DESCRIPTION: Cryptography

# Cryptography

For Charley.


**Cryptography** allows Alice to send a message (the **plaintext**) to her friend Bob such that their nemesis snooping Eve cannot read the message 
    if she intercepts it while being sent. Alice uses the key to encrypt (or transform) the plaintext into a **ciphertext**, which looks like random garbage, and then sends that to Bob, who then uses the key to decrypt the ciphertext back to the plaintext, which can be read. Anyone can use the key if they know it, but it is practically impossible to guess otherwise.
    
I didn't make up these names. They appear in all cryptography books. See [Alice and Bob](https://en.wikipedia.org/wiki/Alice_and_Bob)
    
There are two types of cryptography:
* [Symmetric](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) - where Alice and Bob share the same key. Example: [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
  * Very fast
  * Used by Bitlocker and local file system
  * Quantum safe
* [Asymmetric](https://en.wikipedia.org/wiki/Public-key_cryptography) - where each have their own public/private key but share their public key.
  * Can only encrypt a messages that are shorter than the private key, e.g. 128 bytes.
  * Slow, but only used to encrypt a random symmetric key that is use to encrypt the message and is sent with the ciphertext.
  * Used by the Internet, HTTPS, SSL, TLS, Bitcoin, and PayPal
  * Some might be broken with good quantum computers

The hard part about symmetric encryption used by Alice and Bob, is how does Alice get her key to bob if Eve is constantly snooping? Eve works for the NSA. If Eve gets the key, she can decrypt Alice's message for Bob.

The solution is asymmetric encryption, where Alice generates a public/private key-pair, and sends Bob her public key, which can only be used to encrypt a message. Bob generates a one-time random symmetric key (perhaps 64 bytes) and then encrypts his message with that symmetric key. He then uses Alice's public key to encrypt the symmetric key. He sends both the ciphertext and the encrypted symmetric key to Alice, who then uses her private key to decrypt  the symmetric key, and then uses that to decrypt the ciphertext. Only the private key can be used to decrypt the message.


# Examples in Python
The following notebook shows examples:
* Symmetric Encryption - how to use the built-in python library for symemtric AES-256 encryption.
* RSA - a simple example of very short prime numbers (unsafe but easy to understand) to do asymmetric encryption.
  * Examples of factoring and times on how long that takes.
  * Trivial methods to tell if a number is prime.
  * More efficient methods to do so.
  * Code for greatest common divisor (GCD) using Euclidean algorithm and the Least Common Multiple (LCM), with example uses that show what it means.


# Symmetric Encryption

[AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) (or Rijndael) is the most popular symmetric encryption, probably because it is a public algorithm and has been peer-reviewed by the best mathematicians in the world.

In [195]:
# The symmetric key
key = "P4ulR3v3r3"

# The plain text message
plaintext = "Attack at dawn!"

In [196]:
import base64
import hashlib
from Crypto import Random
from Crypto.Cipher import AES

class AESCipher:
    def __init__(self, key):
        self.bs = AES.block_size
        self.key = hashlib.sha256(key.encode()).digest()

    def encrypt(self, raw):
        raw = self._pad(raw)
        iv = Random.new().read(AES.block_size)
        cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return base64.b64encode(iv + cipher.encrypt(raw.encode()))

    def decrypt(self, enc):
        enc = base64.b64decode(enc)
        iv = enc[:AES.block_size]
        cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return self._unpad(cipher.decrypt(enc[AES.block_size:])).decode('utf-8')

    def _pad(self, s):
        return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs)

    @staticmethod
    def _unpad(s):
        return s[:-ord(s[len(s)-1:])]

cipher = AESCipher(key)
ciphertext = base64.b64encode(cipher.encrypt(plaintext)).decode('utf-8')
print(f"Encrypted: {ciphertext}")

plaintext = cipher.decrypt(base64.b64decode(ciphertext))
print(f"Decrypted: {plaintext}")


Encrypted: TFJscEhCYk5GZkNWM21vWjA1ZE5PZ095S2ZVNzNicVRzRDliOWZPM21KMD0=
Decrypted: Attack at dawn!


# RSA

[RSA](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) is one of the first asymmetric cryptography systems, created in 1977. 
It is based on the idea that multiplying two prime numbers is easy, but factoring them is hard.
Example, suppose we pick two 1-digit prime numbers, like 3 and 5. Then we multiply them to get 15. Ask your friend what the factors of 15 are and she'll quickly say 3 and 5. Now pick two 2-digit prime numbers, like 17 and 23. Multiply them to get 391. Tell your friend to factor 391 and she'll have to think for a few minutes trying different divisors. A computer can do that instantly, but not if your two prime numbers have 100 digits each.

