# RSA Encryption and Shor's Algorithm

## Imports

In [1216]:
from math import gcd, sqrt
import random
import time

# Setting up RSA

## Step 1: Pick two primes
Generate some using https://bigprimes.org/

The amount of characters you can encrypt is proportoinal to the size of the primes, as well as the security of the encryption. If you want to try brute force decryption, something around 5-8 digits should be fine.

In [1217]:
p1 = 563
p2 = 547

## Step 2: Calculate modulus
The modulus will be used to "wrap around" messages after raising to the encryption exponent

In [1218]:
N = p1 * p2
print("N =", N)

N = 307961


## Step 3: Calculate the phi function
Also known as "Euler's totient function": https://en.wikipedia.org/wiki/Euler's_totient_function

This function counts the positive integers up to a given integer that are relativly prime to that number.

Eulers product formula states that 
$$\phi(n) = p_1

In [1219]:
# Step 3: calculate the phi function
# Phi function
phiN = (p1 - 1) * (p2 - 1)
print("phi(N) =", phiN)

phi(N) = 306852


## Step 4: Calculate the encryption exponent
Requirements:
- e must between 1 and phi(N)
- e must be coprime with N and phi(N)

In modern encryption, 65537 is used as standard. Small exponents, such as $e=3$, will result in $m^3$ being less than the modulus, and therefore trivial to crack (take the 3rd root).

In [1220]:
# Manually find a valid candidate
# e = 0
# for candidate in range(2, phiN + 1):
#     if(gcd(candidate, phiN) == 1):
#         e = candidate
#         print("done")
#         break

# Or use a standard prime
e = 65537

## Step 5: Calculate the decryption exponent
Find $d$ such that
$$(m^{e})^d = m^{ed} \equiv m \quad (\text{mod } N)$$

This results in d "undoing" the shift performed by raising x to the e.


This can be calculated using Euler's theorem:

$$a^{\phi(n)} \equiv 1 (\text{mod } n)$$

If we can find a $d$ such that $ed \equiv 1 (\text{mod } \phi(n)) \Rightarrow ed = 1 + h\phi(n)$:

$$m^{ed} = m^{1 + h \phi(n)} = m(m^{\phi(n)})^h \equiv m(1)^h \equiv m (\text{mod } n)$$

In [1229]:
# Step 5: choose d - the decription exponent

d = mod_inverse(e, phiN)
        
print("d =", d)

public_key = (e, N)
print("Public key:", public_key)
private_key = (d, N)
print("Private key:", private_key)

d = 43937
Public key: (65537, 307961)
Private key: (43937, 307961)


In [1230]:
def gcdExtended(a, b):
    
    if a == 0 :
        return b, 0, 1
    
    gcd, x1, y1 = gcdExtended(b%a, a)
    
    x = y1 - (b//a) * x1
    y = x1
    
    return gcd, x, y

def mod_inverse(a, mod):
    factor, x, y = gcdExtended(a, mod)
    if(x < 0):
        return mod + x
    else:
        return x

# RSA Encryption and Decryption
To encrypt a message, we convert our string to an integer $\text{message}$ and raising it to the power of $e$ mod $N$:

$$\text{encrypted} = \text{message} ^ e \quad (mod N)$$

To decrypt a message, we raise the encrypted message to our decryption exponent and it will "wrap around" back to our original message:

$$\text{decrypted} = \text{encrypted} ^ d \quad (mod N)$$

In [1231]:
# Helper functions

def encrypt(message, public_key):
    encrypted_message = pow(message, public_key[0], public_key[1])
    return encrypted_message

def decrypt(encrypted_message, private_key):
    decrypted_message = pow(encrypted_message, private_key[0], private_key[1])
    return decrypted_message

def string_to_int(message):
    number = ""
    for char in message:
        ordinal = ord(char) - 30
        if ordinal < 10:
            ordinal = "0" + str(ordinal)
        else:
            ordinal = str(ordinal)
        number += ordinal
        
    integer = int(number)
    return integer
    
def int_to_string(integer):
    str_int = str(integer)
    string = ""
    for i in range(0, int(len(str_int) / 2)):
        char_code = int(str_int[2 * i] + str_int[2 * i+1])
        string += chr(char_code + 30)
    return string

