![pythonLogo.png](https://www.python.org/static/community_logos/python-powered-w-200x80.png)

# Cryptography and Hashing #


# Recap on Hashing

Hash Maps allow users to search a data structure via characters instead of integer index positions. The characters (string) are converted to integers by a process of 'hashing'. This hashing function will look up the ASCII value of each character. Each integer value is then multiplied by its position in the string to achieve a unique number. These are added together to create a large number. To prevent having to allocate a large number of elements, the modulo sign (%) calculates a smaller number to reduce the size of elements.



![hash](https://d18l82el6cdm1i.cloudfront.net/uploads/34EvJ7agjl-hash_table.gif)

## Collision resolution
With a reduced number of spaces available, hashing methods will return the same remainder for some modulus operations. This means that two (or more) items will be competing for the same element in the data structure.

There are regarded to be two approaches to resolving collisions: 
- Open Addressing - e.g. An alternate address within the structure
- Separate Chaining - e.g. A Linked List that extends out of an element with colliding values.

## Cryptography and Hashing

## Python's hash library and SHA256

Secure Hash Algorithm 256 bits (32 bytes) is a cryptographic hash function that produces a fixed-size 256-bit (32-byte) hash value from an input of any size. It is part of the SHA-2 family, which was designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST) in 2001.

## Secure Hashing Algorithm (SHA)

* Secure Hashing Algorithm is a family of Hashing functions (one way), whereas encryption will need to be two-way (encrypt and decrypt)

* SHA-1 can produce a hash up to 160 bits in length (20 bytes)

* SHA-256 can produce a hash up to 256 bits in length (32 bytes)

* SHA-256 provides significantly more combinations than SHA-1, approximately  $2^{96}$  times more possibilities, or about  $10^{29}$  times more.

* This difference makes SHA-256 much more secure, as it provides a vastly larger space of possible outputs, reducing the risk of collisions (two different inputs producing the same hash). This is why SHA-256 is preferred for modern cryptographic applications

![sha256nordvpn](https://nordvpn.com/wp-content/uploads/blog-infographic-sha-256-1.svg)

In [22]:
import hashlib
import json
import time

SHA-1

In [60]:
message = "Hello, World!"
hash_object = hashlib.sha1(message.encode())
hash_hex = hash_object.hexdigest()

print("Original message:", message)
print("Hashed value:", hash_hex)

Original message: Hello, World!
Hashed value: 0a0a9f2a6772942557ab5355d76af442f8f65e01


In [61]:
l = []
l = str(hash_hex)
len(l) / 2  # divide by 2 due to hex codes '0a' is one hex

20.0

SHA-256

In [62]:
message = "Hello, World!"
hash_object = hashlib.sha256(message.encode())
hash_hex = hash_object.hexdigest()

print("Original message:", message)
print("Hashed value:", hash_hex)

Original message: Hello, World!
Hashed value: dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f


In [63]:
l = []
l = str(hash_hex)
len(l) / 2 # divide by 2 due to hex codes 'df' is one hex

32.0

## Blockchain and Cryptocurrency uses SHA-256

* Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data.

* These blocks are 'linked' ('chained') together by cryptography (hash codes). 

* Each block has a hash of the previous block, creating a secure and verifiable chain of data.

* Unlike a linked list though, you're not able to delete blocks in the blockchain, otherwise this would violate the integrity of the ledger of transactions. 

![blockchain1](https://miro.medium.com/v2/resize:fit:977/1*mNdCyhj2WRSzmgTOVztaUg.png)

In [14]:

transaction = {
    'sender': "Alice",
    'receiver': "Bob",
    'amount': 50
}
transaction_string = json.dumps(transaction, sort_keys=True).encode()
transaction_hash = hashlib.sha256(transaction_string).hexdigest()

print("transaction string:",transaction_string)
print("transaction hash:",transaction_hash)

transaction string: b'{"amount": 50, "receiver": "Bob", "sender": "Alice"}'
transaction hash: fd2aff1bbd25dca7091cbc385ccd82fc933a0f775d359ad067f46d4371bac73f


