# Introduction to Modern Cryptography: Exercise Asymmetric Cryptography

## Table of Contents
1. [Modular Arithmetic](#ex-1)
  1. [Modular Exponentiation](#ex-1-1)
  1. [Extended Euclidean Algorithm](#ex-1-2)  
2. [Diffie-Hellman & RSA](#ex-2)
  1. [Diffie-Hellmann](#ex-2-1)
  2. [RSA](#ex-2-2)
3. [OpenSSL](#ex-3)

## Excercise 1: Modular Arithmetics <a name="ex-1"/>

### 1.1: Modular Exponentiation <a name="ex-1-1"/>
Write a function to calculate **x^k mod m** by using modular exponentiation **repeated squaring**

In [None]:
def mod_exp(x,k,m):
    # put your code here
    return 0

In [None]:
def mod_exp(x,k,m):
    r=1
    while k:
        r = (r * x**(k&1)) % m
        k >>= 1
        x = (x * x) % m
    return r

Test your fucntion with 
- `mod_exp(5,29,31)` = 25
- `mod_exp(358,54,863)` = 807

In [None]:
#test
print(mod_exp(5,29,31))
print(mod_exp(358,54,863))

## 1.2. Extended Euclidean Algorithm (EEA)<a name="ex-1-2"/>

The exended Euclidean algorithm is used to find the solution for *Bezout's Equation*:
`ax + by = gcd(x, y) `

*The internet is full of example codes; if you use one of those, make sure to understand how it works!*

The output of your function should be `gcd,a,b = eea(x,y)`

In [None]:
def eea(x, y):
    #put your code here
    
    return gcd, a, b

In [None]:
def eea(x, y):
    if x == 0 :   
        return y, 0, 1
             
    gcd, si, ti = eea(y%x, x)  
     
    a = ti - (y//x) * si  
    b = si
    
    return gcd, a, b

Test with the values from the lecture `gcd(240,46) = 2`

In [None]:
x, y = 240,46
g, a, b = eea(x, y)  
print("gcd(", x , "," , y, ") = ", g)  

#### Multiplicative Inverse
Write a function to calculate the mulitplicative inverse in **Z^*_p** by using the _extended Euclidean algorithm_ for some number **x<p**. (See Lecture 04, Slide 43)

The multiplicative inverse `a` of `x` in `Z^*_p` is `a mod p` where `a` is the result of the extended Euclidean algorithm `(gcd,a,b) <- eea(x,p)` if and only if `gcd == 1`

In [None]:
def modinv(x, p):
    #put your code here

In [None]:
def modinv(x, p):
    gcd, a, b = eea(x, p)
    if gcd != 1:
        raise Exception('modular inverse does not exist')
    return a % p

Test with the example from the lecture, `modinv(1061,1071) = 107`

In [None]:
modinv(1061,1071)

## 1.3. Miller-Rabin test and FindPrime <a name="ex-1-3"/>

Try to implement the <b>Miller-Rabin test</b> to <b>find a (safe) prime</b> of length `n` bit with error probability `k`.

- You find the description of the algorithm for the <b>Miller-Rabin Test</b> in the Appendix of Lecture 04 and 05
- You find the description of the algorithm to <b>Find Uniformly Random Primes</b> in the Appendix of Lecture 04 and 05

<b> You also find pseudo-code on [wikipedia](https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test)

*Note, that the pute Miller-Rabin test will take too long for large primes on your computer. For simplicity, you can use ```a in [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41]``` instead of random ```a``` for primes > 10 bit*

Check your results with e.g. [wolframalpha](https://www.wolframalpha.com/input?i=isprime%287%29) `isprime(n)`

In [None]:
import random
import os

In [None]:
# x = the prime to test
# n = bits of prime
# k = error rate ^-1
def millertest(x, n, k):
    #put your code here
    return True

In [None]:
# n = bits of prime
# k = error rate ^-1
def findPrime(n,k):
    #put your code here
    return 2

In [203]:
def millertest(x, n, k):
    if x & 1 == 0: #if n is odd, don't bother
        return False  
    m = x - 1; t = 0
    while m % 2 == 0:
        m//=2
        t+=1
    # fill Z_x^*
    z_x = []
    for i in range(1,x):
        if eea(i,x)[0] == 1:
            z_x.append(i)

    a_array = []
    if len(z_x) < k//2:
        a_array = z_x
    else:
        for i in range(k//2):    
            a_array.append(z_x[random.randrange(0,len(z_x))])
    for a in a_array: #    for a in [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41]:
        y_t = mod_exp(a,m,x)
        #test = True if y == 1 else False
        for s in range(t):
            y = y_t**2 % x
            if y == 1 and y_t != 1 and y_t != x-1:
                return False
            y_t = y -1
        if y != 1:
            return False
    return True

def findPrime(n,k):
    while True:
        #p = int.from_bytes(os.urandom(n//8+1)[:n])
        p = random.randrange(2,2**n-1)
        if millertest(p,n,k):
            return p

Test and try to find 10 primes of size 10 bit and Error 10^(-4)

In [204]:
for i in range(10):
    print(findPrime(10, 10**4))

907
131
919
139
719
7
839
163
367
11


In [None]:
2**8 // 8

## Exercise 2: Diffie-Hellmann and RSA <a name="ex-2"/>
Use the functions from Exercise 1 to perform RSA en-/decryption and a Diffie-Hellman Key Exchange

## 2.1 Diffie-Hellmann<a name="ex-2-1"/>

For the Diffie-Hellman Group use the cyclic group `Zq` which is defined by the by the *safe prime* `q=2p+1`, which is calculated by using the Sophie Germains Prime `p=431`.

