# Project 3: Isogeny-Based Crypto (The "Broken" Candidate)

This notebook demonstrates the *concept* of **Supersingular Isogeny Diffie-Hellman (SIDH)**, which was the basis for the PQC candidate **SIKE**.

This is a **Key Exchange** mechanism, similar in *logic* to our first ECC "paint mixing" demo.

This project is unique because the protocol was **broken** in 2022. We can't run a "real code" demo because it is no longer secure or included in standard PQC libraries. The "demo" is explaining the brilliant (but flawed) concept.

We will show this in two parts:
1.  **The Conceptual Analogy:** The "Secret Map of Cities" üó∫Ô∏è
2.  **The Mathematical Logic:** How the exchange *was supposed* to work.

## Part 1: The "Secret Map" Simulation (The Concept)

This shows the *logic* of how Alice and Bob could (in theory) create a shared secret.

### 1. The Setup (The Public World)
Everyone (Alice, Bob, and Eve) agrees on a public **starting city**, `City E_0`.
* This "world" is a vast graph of cities (elliptic curves) connected by roads (isogenies).

### 2. The Secret Keys (Not Shared)
Alice and Bob each invent a *secret travel plan*.
* **Alice's Secret:** A *secret map* üó∫Ô∏è `phi_A` (e.g., "Take the 2-North road, then the 7-East road..."). This is her private key.
* **Bob's Secret:** A *different secret map* üó∫Ô∏è `phi_B` (e.g., "Take the 3-West road, then the 5-South road..."). This is his private key.

### 3. The Public Exchange (What Eve Sees)
They use their secret maps to *find new cities* and share those *new cities* publicly.
* **Alice computes:** She follows her map `phi_A` from the start `E_0` to a new city, `E_A`.
* **Alice shouts:** "My public city is `E_A`!" (Eve sees this new city).
* **Bob computes:** He follows his map `phi_B` from the start `E_0` to a new city, `E_B`.
* **Bob shouts:** "My public city is `E_B`!" (Eve sees this new city).

### 4. Eve's Problem
Eve has been listening! She knows:
1.  The starting city: `E_0`
2.  Alice's public city: `E_A`
3.  Bob's public city: `E_B`

Her problem is to find the *secret map* (the isogeny `phi_A`) that connects `E_0` to `E_A`. This was believed to be impossibly hard for *any* computer, classical or quantum. **(This is the part that turned out to be wrong!)**

### 5. The "Aha!" Moment (The Final Secret)
Now, Alice and Bob apply their *own secret map* to the *city they received*.
* **Alice computes:** She takes Bob's city `E_B` and applies *her* secret map `phi_A` to it, arriving at a final city: `E_AB = phi_A(E_B)`.
* **Bob computes:** He takes Alice's city `E_A` and applies *his* secret map `phi_B` to it, arriving at a final city: `E_BA = phi_B(E_A)`.

### 6. The (Theoretical) Result
**SUCCESS!** The "magic" of this math is that the order doesn't matter.
`phi_A(phi_B(E_0))` is the **exact same city** as `phi_B(phi_A(E_0))`.

`E_AB` and `E_BA` are identical. They can now use a "fingerprint" of this final, shared city (its *j-invariant*) as their shared secret key for AES.

## Part 2: The Mathematical Logic (And Why It Failed)

This shows the same logic as the "Map of Cities" but with the mathematical objects.

### 1. The Public Setup
* A public "starting" elliptic curve, `E_0`.

### 2. The Secret Keys
* **Alice's Secret (a):** A secret isogeny (a map) `phi_A`.
* **Bob's Secret (b):** A different secret isogeny (a map) `phi_B`.

### 3. The Public Exchange
* **Alice computes:** `E_A = phi_A(E_0)`. (This is a *new curve*).
* Alice sends `E_A` to Bob.
* **Bob computes:** `E_B = phi_B(E_0)`. (This is another *new curve*).
* Bob sends `E_B` to Alice.

### 4. The "Aha!" Moment (The Commutative Property)
* **Alice computes:** `S_A = phi_A(E_B)`
    * *(Logically, this is: `S_A = phi_A( phi_B(E_0) )`)*
* **Bob computes:** `S_B = phi_B(E_A)`
    * *(Logically, this is: `S_B = phi_B( phi_A(E_0) )`)*

### 5. The (Theoretical) Result
Because the maps were "commutative," `S_A` and `S_B` were the *exact same final elliptic curve*. They could both compute its `j-invariant` (a unique "fingerprint" number) and get an identical shared secret.

---

### **The "Demo": Why We Can't Run This**

**The "Broken" Part:** In July 2022, researchers (Castryck and Decru) published a groundbreaking paper.
* They found that the SIDH/SIKE protocol (which Alice and Bob were using) had a fatal flaw.
* By analyzing the public keys (`E_A` and `E_B`), they found a "back door" in the math.
* This "back door" allowed them to discover Alice's secret map (`phi_A`) using **only a regular, classical laptop** in about an hour.
* This completely destroyed the protocol's security.

**Conclusion:** Our "simulation" of isogeny crypto is a conceptual one. We've shown how it was *supposed* to work, which is a perfect parallel to our ECC demo. But the most important part of the demo is this story: a promising PQC candidate that was completely broken, which shows why research and testing (like the NIST competition) are so vital.