## Perform encryption and decryption

In [1245]:
message_string = "Hi"
message = string_to_int(message_string)

print("Original string:", message_string)
print("Original integer:", message)

print()
encrypted = encrypt(message, public_key)
print("Encrypted integer:", encrypted)

print()
decrypted = decrypt(encrypted, private_key)
print("Decrypted integer:", decrypted)

print("Decrypted string:", int_to_string(decrypted))

Original string: Hi
Original integer: 4275

Encrypted integer: 271579

Decrypted integer: 4275
Decrypted string: Hi


# Brute force decryption
Assuming you have been given the public key, the easiest way to calculate the decryption exponent is to find the totient of n $(p1-1)(p2-1)$, and the easiest way to do that is to find the two prime factors that make it up (p1 and p2). These can be found by brute force factoring N.

Be careful running this with large (8+ digits) primes, as it will quickly take unreasonable times to do (this is why RSA is so secure)

In [1246]:
start = time.perf_counter()

# brute force factoring, test all odd numbers
p1 = 0
for i in range(1, N//2):
    test_factor = (2 * i + 1)
    if(N % test_factor == 0):
        print("Found factor")
        p1 = test_factor
        break
end = time.perf_counter()

print("Brute force factoring took", round(end - start, 4), "seconds")

# Calculate second prime by dividing modulus
p2 = N // p1

print("Prime 1:", p1)
print("Prime 2:", p2)

# Recalculate phiN and decryption exponent
phiN = (p1 - 1) * (p2 - 1)
d = mod_inverse(e, phiN)

print()
print("Brute force decrypted message", int_to_string(decrypt(encrypted, (d, N))))

print(N)

Found factor
Brute force factoring took 0.0002 seconds
Prime 1: 547
Prime 2: 563

Brute force decrypted message Hi
307961


# Shor's Algorithm
Method adapted from: https://arxiv.org/pdf/quant-ph/0205095.pdf

## Step 1: Pick a random number
Choose a random integer $1 < a < N-1$ and check to see if by random chance we have found a factor

In [1262]:
a = random.randrange(1, N-1)
print("a =", a)

if(gcd(a, N) > 1):
    print("Wow, you got very lucky and found a factor of N")
else:
    print("a is not a factor of N")

a = 8485
a is not a factor of N


## Step 2: Find the order of $a \space mod \space N$
To find the order of $a \space mod \space N$, we must find the period of $a^i \space mod \space N$. This is equivelent to finding the smallest non-zero integer that satisfies:
$$a^r \space mod \space N = 1$$

This is the most time consuming portion of the classical algorithm, as it has to be done by brute force. Once this step can be done by a quantum computer, previously unfactorable numbers will become factorable in a fraction of the time.

In [1263]:
r = 0
# Limit set to make sure algorithm doesn't "run away" on large numbers
for i in range(1, 1000000):
    val = pow(a, i, N)
    vals.append(val)
    
    if(val == 1):
        v_1 = i
        r = i
        break

if(r == 0):
    print("No repeats found in range, try increasing, using smaller primes, or re-randomizing a")
else:
    print("r =", r)

r = 51142


## Step 3: (hopefully) find factors
Shor's will find the correct factors with probability of at least one half, so if it doesn't work first time, try again!

In [1264]:
factor_1 = gcd(pow(a, r//2) + 1, N)
print("Shor's factor candidate #1:", factor_1)
factor_2 = gcd(pow(a, r//2) - 1, N)
print("Shor's factor candidate #2:", factor_2)

print()
print("Actual factors:", p1, p2)

# Calculate second prime by dividing modulus
p2 = N // factor_1

# Recalculate phiN and decryption exponent
phiN = (factor_1 - 1) * (p2 - 1)
d = mod_inverse(e, phiN)

print()
print("Brute force decrypted message:", int_to_string(decrypt(encrypted, (d, N))))

Shor's factor candidate #1: 547
Shor's factor candidate #2: 563

Actual factors: 547 307961

Brute force decrypted message: Hi