## Blockchain of transactions

In [24]:
class Block:
    def __init__(self, index, previous_hash, timestamp, data, nonce=0):
        self.index = index
        self.previous_hash = previous_hash
        self.timestamp = timestamp
        self.data = data
        self.nonce = nonce
        self.hash = self.calculate_hash()

    def calculate_hash(self):
        block_string = f"{self.index}{self.previous_hash}{self.timestamp}{self.data}{self.nonce}"
        return hashlib.sha256(block_string.encode()).hexdigest()

In [25]:
class Blockchain:
    def __init__(self):
        self.chain = [self.create_genesis_block()]
        self.difficulty = 4

    def create_genesis_block(self):
        return Block(0, "0", int(time.time()), "Genesis Block")

    def get_latest_block(self):
        return self.chain[-1]

    def add_block(self, new_block):
        new_block.previous_hash = self.get_latest_block().hash
        new_block.hash = new_block.calculate_hash()
        self.mine_block(new_block)
        self.chain.append(new_block)

    def mine_block(self, block):
        target = "0" * self.difficulty
        while block.hash[:self.difficulty] != target:
            block.nonce += 1
            block.hash = block.calculate_hash()
        print(f"Block mined: {block.hash}")

    def is_chain_valid(self):
        for i in range(1, len(self.chain)):
            current_block = self.chain[i]
            previous_block = self.chain[i-1]

            if current_block.hash != current_block.calculate_hash():
                return False

            if current_block.previous_hash != previous_block.hash:
                return False

        return True

In [26]:
# Usage example
blockchain = Blockchain()

print("Mining block 1...")
blockchain.add_block(Block(1, "", int(time.time()), {"amount": 4}))

print("Mining block 2...")
blockchain.add_block(Block(2, "", int(time.time()), {"amount": 10}))

print(f"Is blockchain valid? {blockchain.is_chain_valid()}")

# Tamper with the blockchain
blockchain.chain[1].data = {"amount": 100}
print(f"Is blockchain valid after tampering? {blockchain.is_chain_valid()}")

Mining block 1...
Block mined: 000079aed2f4915b195b241ead3265a2ee762791b7d0047f060b9e530a167ba4
Mining block 2...
Block mined: 00004e987cc3d0d974d9b3cb00e1d4b000d88940760e6315fa0e3018771f72e0
Is blockchain valid? True
Is blockchain valid after tampering? False


## Passwords

In [7]:
password = "mypassword123"
hashed_password = hashlib.sha256(password.encode()).hexdigest()
print("Stored hash:", hashed_password)

Stored hash: 6e659deaa85842cdabb5c6305fcc40033ba43772ec00d45c2a3c921741a5e377


## This looks impressive, but... 

* Attackers can leverage the speed of SHA-256 to try billions of password guesses per second in a brute-force or dictionary attack.

* SHA-256 does not natively include salting, a technique where a random value (the salt) is added to the password before hashing to make the hash unique for each user. Without salt, two users with the same password will have the same hash, making attacks easier.

* SHA-256 does not support key stretching, which is a method to make the hashing process slower and more resistant to brute-force attacks. For password hashing, you want a function that intentionally takes time to compute (e.g., several milliseconds per hash) to slow down attackers.


` pip install bcrypt `

`python3 -m pip install -U bcrypt --user`

In [10]:
import bcrypt

In [11]:

# Step 1: Generate a salt and hash the password
password = "mypassword123".encode()  # Convert password to bytes
salt = bcrypt.gensalt()  # Generate a random salt
hashed_password = bcrypt.hashpw(password, salt)  # Hash the password with the salt

# Step 2: Store the hashed password (and salt is embedded in the hash)
print(f"Hashed password: {hashed_password}")

# Step 3: To verify a password during login
entered_password = "mypassword123".encode()
if bcrypt.checkpw(entered_password, hashed_password):
    print("Password is correct!")
else:
    print("Password is incorrect.")

Hashed password: b'$2b$12$QEX0gKMfmI1JJb5KMND3WOqdriS62T1hdX6KkXUfjYe8YoUV0lfue'
Password is correct!


