# Cryptography (CC4017) -- Week 9

## Exercice 1:

Compute the following discrete logarithms:

a. $log_2(13) $ in $ \mathbb{Z}_{23} $ ,i.e., find $x$ s.t. $2^{x} \equiv 13 \ (mod \ 23).$

b. $log_{10}(22) $ in $ \mathbb{Z}_{47}.$

c. $log_{627}(608) $ in $ \mathbb{Z}_{941}.$

To solve these problems we can use the baby-step giant-step algorithm. This algorithm is a meet-in-the-middle algorithm that finds the discrete logarithm of a number $y$ with respect to a base $g$ in a group $G$. 

In [3]:
def baby_step_giant_step(g, h, p):
    from math import isqrt
    from collections import defaultdict

    n = isqrt(p - 1) + 1

    # Baby step
    baby_steps = defaultdict(int)
    for j in range(n):
        baby_steps[pow(g, j, p)] = j

    # Giant step
    g_inv = pow(g, p - 2, p)
    g_inv_n = pow(g_inv, n, p)
    value = h
    for i in range(n):
        if value in baby_steps:
            return i * n + baby_steps[value]
        value = (value * g_inv_n) % p

    return None

# $log_2(13) $ in $ \mathbb{Z}_{23} $ ,i.e., find $x$ s.t. $2^{x} \equiv 13 \ (mod \ 23).$
g = 2
y = 13
G = 23
result_a = baby_step_giant_step(g, y, G)
print(result_a)


# $log_{10}(22) $ in $ \mathbb{Z}_{47}.$
g = 10
y = 22
G = 47
result_b = baby_step_giant_step(g, y, G)
print(result_b)

# $log_{627}(608) $ in $ \mathbb{Z}_{941}.$
g = 627
y = 608
G = 941
result_c = baby_step_giant_step(g, y, G)
print(result_c)


7
11
18


## Exercice 2

Alice and Bob agree to use the prime $ p = 1373 $ and the base $ g = 2 $ for a Diffie-Hellman key exchange.
Alice sends Bob the value $A=974$. Bob asks your assistance, so you tell him to use the secret exponent $b=871$.
What is the value B should Bob send to Alice, and what is the secret shared value? 
Can you guess the secret exponent used by Alice? 
Check the exponent used by Alice that you found to see if it matches the secret shared value computed by Bob.

In [5]:
# Given the values 
p = 1373
g = 2
A = 974
b = 871

# STEP 1 : Find the value of B for Bob send to Alice
B = pow(g,b,p)
print(f"Bob Should Send B = {B} to Alice")

# STEP 2: Compute the secret shared value
secret_shared_bob = pow(A,b,p)
print(f"The shared secret value for Bob is {secret_shared_bob}")

# STEP 3 : Guess thhe secret exponent used by Alice
secret_exponet = baby_step_giant_step(g,A,p)
print(f"The secret exponent used by Alice is {secret_exponet}")

# STEP 4 : Verify the secret exponent
secret_shared_alice = pow(B,secret_exponet,p)
print(f"The shared secret value for Alice is {secret_shared_alice}")

if secret_shared_alice == secret_shared_bob:
    print("The secret shared values are same")
else:
    print("The secret shared values are not same")


Bob Should Send B = 805 to Alice
The shared secret value for Bob is 397
The secret exponent used by Alice is 587
The shared secret value for Alice is 397
The secret shared values are same


## EXERCICE 3

In the Diffie-Hellman protocol, and given the public parameters $ p $ , prime, and $ g ∈ \mathbb{Z}_{P}$ , each participant selects a secret number $ x $ and sends the other participant $g^x \ mod \ p$. What would happen if the participants sent each other $x^g \ mod \ p $ instead? Give one method Alice and Bob could use to agree on a key. Can Eve (a passive attacker) break the system without finding the secret numbers? Can Eve find the secret numbers?

>So, lets see what would happen if participants sent each other $x^g \ mod \ p $ instead of $g^x \ mod \ p$.
>
>First, we will experiment a loss of security in the system. The Diffie-Hellman protocol relies on the hardness of the discrete logarithm problem. By sending $x^g \ mod \ p $ instead of $g^x \ mod \ p$, there sending a value that is much easier to reverse-engineer. So the hardness of the discrete logarithm problem is gone.
>
> Second, we will have a predictable problem. Since $ g $ is a public parameter, the value of $ x^g \ mod \ p $ will be easy to compute, and the attacker can easily find the secret number.
> 
> For alice and bob to agree on a key, the solution is to use a different criptographic protocol that does not rely on a discrete logarithm problem. Using a symmetric key encryption algorithm like AES, or a public key infrastructure like PKI would be a better solution to securely exchange keys.
>
> Using the $x^g \ mod \ p $ which is a value easy to compute, Eve can intercept the values sent by Alice and Bob and easily compute the shared secret key. Since $ g $ is a public parameter, Eve can try different values of $ x $ and compute  $x^g \ mod \ p $ until she finds a match with the values sent by Alice and Bob. Much more easily to do than the discrete logarithm problem in my opinion.
