# Discrete Log Problem

For a group $G$ , given an element g∈G﻿  and $g^k=b$ , it is generally a difficult task \(approximately brute\-force over all elements\) to determine the exponent  $k$.

The larger the order of $g$, the more difficult the problem becomes.

Clearly, $k$ is not greater than the order of the group.


# Diffie Hellman



In [0]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dh
from cryptography.hazmat.primitives.kdf.hkdf import HKDF

#### Generate some parameters. These can be reused.



In [0]:
parameters = dh.generate_parameters(generator=2, key_size=2048)

#### Generate a private key for use in the exchange.



In [0]:
bob_private_key = parameters.generate_private_key()

#### In a real handshake the node is a remote client. For this example we'll generate here another local private key though. Note that in a DH handshake both clients must agree on a common set of parameters.



In [0]:
alice_private_key = parameters.generate_private_key()

In [0]:
bob_shared_key = bob_private_key.exchange(alice_private_key.public_key())

#### Perform key derivation.



In [0]:
derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'handshake data',
).derive(bob_shared_key)

#### And now we can demonstrate that the handshake performed in the opposite direction gives the same final value



In [0]:
alice_shared_key = alice_private_key.exchange(
    bob_private_key.public_key()
)
same_derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'handshake data',
).derive(alice_shared_key)

print(derived_key.hex())
print(derived_key == same_derived_key)

##### **Exercise**: AES Message Encryption

Alice and Bob  securely exchange a shared key using the Diffie\-Hellman protocol. The next step woule be to use this shared key to encrypt a secret message from Alice to Bob using AES in GCM mode, which provides both encryption and authentication. 

**Hint**: You'll need to generate a random 12\-byte nonce \(also called IV\) for the encryption process, and include the authentication tag during encryption. Then, simulate Bob decrypting the message using the same key, nonce, and tag, and print out the original, encrypted, and decrypted versions to confirm it worked.



In [2]:
from Crypto.Cipher import AES, Salsa20
from Crypto.Util.Padding import pad, unpad
from Crypto.Util import Counter
import secrets


key = b'0123456789abcdef'  # 16-byte key
iv = b'0123456789abcdef'
data = b'aaaaaaaaaaaaaaa'

cipher = AES.new(key, AES.MODE_GCM)
ciphertext, tag = cipher.encrypt_and_digest(data)
print("GCM Encrypted:", ciphertext.hex())
print("GCM Tag:", tag.hex())

# Decryption
decipher = AES.new(key, AES.MODE_GCM, nonce=cipher.nonce)
decrypted = decipher.decrypt_and_verify(ciphertext, tag)
#print("Decrypted:", decrypted)
assert decrypted == data

ModuleNotFoundError: No module named 'Crypto'

##### **Exercise**: ElGamal Encryption

- Alice pk: $(x)$, pubk: $(G,g,g^x)$
- Bob enctypts: $(c_1=g^y, c_2=m(g^x)^y)$
- Alice decrypts: $m = c_2c_1^{-x}$



###



In [3]:
from crypto.Cipher import Salsa20
print(Salsa20.new(key).nonce)

ModuleNotFoundError: No module named 'Crypto'