## Hashing with a key (HMAC)

HMAC (Hash-based Message Authentication Code):

In [8]:
import hmac

key = b'secret_key'
message = b'Hello, World!'

hmac_hash = hmac.new(key, message, hashlib.sha256).hexdigest()
print("HMAC:", hmac_hash)

HMAC: d0e72e3ebca850380c42bc96009638375860cb5c330048588d3298f02e740065


## Encryption

WhatsApp uses end-to-end encryption, which is different from HMAC. Specifically, it relies on the Signal Protocol, which employs a combination of:

* Symmetric Encryption (AES): To encrypt the actual messages using a secret key that only the sender and recipient know.

* Asymmetric Encryption (RSA, Curve25519): To securely exchange the secret keys between the sender and recipient.

* Message Authentication Codes (MAC): Used for verifying the integrity and authenticity of messages, but this is separate from encryption.

## AES (Advanced Encryption Standard)

* Advanced Encryption Standard (AES) is a symmetric block cipher that the U.S. government selects to protect classified data. AES-256 encryption uses the 256-bit key length to encrypt as well as decrypt a block of messages.

* As we've seen, hashing for one-way - for storing data in a unique position within a structure. We have to match hash codes to get to the right data. 

* Encryption is two-way (encrypt and decrypt), as messages need to be encrypted before they are sent, and then decrypted (only) by the receiver.

` pip install cryptography `

`python3 -m pip install -U cryptography --user`


In [18]:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding
import os

In [19]:
# Function to encrypt plaintext using AES
def encrypt_aes(key, plaintext):
    # Generate a random 16-byte IV (Initialization Vector)
    iv = os.urandom(16)
    
    # Create the cipher using AES and CBC mode with the IV
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
    
    # Encryptor object
    encryptor = cipher.encryptor()
    
    # Padding the plaintext to be a multiple of block size (16 bytes)
    padder = padding.PKCS7(algorithms.AES.block_size).padder()
    padded_data = padder.update(plaintext) + padder.finalize()
    
    # Encrypt the padded plaintext
    ciphertext = encryptor.update(padded_data) + encryptor.finalize()
    
    # Return both the IV and ciphertext (IV is needed for decryption)
    return iv, ciphertext


In [20]:
# Function to decrypt ciphertext using AES
def decrypt_aes(key, iv, ciphertext):
    # Create the cipher using AES and CBC mode with the provided IV
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
    
    # Decryptor object
    decryptor = cipher.decryptor()
    
    # Decrypt the ciphertext
    padded_plaintext = decryptor.update(ciphertext) + decryptor.finalize()
    
    # Unpad the plaintext
    unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
    plaintext = unpadder.update(padded_plaintext) + unpadder.finalize()
    
    return plaintext

In [21]:
# Demo: Encrypt and decrypt a message using AES-256
def demo_aes():
    # Key must be either 16, 24, or 32 bytes long (AES-128, AES-192, AES-256 respectively)
    key = os.urandom(32)  # AES-256 key (32 bytes)
    
    # Example plaintext message
    plaintext = b"Hello, this is a secret message!"
    print(f"Original plaintext: {plaintext}")
    
    # Encrypt the message
    iv, ciphertext = encrypt_aes(key, plaintext)
    print(f"Encrypted ciphertext: {ciphertext.hex()}")
    print(f"Initialization Vector (IV): {iv.hex()}")
    
    # Decrypt the message
    decrypted_plaintext = decrypt_aes(key, iv, ciphertext)
    print(f"Decrypted plaintext: {decrypted_plaintext}")

# Run the AES encryption/decryption demo
demo_aes()

Original plaintext: b'Hello, this is a secret message!'
Encrypted ciphertext: 622ed0e6a9d572368e68b2d4453d152b8667e6e01f8d59db8158c26a1d8c77df264cb492c1986f4ca2687093610c6ec1
Initialization Vector (IV): e3a96a5ee014529f1ba62e8d9395fb3d
Decrypted plaintext: b'Hello, this is a secret message!'