In [197]:
p = 17
q = 23
pq = p * q
print(pq)

391


## Factoring

Here is some trivial code to factor a product into its prime numbers.

In [198]:
def factors(x):
    import math
    while x % 2 == 0:
        yield 2
        x /= 2
    for i in range(3, int(math.sqrt(x))+1, 2):
        while x % i == 0:
            yield i
            x = int(x / i)
    if x > 1:
        yield x

def factor(x):
    import time
    start = time.time()
    f = [i for i in factors(x)]
    fs = [str(i) for i in f]
    seconds = time.time() - start
    print(f"The factors of {x} are {fs}. Took {seconds} seconds.")


factor(15)
factor(391)
factor(654321*1234567)
factor(123456789*723456789)

The factors of 15 are ['3', '5']. Took 0.0 seconds.
The factors of 391 are ['17', '23']. Took 0.0 seconds.
The factors of 807803114007 are ['3', '127', '9721', '218107']. Took 0.054999351501464844 seconds.
The factors of 89315652150190521 are ['3', '41647', '714862632364']. Took 20.78537368774414 seconds.


You can see from the above that the more digits a product has, the longer it takes to factor it.

In [199]:
#
# A trivial method to tell if a number is prime.
#
def isPrime(x):
    if x < 2: return False
    return next(factors(x), 1) == x

def test(x):
    if isPrime(x):
        print(f"{x} is prime")
    else:
        print(f"{x} is not prime")

for i in range(13):
    test(i)

0 is not prime
1 is not prime
2 is prime
3 is prime
4 is not prime
5 is prime
6 is not prime
7 is prime
8 is not prime
9 is not prime
10 is not prime
11 is prime
12 is not prime


In [200]:
#
# A trivial, but not efficient method to find the next prime number
#

def nextPrime(x):
    x += 1
    if x < 2: return 2
    if x % 2 == 0:
        x += 1
    while not isPrime(x):
        x += 2
    return x

# Print the first 100 primes
x = 0
for i in range(100):
    x = nextPrime(x)
    print(x, end=' ')


2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 211 223 227 229 233 239 241 251 257 263 269 271 277 281 283 293 307 311 313 317 331 337 347 349 353 359 367 373 379 383 389 397 401 409 419 421 431 433 439 443 449 457 461 463 467 479 487 491 499 503 509 521 523 541 

In [201]:
print(nextPrime(100000000000000))

100000000000031


In [202]:
# The greatest common divisor (GCD) using Euclidean algorithm
def gcd(x, y):
    while y:
        x, y = y, x % y
    return x

# Least Common Demonimator
# LCM formula: LCM(a, b) = (a * b) / GCD(a, b)
def lcm(a, b):
    return (a * b) // gcd(a, b)

def test(a,b):
    print(f"GCD({a:>2}, {b:>2}) = {gcd(a,b):>4}  LCM({a:>2}, {b:>2}) = {lcm(a,b):>4}")

test(1, 1)
test(12, 24)
test(12, 18)
test(24, 36)
test(7, 11)



GCD( 1,  1) =    1  LCM( 1,  1) =    1
GCD(12, 24) =   12  LCM(12, 24) =   24
GCD(12, 18) =    6  LCM(12, 18) =   36
GCD(24, 36) =   12  LCM(24, 36) =   72
GCD( 7, 11) =    1  LCM( 7, 11) =   77


In [203]:
# See https://en.wikipedia.org/wiki/Extended_Euclidean_algorithm
def extended_euclidean(a, b):
    # Base case: if b is 0, return (a, 1, 0)
    if b == 0:
        return a, 1, 0
    
    # Recursively compute the extended Euclidean algorithm
    gcd, x1, y1 = extended_euclidean(b, a % b)
    
    # Update x and y using the recursive results
    x = y1
    y = x1 - (a // b) * y1
    
    return gcd, x, y


def modular_inverse(e, λ):
    _, x, _ = extended_euclidean(e, λ)
    return x % λ


def isProbablyPrime(n, k=5):
    # Rabin-Miller Primality Test
    # https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test
    # To determine if large integers are prime.

