# Assinatura Digital ElGamal

### Grupo:

    - João Marques, A84684
    - Luis Bigas, A76964

# Parameter Generation

In [22]:
nbits=256
p=random_prime(2^(nbits//2),(2^(nbits//2-1)),True)
p

90411477113230214551024279433109155579

In [23]:
Zp = IntegerModRing(p)

In [24]:
g = Zp.multiplicative_generator()
g

2

In [25]:
p,g

(90411477113230214551024279433109155579, 2)

# Per-user keys

$x \in \{1...p-2\}$

$y = g^x \mod p$ 

In [26]:
x = randint(1,p-2)
y = power_mod(g,x,p)
x,y

(89875716387904429754579234117122277502,
 58725406499771913471859489679126434703)

# Signing

$k \in \{2...p-2\}, mdc(k,p-1) = 1$

$r = g^{(k)} \mod p$

$s = (H(m)-xr)k^{-1} \mod (p-1)$

In [27]:
import hashlib
mOrig = "Here's Johnny!"
mEncoded = bytes(mOrig, 'utf-8')
HH = hashlib.sha256(mEncoded).hexdigest()
m=ZZ('0x'+HH)

k = randint(2,p-2)
while not gcd(k,p-1)==1:
    k = randint(2,p-2)

r = int(power_mod(g,k,p))

ki = power_mod(k,-1,p-1)
si = (m - (x*r)) * ki
s = int(mod(si,p-1))
r,s

(40055069499736738038659820253861296396,
 80675248095764596753463956164636792585)

# Verifying a Signature

$0 < r < p \wedge 0 < s < p-1$

In [28]:
0<r<p, 0<s<p-1

(True, True)

$g^{H(m)} = y^rr^s \mod p$

In [29]:
gh = power_mod(g,m,p)
y = power_mod(y,r,p)
r = power_mod(r,s,p)
yr = y*r
gh == yr

True

In [16]:
def gen_para(nbits):
    p=random_prime(2^(nbits//2),(2^(nbits//2-1)),True)

    Zp = IntegerModRing(p)
    g = Zp.multiplicative_generator()

    return p,g

In [17]:
def gen_user_key(p,g):
    x = randint(1,p-2)
    y = power_mod(g,x,p)
    return x,y

In [15]:
def sign(mOrig,p,g,x):
    mEncoded = bytes(mOrig, 'utf-8')
    HH = hashlib.sha256(mEncoded).hexdigest()
    m=ZZ('0x'+HH)

    k = randint(2,p-2)
    while not gcd(k,p-1)==1:
        k = randint(2,p-2)

    r = int(power_mod(g,k,p))
    ki = power_mod(k,-1,p-1)
    si = (m - (x*r)) * ki

    s = int(mod(si,p-1))

    return r,s

In [16]:
def verify(mOrig,p,g,y,r,s):
    if (not 0<r<p) or (not 0<s<p-1):
        return False

    mEncoded = bytes(mOrig, 'utf-8')
    HH = hashlib.sha256(mEncoded).hexdigest()
    m=ZZ('0x'+HH)

    gh = power_mod(g,m,p)
    y = power_mod(y,r,p)
    r = power_mod(r,s,p)

    yr = y*r
    return gh == yr

In [17]:
p,g = gen_para(256)
p,g

(961406493615610709190290109331, 3)

In [18]:
x,y = gen_user_key(p,g)
x,y

(31939740115984729680394651830, 705208023764014544979543432869)

In [19]:
m = "Nobody expects the Spanish Inquisition"
r,s=sign(m,p,g,x)
r,s

(256187706838329341137541980931, 109779128737143665392962343905)

In [20]:
verify(m,p,g,y,r,s)

True