WhatsApp uses both encryption (for confidentiality) and message authentication (for integrity and authenticity):

* The actual content of your messages is encrypted using symmetric encryption (AES-256).

* After encryption, an HMAC or similar message authentication method is used to ensure that the encrypted message hasn’t been altered during transmission.

## PBKDF2 (Password-Based Key Derivation Function 2):

* An older but still widely used algorithm.

* Uses a combination of a salt and key stretching (by iterating the hash many times) to make brute-force attacks more difficult.

* Typically slower than SHA-256, which is good for password hashing.

## Public key vs private key

## Application of Cryptography

In [1]:
def simple_substitution_encrypt(plaintext, key):
    ciphertext = ""
    for char in plaintext:
        if char.isalpha():
            shift = ord(key.upper()) - ord('A')
            if char.isupper():
                ciphertext += chr((ord(char) - ord('A') + shift) % 26 + ord('A'))
            else:
                ciphertext += chr((ord(char) - ord('a') + shift) % 26 + ord('a'))
        else:
            ciphertext += char
    return ciphertext

def simple_substitution_decrypt(ciphertext, key):
    plaintext = ""
    for char in ciphertext:
        if char.isalpha():
            shift = ord(key.upper()) - ord('A')
            if char.isupper():
                plaintext += chr((ord(char) - ord('A') - shift) % 26 + ord('A'))
            else:
                plaintext += chr((ord(char) - ord('a') - shift) % 26 + ord('a'))
        else:
            plaintext += char
    return plaintext

# Usage
message = "Hello, World!"
key = "D"
encrypted = simple_substitution_encrypt(message, key)
decrypted = simple_substitution_decrypt(encrypted, key)

print(f"Original: {message}")
print(f"Encrypted: {encrypted}")
print(f"Decrypted: {decrypted}")

Original: Hello, World!
Encrypted: Khoor, Zruog!
Decrypted: Hello, World!


In [2]:
def xor_cipher(data, key):
    return bytes([b ^ ord(key[i % len(key)]) for i, b in enumerate(data)])

# Usage
message = b"Hello, World!"
key = "SECRET"
encrypted = xor_cipher(message, key)
decrypted = xor_cipher(encrypted, key)

print(f"Original: {message}")
print(f"Encrypted: {encrypted}")
print(f"Decrypted: {decrypted}")

Original: b'Hello, World!'
Encrypted: b'\x1b />*xs\x12, )0r'
Decrypted: b'Hello, World!'


## Python's Cryptography library 

You may need to install Python's cryptography library via the installer if you haven't already... 
Copy and paste one of the following into a VSC terminal or your OS terminal/command line

` python3 -m pip install cryptography `

` pip install cryptography `


In [6]:
from cryptography.fernet import Fernet

# Generate a random key
key = Fernet.generate_key()
f = Fernet(key)

# Encrypt a message
message = b"Hello, World!"
encrypted = f.encrypt(message)

# Decrypt the message
decrypted = f.decrypt(encrypted)

print(f"Original: {message}")
print(f"Encrypted: {encrypted}")
print(f"Decrypted: {decrypted}")

Original: b'Hello, World!'
Encrypted: b'gAAAAABmwbADb7KI98b7A3W5q_d_YTv_Gm9veKn2HYYu7PZfEamhiy00SZ1ci4P8hEU3zUDHOVH3CRvOVzPWtBcWY_xb-opwEw=='
Decrypted: b'Hello, World!'


## Formative Exercises ##

Insert a 'code' cell below. In this do the following:

* Exercise 1: 
* Exercise 2: 
* Exercise 3: How would you implement end to end encryption for sending messages between devices? 
* Exercise 4: Create a simple Blockchain example that enables two terminals to encrypt and decrypt transactions 
* Exercise 5:


## Exercise 1: 

In [None]:
# Write your solution here.

## Exercise 2: 

In [None]:
# Write your solution here. 

## Exercise 3: 

In [None]:
# Write your solution here. 

## Exercise 4:

In [None]:
# Write your solution here.

## Exercise 5:

In [None]:
# Write your solution here. 