    import random
    
    # Quick return for small primes
    for p in [2, 3, 5, 7, 11, 13, 17, 19, 23, 29]:
        if n % p == 0:
            return n == p

    s, d = 0, n - 1
    while d % 2 == 0:
        s, d = s + 1, d >> 1

    for _ in range(k):
        x = pow(random.randint(2, n - 1), d, n)
        if x == 1 or x == n - 1:
            continue
        for _ in range(1, s):
            x = (x * x) % n
            if x == 1:
                return False
            if x == n - 1:
                break
        else:
            return False

    return True


def randomNumber(numDigits):
    import random
    a = 10**(numDigits - 1)
    b = (10**numDigits) - 1
    if numDigits == 1:
        a = 0
    return random.randint(a,b)


def randomPrime(numDigits):
    while True:
        x = randomNumber(numDigits)
        if isProbablyPrime(x):
            return x

def toHex(bytes):
    return ''.join(format(x, '02x') for x in bytes)

def sha256(bytes):
    "Return the SHA-256 hash byte array of the input message bytes"
    import hashlib
    m = hashlib.sha256()
    m.update(bytes)
    return m.digest()

# Example usage
bigPrime = 18987964267331664557
assert(isProbablyPrime(bigPrime))
assert(not isProbablyPrime(bigPrime*bigPrime))

p = randomPrime(100)
assert(isProbablyPrime(bigPrime))
print("Big prime =", p)

assert(extended_euclidean(240, 46) == (2, -9, 47)) # From the wiki page

# Test from https://en.wikipedia.org/wiki/SHA-2
assert(toHex(sha256(b'')) == 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')

# Test from https://emn178.github.io/online-tools/sha256.html
assert(toHex(sha256(b'The quick brown fox jumps over the lazy dog')) == 'd7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592')

Big prime = 1916802716453980208118898434067673367147398345051577733961833411577973508605399624540779957151789587


# RSA
From [Wikipedia](https://en.wikipedia.org/wiki/RSA_(cryptosystem)), we're perform a very simple RSA private key encryption and digital signature, with annotation for understanding. The wikipedia page has an example that we match below. We use very small prime numbers to 

In [204]:
def testRsa(p, q, m, e):
    assert(isPrime(p))
    assert(isPrime(q))
    
    # Define n, the modulus, and part of the public key
    n = p * q
    
    # Compute λ(n), where λ is Carmichael's totient function.
    λ = lcm(p-1, q-1)
    
    # Assert 1 < e < λ and gcd(e, λ(n)) = 1; that is, e and λ(n) are coprime. 
    
    assert(0 <= m)
    assert(m < n)
    assert(1 < e)
    assert(e < λ)
    assert(gcd(e, λ) == 1)
    
    # Let d be the modular multiplicative inverse of e modulo λ(n)
    # i.e. d ≡ e−1 (mod λ(n))
    d = modular_inverse(e,λ)
    
    # NOTE: Python's pow(a,b) method is a^b, but you can add a third parameter pow(a,b,c) to quickly calculate a^b mod c
    assert(gcd(pow(d,e),λ) == 1)
    
    # Encrypt the message m using the public key e to get ciphertext c = m^e mod n
    c = pow(m,e,n)
    
    # Decrypt the message c using private key d
    M = pow(c,d,n)

    # Alice can sign her message using her private key d.
    s = pow(m,d,n)

    # Bob can verify the signature using her public key.
    v = pow(m,e,n) == c
    
    print(f'''
PRIVATE KEY:
  p = {p}
  q = {q}
  λ = {λ}
  d = {d}

PUBLIC KEY:
  n = {n}
  e = {e}

USAGE:
  m = {m}
  c = {c}
  M = {M}
  s = {s}
  v = {v}
''')

    print("Now try to hack the private key:")
    factor(n)


In [205]:
# Pick two 2-digit prime numbers to be our private key. We'll use the example from https://en.wikipedia.org/wiki/RSA_(cryptosystem)
p = 61
q = 53

# Pick a message, typically some symmetric key.
m = 65

# Choose an e
e = 17

testRsa(p, q, m, e)


PRIVATE KEY:
  p = 61
  q = 53
  λ = 780
  d = 413

PUBLIC KEY:
  n = 3233
  e = 17

USAGE:
  m = 65
  c = 2790
  M = 65
  s = 588
  v = True

Now try to hack the private key:
The factors of 3233 are ['53', '61']. Took 0.0 seconds.


In [206]:
# Repeat again but with two 9-digit prime numbers to be our private key.

keySize = 9  # Digits. But typically bits in actual implementations, like 1024
p = randomPrime(keySize)
q = randomPrime(keySize)

# Pick a message, typically some symmetric key.
m = 1234567890

# Choose an e
e = 65537

testRsa(p, q, m, e)


PRIVATE KEY:
  p = 227075203
  q = 227815969
  λ = 8621892825404256
  d = 3769126286644673

PUBLIC KEY:
  n = 51731357407316707
  e = 65537

USAGE:
  m = 1234567890
  c = 25990006120943396
  M = 1234567890
  s = 51223928045798710
  v = True

Now try to hack the private key:
The factors of 51731357407316707 are ['227075203', '227815969']. Took 14.147780418395996 seconds.


