# Post-Quantum Cryptography - FrodoKEM Key Exchange using SHA3-256

In this notebook, we will demonstrate an exchange of keys using a simplified version of **FrodoKEM**, a post-quantum key encapsulation mechanism, with the hash function SHA3-256. 

FrodoKEM is designed to be secure against attacks from quantum computers, making it a crucial candidate for post-quantum cryptography. While FrodoKEM involves more complex mathematical constructs (such as lattices), this simplified version illustrates the core concept of encapsulation and decapsulation.

The process involves the following steps:

1. **Key Generation**: Bob generates a public/private key pair.
2. **Key Encapsulation (Alice)**: Alice generates a shared key and encrypts it using Bob's public key.
3. **Key Decapsulation (Bob)**: Bob decapsulates the key using his private key and verifies the correctness of the shared key.


### Step 1: Key Generation (Bob)
In FrodoKEM, Bob generates a secret key and a public key. Here, we are using the hash function SHA3-256 to represent this process.

In [4]:
import hashlib
import os

# Bob generates a private key (secret key)
secret_key_bob = os.urandom(32)

# Bob computes his public key by hashing the secret key
public_key_bob = hashlib.sha3_256(secret_key_bob).digest()

# Display Bob's secret and public keys
print("Bob's Secret Key:", secret_key_bob.hex())
print("Bob's Public Key:", public_key_bob.hex())

Bob's Secret Key: 1d4efe54de331f2fce7f98937a2c53fe377e4e180822e45d90807b0e45191002
Bob's Public Key: 926183d69ad10a4ba07ce591d75918484f2261eba7cbcf2f72d149eccafcd906


### Step 2: Key Encapsulation (Alice)
Alice encapsulates the shared key using Bob's public key. In FrodoKEM, this would involve using lattice-based operations, but here, we simplify the process by using SHA3-256.

In [5]:
# Alice computes the shared key by hashing Bob's public key
shared_key_alice = hashlib.sha3_256(public_key_bob).digest()

# Alice creates the ciphertext by hashing the combination of Bob's public key and the shared key
ciphertext = hashlib.sha3_256(public_key_bob + shared_key_alice).digest()

# Display Alice's shared key and ciphertext
print("Shared Key (Alice):", shared_key_alice.hex())
print("Ciphertext:", ciphertext.hex())

Shared Key (Alice): 6a060dc6cf63ce4f9f6a6d25607cbc990b8c8fd71424fba088d6334703b5d48c
Ciphertext: 10bc4ec139c7be2fb0e14d1fe337f1bbd5e6071861337e513ca749e93ce6165e


### Step 3: Key Decapsulation (Bob)
Bob decapsulates the shared key using his private key. In FrodoKEM, Bob would recover the shared key by performing specific mathematical operations on the ciphertext and his private key, but here, we simulate that with hash functions.


In [6]:
# Bob recomputes his public key from the private key
derived_public_key_bob = hashlib.sha3_256(secret_key_bob).digest()

# Bob derives the shared key by hashing his public key
derived_shared_key_bob = hashlib.sha3_256(derived_public_key_bob).digest()

# Bob verifies the ciphertext matches the expected value
if hashlib.sha3_256(derived_public_key_bob + derived_shared_key_bob).digest() == ciphertext:
  print("Shared Key (Bob):", derived_shared_key_bob.hex())
  print("Key exchange successful!")
else:
  raise ValueError("Decapsulation failed: invalid key.")

Shared Key (Bob): 6a060dc6cf63ce4f9f6a6d25607cbc990b8c8fd71424fba088d6334703b5d48c
Key exchange successful!


### Conclusion
In this notebook, we implemented a simplified version of the **FrodoKEM** key exchange protocol using the SHA3-256 hash function. 

While this implementation focuses on the conceptual flow, the real FrodoKEM involves complex operations over lattices, designed to resist quantum attacks. Both Alice and Bob successfully derived the same shared key, and Bob was able to verify the integrity of the ciphertext, completing the key exchange process.