# RSA signatures

Sigurjón Ágústsson

In [2]:
import random
import time
import numpy as np
import pandas as pd

In [3]:
def load_small_primes():
    pfile =  open("1000primes.txt", "r")
    small_primes = [int(num) for num in pfile.read().split(',')]
    return small_primes

small_odd_primes = load_small_primes()
print("Small odd primes loaded : {}...{}".format(small_odd_primes[:5], small_odd_primes[-3:]))

Small odd primes loaded : [3, 5, 7, 11, 13]...[7901, 7907, 7919]


We start by introducing some helper functions. Most important of which is the modular exponentiation function which uses Montgomery modular multiplication to very quickly compute modular exponentiation.

In [4]:
def even(n):
    """Checks the parity of n"""
    return (n&1) != 1

def pow_n_mod_n(a,n):
    """Naive and very inefficient way of doing modular exponentiation"""
    return ((a**(n-1)) % n)

def modular_exponentiation(a,n):
    """Python's fast way of doing modular exponentiation"""
    return pow(a,(n-1),n)

def divisible_by_small_prime(n, resolution=1000):
    """A function that checks if a number n has one of the 
        1000 first primes as a factor (excluding 2 because 
        it is checked for already)"""
    global small_odd_primes # The array of primes
    for small_prime in small_odd_primes[:resolution]:
        if n == small_prime:
            # In this case n is a small prime number, and we return
            # False to indicate it is not divisible by any of
            # the smaller primes
            return False
        if (n % small_prime) == 0:
            # print("diviseble by small prime")
            return True
    return False

def seconds_to_prefix(sec):
    """Just a function that inputs number of seconds (float) and 
        outputs a string representation with a unit (s, ms or min) """
    if sec < 1:
        ms = sec * 1000
        return "{} ms".format(round(ms,4))
    elif sec < 60:
        return "{} s".format(round(sec,4))
    else:
        min = int(sec) // 60
        rem = seconds_to_prefix(sec-60*min)
        return "{} min and {}".format(min,rem)

Let's demonstrate with a timing example.

In [5]:
bits = 20
# Let n be a random 20 bit integer
n = random.randint((1<<(bits-1)),((1<<bits)-1))
a = random.randint(0xFFFF,n-1) # a very large number but still less than n


ex1_start = time.perf_counter()
print(pow_n_mod_n(a,n))
ex1_end = time.perf_counter()
ex2_start = time.perf_counter()
print(modular_exponentiation(a,n))
ex2_end = time.perf_counter()
t1,t2 = (ex1_end-ex1_start), (ex2_end-ex2_start)
strt1,strt2 = seconds_to_prefix(t1), seconds_to_prefix(t2)
diff = round(t1/t2,2)
print("Using the slow algorithm, it took: {} \
        \nUsing the fast algorithm, it took: {}".format(strt1,strt2))
print("The Montgomery algorithm makes modular exponentiation {} times faster in this case!".format(diff))

856660
856660
Using the slow algorithm, it took: 2.5146 s         
Using the fast algorithm, it took: 0.0509 ms
The Montgomery algorithm makes modular exponentiation 49403.61 times faster in this case!


## Prime number generation

Now we are ready to do generate prime numbers. 

In [6]:
def probable_prime(size):
    assert size > 0
    s = size-1
    smallest = 1<<s
    largest = (1<<(s+1))-1
    while True:
        # First pick a random number n of size 'size' bits
        n = random.randint(smallest,largest)
        if even(n) or divisible_by_small_prime(n):
            continue
        a = random.randint(2,n-1)

        mod_computation = modular_exponentiation(a,n)

        if mod_computation == 1:
            # By Fermat's little thm, if the result is not 1
            # then n is not prime, otherwise, it is likely to 
            # be prime
            return n

Let's use this to generate some "small" probably-prime numbers, or pseudoprimes.

In [7]:
for i in range(4):
    bits = 8*(i+1)
    print("{} bits: \t".format(bits), probable_prime(bits))

8 bits: 	 167
16 bits: 	 59023
24 bits: 	 10236179
32 bits: 	 3836101673


In RSA encryption we want much larger primes. Typically 1024 or 3072 bits. That is no obstacle for us, let's generate such pseudoprimes:

In [8]:
t1s = time.perf_counter()
p1024 = probable_prime(1024)
t1e = time.perf_counter()
print(p1024)
print("execution time: {} seconds".format(round((t1e-t1s),3)))

135929805628349056908228205343171970716676726470924201008666274971659900877326993144359360314570659430718306202215416020824998155072919941640907964407884110079280149350120018575630034180475995082349231986171539125866129530857498357714915250515828911937331630164591868606701743760758616437505879423626815655633
execution time: 0.254 seconds


In [9]:
t1s = time.perf_counter()
p3072 = probable_prime(3072)
t1e = time.perf_counter()
print(p3072)
print("execution time: {} seconds".format(round((t1e-t1s),3)))