Find a generator `g` for the group `Zq` 

In [None]:
def findSophiesGenerator(p):
#put your code to calclate q and find a generator g here (or calculate it on a piece of paper)

In [None]:
import random
def findSophiesGenerator(p):
    q=2*p+1
    while True:
        g = random.randint(2,q)
        if mod_exp(g,2,q) != 1 and mod_exp(g,p,q) != 1:
            return g,q

In [None]:
g,q = findSophiesGenerator(431)
#for i in range(1,q+1):
#    print(g,'^',i,'mod', q, ' = ',mod_exp(g,i,q))

Now perform the calculation of a Diffie-Hellmann key exchange, where Alice and Bob randomly choose `1 < a,b < q-1`.
You're not expected to actually send any information over a communication channel, just perform the calculations.

Hint: Use the `mod_exp` function from Exercise 1

In [None]:
import random

a = #put your code here
print('Alice chooses',a)

b = #put your code here
print('Bob chooses',b)

ga = #put your code here
print('Alice sends',ga)
gb = #put your code here
print('Bob sends',gb)

KA = #put your code here
print('Alice calculates', KA)
KB = #put your code here
print('Bob calculates', KB)


In [None]:
import random
#put your code here
a = random.randint(2,q-1)
print('Alice chooses',a)

b = random.randint(2,q-1)
print('Bob chooses',b)

ga = mod_exp(g,a,q)
print('Alice sends',ga)
gb = mod_exp(g,b,q)
print('Bob sends',gb)

KA = mod_exp(gb,a,q)
print('Alice calculates', KA)
KB = mod_exp(ga,b,q)
print('Bob calculates', KB)


## 2.2 RSA <a name="ex-2-2"/>
With the functionalities of the above exercises, it is now straightfoward to develop your very own RSA

### 2.2.1 RSA Key Generation

Choose two primes `p` and `q`. Again, you can use *safe primes* (from Sophie Germains primes). Choose the encryption exponent `e=65537` and calculate the private key `d`.

You can validate your calculations with the following website:
[https://www.cs.drexel.edu/~jpopyack/IntroCS/HW/RSAWorksheet.html](https://www.cs.drexel.edu/~jpopyack/IntroCS/HW/RSAWorksheet.html)

In [None]:
def RSAKeyPair(p,q,e):
    d = 0
    N=0
    # put your code here
    return e,d,N

In [None]:
def RSAKeyPair(p,q,e):
    N = p*q
    phiN = (p-1)*(q-1)
    d= modinv(e,phiN)
    return e,d,N

In [None]:
p = findPrime(32,10**2)#put your first prime here
q = findPrime(32,10**2)#put your second prime here
e = findPrime(32,10**2)
RSAKeyPair(p,q,e)

### 2.2.2 RSA En-/Decryption (Lecture 06, Slide 35)

Test your keys by en- and decrypting the message `m='Hy' = 72121` in ASCII

In [None]:
m = 72121
#put your code here

In [None]:
m = 72121
#put your code here

e,d,N = RSAKeyPair(863,887,65537)
enc = mod_exp(m,e,N)
dec = mod_exp(enc,d,N)
print(enc)
print(dec)

## Exercise 3: openssl (optional)<a name="ex-3"/>

If you're interested in some more practical usage of RSA, you can try out its usage with [OpenSSL](https://en.wikipedia.org/wiki/OpenSSL)

OpenSSL is known for its broad usage in the internet, most famously for securing web-traffic e.g., for HTTP/s.
However, OpenSSL offers many more functionalities and is actually a software library that contains implementation of various cryptographic protocols and functionalities and is available for various Unix and Windows operating systems. Additionally, it is open source, carefully reviewed by security experts and therefore widely accepted as secure. 

For this exercise it is of interest, that it provides an RSA module, for generating rsa keys and allows en- and decrypting files.

For end-users, openssl provides a [command line interface](https://wiki.openssl.org/index.php/Command_Line_Utilities), so that you can directly interact with the library.

In Juypter Notebooks, you can directly run such command by starting the cells with `%%bash`, e.g. the following command 
1. generates a file `example.txt` with the content `Hello World`
2. outputs the contents of the file `example.txt`

In [None]:
%%bash
echo "Hallo Welt" > example.txt
cat example.txt

Generate an RSA private key of 2048 bit with openssl and output it in a file called `private-key.pem`

In [199]:
%%bash
# Put your Code here

In [None]:
%%bash
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem
openssl pkey -in private-key.pem -text

Generate an RSA public for the just created private key and output it as `public-key.pem`

In [None]:
%%bash
# Put your Code here

In [None]:
%%bash
openssl pkey -in private-key.pem -out public-key.pem -pubout
openssl pkey -in public-key.pem -pubin -text

Encrypt the file `example.txt` with the public key store it as `example.enc`

In [None]:
%%bash
# Put your Code here
cat example.enc

In [None]:
%%bash
openssl pkeyutl -encrypt -pubin -inkey public-key.pem -in example.txt -out example.enc
cat example.enc

Now decrypt it again with the private key

In [None]:
%%bash
# Put your Code here

In [None]:
%%bash
openssl pkeyutl -decrypt -inkey private-key.pem -in example.enc