# Built-in Cryptograph Library
Often easier to just use Python's cryptography library to do all this. Probably runs faster too.

In [207]:
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding, rsa
from cryptography.hazmat.primitives.hashes import SHA256
from base64 import b64encode, b64decode


# Generate an RSA key pair of 1024 bits
priKey = rsa.generate_private_key(public_exponent=65537, key_size=1024)
pubKey = priKey.public_key()


# Optionally export the private key to PEM format so we can use that later. Keep this private.
priPem = priKey.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption())

print("PRIVATE PEM")
print(priPem.decode('utf-8'))


# Read in the pem string into a private key just to prove it works
priKey = serialization.load_pem_private_key(priPem, password=None)


# Create a convenient public PEM for Bob to use.
print("PUBLIC PEM")
pubPem = pubKey.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo
)
print(pubPem.decode('utf-8'))

# Read in the pem string into a private key just to prove it works
pubKey = serialization.load_pem_public_key(pubPem)


# Encrypt a message using the private key
plainText = "Attack at dawn!"
bPlainText = plainText.encode('utf-8')
cipherText = pubKey.encrypt(bPlainText, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None))
hash = sha256(bPlainText)

# Convert cipherText to base64 for safe transmission
sCipherText = b64encode(cipherText).decode("utf-8")


# Alice uses her private key to decrypt the message.
origMessage = priKey.decrypt(cipherText, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)).decode('utf-8')


# Alice signs a message using her private key
signature = priKey.sign(
    bPlainText,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)


# Bob verifies the signature with Alice's public key.
verified = True
try:
  pubKey.verify(
    signature,
    bPlainText,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
  )
except InvalidSignature:
  verified = False


p = priKey.private_numbers().p
q = priKey.private_numbers().q
d = priKey.private_numbers().d
n = pubKey.public_numbers().n
e = pubKey.public_numbers().e

print(f'''
  PUBLIC:
    N = {n}
    E = {e}
  PRIVATE:
    P = {p}
    Q = {q}
    D = {d}
  PlainText  = {plainText}
  SHA256     = {toHex(hash)}
  CipherText = {sCipherText}
  Decrypted  = {origMessage}
  Signature  = {toHex(signature)}
  Verified   = {verified}
''')


PRIVATE PEM
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCiwpQ8ZeUWeItYcWMTv2QqHLjN6IXI6j3mAhHZ9TSepBf/4b1a
HX6aBNmp4IyVGnNJutj7WxBvYgtalOUkKBQyXT7zmzHRnRdfbZ8haM1ayac2ZN28
HUyErHq1uHs4SlNV1B8nVUNsOmNBXkfZlfC+Nm1YdsIgDpyBavLI7ZisoQIDAQAB
AoGAfdVJndh5YQIZWWtwWhgibJyAFFGs/UR8TpNTEduNrwjWtTHlnwImmxUc40WD
6tLkRyB6GPqyniqC9Kkg7u89jObYW1ERVg6SYZ+kIH7eoVUw1u2/IauJX0kNYQYN
fvHQ6mfVJr3nrfm/Vy+NxStG4F5ppQEzZuNo8GYiC5wWvbECQQDSumBQ/5oKHaHn
dD2+1wtaBQlNit3KsVwmZiD6nP6XSJDbIFEZuOE+RnFBufV7gDqtug3FtpHGpeBh
fwiJ6/pHAkEAxboPbsCztFHgCFTN3MZFJmwDQ3jdvkouy/vArlqxlqr+PnWeQXNS
fZyOO4gGx0FDvqaff6EwrKaEgU4m8b0t1wJBAMZfCNh3JY0sRANcm9uRGHCPmShT
92IeAD9tmNITBF9pwmNlUrNCJVe4fFmBMyQlnBd6tAhRS32THVzqdyFO8XUCQQCg
J+EwOG5W9KqelPJajU6dnIfYMyKJa9UT7MtZbqTCAacGOIcDRMHgdNrQZZH3+2lA
F/7BhnLCpe5WPlNVI4LpAkEAnmAOTI770TrqRHjMjQukL45WWNER0g9YjM2I3I8O
WIM6/2UzhmL0T3H6B/U2Nzenf0GhnYgxwxydPXfb050oUw==
-----END RSA PRIVATE KEY-----

PUBLIC PEM
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiwpQ8ZeUWeItYcWMTv2