equivalent to factoring.

To create public and private keys for this method, one would generate two large prime numbers *p* and *q*, both congruent to 3 mod 4. These primes are the private key, and the public key is their product *n*.

If Alice and Bob wish to communicate using this scheme, Alice would do the following to send a message to Bob:

- Obtain Bob's authentic public key
*n*.
- Convert her message into a number
*M* less than *n*
- Compute
*C = M*^{2} mod *n*

When Bob receives *C*, he can compute the original message *M* using the factorization of *n* (which is his private key) *p* and *q* and the Chinese Remainder Theorem. First he computes these four values:

*m*_{1} = C^{(p+1)/4} mod *p*

*m*_{2} = (p - C^{(p+1)/4}) mod *p*

*m*_{3} = C^{(q+1)/4} mod *q*

*m*_{4} = (q - C^{(q+1)/4}) mod *q*

Then Bob chooses integers *a = q*(*q*^{-1} mod *p*) and *b = p*(*p*^{-1} mod *q*). Then there are four possiblilities for the message Alice sent:

*M*_{1} = (am_{1} + bm_{3}) mod *n*

*M*_{2} = (am_{1} + bm_{4}) mod *n*

*M*_{3} = (am_{2} + bm_{3}) mod *n*

*M*_{4} = (am_{2} + bm_{4}) mod *n*

If the message has a recognizable pattern, such as English text, it should be obvious to Bob which of these four possible solutions is Alice's message. If it was random text or something otherwise unrecognizable Alice had sent she should prepend a predictable message header to her message before doing her encryption.