# L3_KBRS

In [1]:
import random
from sympy import isprime

In [4]:
M = 61

In [2]:
Q = (float('inf'), float('inf'))

Main methods

In [5]:
def revers_by_mod(x, M = M):
    return pow(x, M - 2, M)

In [6]:
def check_a_b(a, b):
    return (4 * a**3 + 27 * b**2) % M != 0

In [7]:
def generate_parameters_by_M():
    A = []
    B = []
    for a in range(-M + 1, M):
        for b in range(-M + 1, M):
            if check_a_b(a, b):
                A.append(a)
                B.append(b)
    return A, B

In [8]:
def get_elements_of_group(a, b):
    if not check_a_b(a, b):
        return None
    X = []
    Y = []
    for x in range(0, M):
        c = (x**3 + a * x + b) % M
        for y in range(0, M):
            if y**2 % M == c:
                X.append(x)
                Y.append(y)
    return X, Y

In [9]:
def add_points(x1, y1, x2, y2, a):
    if (x1 == x2 and y1 == -y2 % M) :
        return Q
    if (x1 == Q[0] and y1 == Q[1]):
        return (x2, y2)
    if y1 == Q[0] and y2 == Q[1]:
        return (x1, y1)
    if x1 == x2 and y1 == y2:
        lambdaa = ((3 * x1**2 + a) * revers_by_mod(2*y1)) % M
    else:
        lambdaa = ((y2 - y1) * revers_by_mod(x2 - x1)) % M
    x3 = (lambdaa**2 - x1 - x2) % M
    y3 = (lambdaa * (x1 - x3) - y1) % M
    return x3, y3

In [10]:
def mul_point_by_number(x, y, n, a):
    ans = (x, y)
    while n > 1:
        ans = add_points(x, y, *ans, a)
        n -= 1
    return ans

In [11]:
def get_ord(G, a):
    G2 = add_points(*G, *G, a)
    ord = 1
    while True:
        if G2 == G:
            return ord
        else :
            G2 = add_points(*G2, *G, a)
            ord += 1

In [12]:
def h(m):
    return ord(m[0])

In [13]:
def find_G(a, b):
    for x, y in zip(*get_elements_of_group(a, b)):
        ord = get_ord((x, y), a)
        if isprime(ord) and ord == M:
            return (x, y)
    return None

In [14]:
def find_group():
    for a, b in zip(*generate_parameters_by_M()):
        G = find_G(a, b)
        if G != None:
            return a, b, G

In [15]:
def B_key_exchange(G, PA, a):
    nB = random.randint(0, M)

    PB = mul_point_by_number(*G, nB, a)
    nBPA = mul_point_by_number(*PA, nB, a)
    return PB, nBPA

In [16]:
def A_key_exchange(G_, a, b):
    nA = random.randint(0, M)

    PA = mul_point_by_number(*G_, nA, a)
    PB, nBPA = B_key_exchange(G_, PA, a)
    nAPB = mul_point_by_number(*PB, nA, a)
    return nA, PA, PB, G_, nAPB, nBPA

In [17]:
def get_ECDSA(G, m, a, nA):
    q = get_ord(G, a)
    k, r, s = 0, 0, 0
    while r == 0 or s == 0:
        k = random.randint(2, q - 2)
        x1, y1 = mul_point_by_number(*G, k, a)
        r = x1 % q
        s = (revers_by_mod(k, q) * (h(m) + r * nA)) % q
    return r, s

In [18]:
def check_ECDSA(G, m, a, PA, r, s):
    q = get_ord(G, a)
    if not (r > 1 and r < q - 1 and s > 1 and s < q - 1):
        print('Very bad')
        return False
    w = revers_by_mod(s, q)
    u1 = (h(m) * w) % q
    u2 = (r * w) % q
    x_ , _ = add_points(*mul_point_by_number(*G, u1, a), *mul_point_by_number(*PA, u2, a), a)
    r_ = x_ % q
    return r_ == r

Main

In [19]:
a, b, G = find_group()
print(check_a_b(a, b))
print(a, b, G)

True
-59 -54 (2, 18)


In [21]:
X, Y = get_elements_of_group(a, b)
elements = list(zip(X, Y))
print('len(X) = ', len(X))
print(elements)

len(X) =  60
[(2, 18), (2, 43), (5, 9), (5, 52), (6, 28), (6, 33), (8, 13), (8, 48), (9, 12), (9, 49), (13, 20), (13, 41), (14, 20), (14, 41), (15, 22), (15, 39), (16, 29), (16, 32), (17, 14), (17, 47), (18, 18), (18, 43), (20, 19), (20, 42), (23, 9), (23, 52), (25, 26), (25, 35), (27, 23), (27, 38), (33, 9), (33, 52), (34, 20), (34, 41), (36, 3), (36, 58), (41, 18), (41, 43), (42, 8), (42, 53), (43, 19), (43, 42), (44, 1), (44, 60), (45, 24), (45, 37), (47, 23), (47, 38), (48, 23), (48, 38), (50, 22), (50, 39), (54, 4), (54, 57), (57, 22), (57, 39), (59, 19), (59, 42), (60, 2), (60, 59)]


In [26]:
nA, PA, PB, G, nAPB, nBPA = A_key_exchange(G, a, b)
print(nA, PA, PB, G, nAPB, nBPA)

34 (18, 18) (50, 22) (2, 18) (20, 19) (20, 19)


In [28]:
m = 'ellipse'
r, s = get_ECDSA(G, m, a, nA)
print(r, s, 'q = ', get_ord(G, a))
print(check_ECDSA(G, m, a, PA, r, s))

45 12 q =  61
True
