### Diffie Hellman Algorithm
used for shared key generation

Alice and Bob use a prime number p and a generator g ($1<g<p$) to generate a cyclic group [1,p-1] by $g^a \pmod p$. The shared key will be one of the elements in this group. It's crucial to choose a generator, wich generates a sufficient big group to avoid brute force attacks.

They choose their numbers a,b < n and compute element $g^{a \cdot b} \pmod p$ from this cyclic group, wich is the new shared key.

This Algorithm works, since the order of exponentiation and modulo division does not change the result:

\begin{align}
(g^a \mod p)^b \pmod p &= ( \underbrace{g \cdot ... \cdot g}_{\text{a  elements}} \pmod p ) \cdot ( \underbrace{g \cdot ... \cdot g}_{\text{b  elements}} \pmod p ) \\
&= (g^b \mod p)^a \pmod p \\
&= g^{(a \cdot b)} \pmod p
\end{align}

The group has a maximum size of p-1, since zero can not occur ($g^a \not\equiv 0 \pmod p$). If this maximum group-size is divisible by a prime q, than there are at least q generators, wich generate this group-size. Unfortunately p-1 is even, so there are also groups of size 2, but they are extremly improbable. Usually a "safe"-prime number p is used, wich in turn is composed out of a big prime q: p = 2*q + 1. This way a random generator is very likely to produce a big group-size.

A simpler method is to stick to known primes and generators, wich are specified in some cryptographic protocols.

In [93]:
print('\033[1m','cyclic group length for random prime: 19','\033[0m')
p=19
for g in range(1,p):
    l = list()
    for i in range(0,p):
        n = g**i % p
        if n not in l:
            l.append(n)
    print('g=',g,' length=',len(l),' elements: ',l)

[1m cyclic group length for random prime: 19 [0m
g= 1  length= 1  elements:  [1]
g= 2  length= 18  elements:  [1, 2, 4, 8, 16, 13, 7, 14, 9, 18, 17, 15, 11, 3, 6, 12, 5, 10]
g= 3  length= 18  elements:  [1, 3, 9, 8, 5, 15, 7, 2, 6, 18, 16, 10, 11, 14, 4, 12, 17, 13]
g= 4  length= 9  elements:  [1, 4, 16, 7, 9, 17, 11, 6, 5]
g= 5  length= 9  elements:  [1, 5, 6, 11, 17, 9, 7, 16, 4]
g= 6  length= 9  elements:  [1, 6, 17, 7, 4, 5, 11, 9, 16]
g= 7  length= 3  elements:  [1, 7, 11]
g= 8  length= 6  elements:  [1, 8, 7, 18, 11, 12]
g= 9  length= 9  elements:  [1, 9, 5, 7, 6, 16, 11, 4, 17]
g= 10  length= 18  elements:  [1, 10, 5, 12, 6, 3, 11, 15, 17, 18, 9, 14, 7, 13, 16, 8, 4, 2]
g= 11  length= 3  elements:  [1, 11, 7]
g= 12  length= 6  elements:  [1, 12, 11, 18, 7, 8]
g= 13  length= 18  elements:  [1, 13, 17, 12, 4, 14, 11, 10, 16, 18, 6, 2, 7, 15, 5, 8, 9, 3]
g= 14  length= 18  elements:  [1, 14, 6, 8, 17, 10, 7, 3, 4, 18, 5, 13, 11, 2, 9, 12, 16, 15]
g= 15  length= 18  elements:  [1,

In [92]:
print('\033[1m','cyclic group length for safe-prime: 23 = 2⋅11 + 1','\033[0m')
p=23
for g in range(1,p):
    l = list()
    for i in range(0,p):
        n = g**i % p
        if n not in l:
            l.append(n)
    print('g=',g,' length=',len(l),' elements: ',l)

[1m cyclic group length for safe-prime: 23 = 2⋅11 + 1 [0m
g= 1  length= 1  elements:  [1]
g= 2  length= 11  elements:  [1, 2, 4, 8, 16, 9, 18, 13, 3, 6, 12]
g= 3  length= 11  elements:  [1, 3, 9, 4, 12, 13, 16, 2, 6, 18, 8]
g= 4  length= 11  elements:  [1, 4, 16, 18, 3, 12, 2, 8, 9, 13, 6]
g= 5  length= 22  elements:  [1, 5, 2, 10, 4, 20, 8, 17, 16, 11, 9, 22, 18, 21, 13, 19, 3, 15, 6, 7, 12, 14]
g= 6  length= 11  elements:  [1, 6, 13, 9, 8, 2, 12, 3, 18, 16, 4]
g= 7  length= 22  elements:  [1, 7, 3, 21, 9, 17, 4, 5, 12, 15, 13, 22, 16, 20, 2, 14, 6, 19, 18, 11, 8, 10]
g= 8  length= 11  elements:  [1, 8, 18, 6, 2, 16, 13, 12, 4, 9, 3]
g= 9  length= 11  elements:  [1, 9, 12, 16, 6, 8, 3, 4, 13, 2, 18]
g= 10  length= 22  elements:  [1, 10, 8, 11, 18, 19, 6, 14, 2, 20, 16, 22, 13, 15, 12, 5, 4, 17, 9, 21, 3, 7]
g= 11  length= 22  elements:  [1, 11, 6, 20, 13, 5, 9, 7, 8, 19, 2, 22, 12, 17, 3, 10, 18, 14, 16, 15, 4, 21]
g= 12  length= 11  elements:  [1, 12, 6, 3, 13, 18, 9, 16, 8, 4, 2]


### Discrete logarithm problem

to crack the cifer a and b has to be found. This is a hard problem.

\begin{align}
g^a \pmod p &\equiv aa \\
g^b \pmod p &\equiv bb
\end{align}

# example Diffie-Hellman key exchange

In [94]:
###public

#generator
g = 3

#prime (large)
p = 2903

In [95]:
###Alice
a=9557
aa = g**a % p

In [96]:
###Bob
b=238
bb = g**b % p

In [97]:
###exchange calculated values aa and bb

In [98]:
###Alice: a, aa,
#from Bob: bb,
#public: g, p,

shared_key_a = bb**a % p

In [99]:
###Bob: b, bb,
#from Alice: aa,
#public: g, p,

shared_key_b = aa**b % p

In [100]:
print(shared_key_a,'and',shared_key_b,'are equal !')
print('this is the new shared secret key')

1782 and 1782 are equal !
this is the new shared secret key