4169029388032716414934310916460668080352295536051902815241518301749281949407531194944265579398655921700006526346522604536660457256684401310797648622603340460495266494250200148183269745224632637007712878017316586245723967294007616319054507886412332332999913036489517079185588602784515939956016159473339483791551459838094246998195754491988846113521447586238367068605193435124728072207599181802034153859738219782205607486527890928469262911307437389525694390864255495148805043283597697892686576082176805406458736496631164595017019238131770819105086348342312886487947065999108180117887167708948737054500875505582944173630137444785480779795260143945840724638932663015280265096475547942170903806524742609499797061084920313038867992211632844607705769377129490745953593989017978591865438162999233367949196276877169889698251192775818422413457830285710561458805637152052946985630475131204616692486899114489301712617993311802386407299259
execution time: 3.622 seconds


## RSA signatures

In [10]:
e = 3
print(pow(e,-1,500))

167


In [11]:
def find_ed(N,T):
    e = 3
    d = pow(e,-1,T)
    return (e,d)

In [12]:
def generate_keys(size=1024):
    """Function that returns a tuple of public and private keys of given size (in bits)"""
    p,q = probable_prime(size),probable_prime(size)
    N = p*q
    # e is less than T. And it is coprime to T and N
    # e*d mod T has to be 1
    # e is typically 3
    T = N - p - q + 1 # (p-1)(q-1)
    e = 3
    d = pow(e,-1,T)
    return ((N,e),(N,d))

def dummy_keys():
    return ((91, 5), (91, 29))

def encrypt(val, public_key):
    """public key is a tuple containing N,e """
    N,e = public_key
    return pow(val,e,N)

def decrypt(cipher, private_key):
    """Private key is a tuple containing N,d """
    N,d = private_key
    return pow(cipher,d,N)

In [13]:
public_key, secret_key = generate_keys()
# public_key, secret_key = dummy_keys()

ValueError: base is not invertible for the given modulus

In [None]:
public_key

In [None]:
secret_key

In [None]:
text = "HELLO WORLD!"

In [17]:
def str2ascii_list(string):
    return [ord(c) for c in string]

def ascii_list2str(alist):
    s = ""
    for c in alist:
        s+=chr(c)
    return s

def encrypt_string(string, public_key):
    ascii_list = [ord(i) for i in string]
    enc_list = [encrypt(j,public_key) for j in ascii_list]
    print(enc_list)
    enc_string  = ""
    for enc in enc_list:
        enc_string += chr(enc)
    return enc_list

def decrypt_string(enc_list,private_key):
    ascii_list = [decrypt(j, private_key) for j in enc_list]
    return ascii_list

In [None]:
text_asc = str2ascii_list(text)
print("original:")
print(text_asc)
print("encrypted:")
enc = [encrypt(c, public_key) for c in text_asc]
print(enc)
print("decrypted_list")
dec_list = [decrypt(c, secret_key) for c in enc]
print(dec_list)
print("result")
res = ascii_list2str(dec_list)
print(res)

In [None]:
# ASCII has values from 32 to 126
# print("Public,private keys are: ", public_key, secret_key)
for i in range(32,127):
    enc = encrypt(i, public_key)
    dec = decrypt(enc, secret_key)
    if dec == i:
        print(f"{i}, ASCII: '{chr(i)}', Encryption: '{enc}', Decrypting encryption: '{dec}'")
    else:
        print(f"{i}, ASCII: '{chr(i)}', Encryption: '{enc}', Decrypting encryption: '{dec}' - FAIL")

In [None]:
encrypted = encrypt_string(text,public_key)
print(encrypted)
decrypted = decrypt_string(encrypted,secret_key)
print(decrypted)

Different way to encode strings

In [18]:
def string_to_num(string):
    num = 0
    for c in string:
        new_char = ord(c)
        num = (num<<7)+new_char
    return num

def num_to_string(num):
    string = ""
    while num>0:
        new_char = 0x7F
        new_char &= num # Now new_char is the ascii value of the last character of the string
        string = chr(new_char) + string # We prepend the new character to the string, since we are going in the reverse
        num = num >> 7
    return string

s = "AB"

string_to_num(s)


8386

In [34]:
public_key, private_key = generate_keys(100) # generate keys of size 100
num_chars = 5
bits = num_chars * 8
largest, lowest = (1<<bits)-1, (1<<(bits-1))
for _ in range(5):
    num = random.randint(lowest,largest)
    s = num_to_string(num)
    e = encrypt(num, public_key)
    d = decrypt(e, private_key)
    ds = num_to_string(d)
    p  = f"{num} = {s} \t ---> {e} \t ---> {d} = {ds}"
    print(p)


639511543708 = N.n 	 ---> 261544242883784286717943912901950912 	 ---> 639511543708 = N.n
892041728389 = {R# 	 ---> 709831897990396156190409014354927869 	 ---> 892041728389 = {R#
836656267875 = ,dfc 	 ---> 585654125425253968600216160560546875 	 ---> 836656267875 = ,dfc
664506056870 = +=& 	 ---> 293424809617227366211879622977703000 	 ---> 664506056870 = +=&
1063232102909 = xlIC} 	 ---> 1201944026085487063304374489877075429 	 ---> 1063232102909 = xlIC}


In [42]:
def rand_string(length):
    bits = length * 8
    largest, lowest = (1<<bits)-1, (1<<(bits-1))
    assert largest.bit_length() == bits
    print(len(bin(largest))-2,len(bin(lowest))-2)
    num = random.randint(lowest,largest)
    s = num_to_string(num)
    return s
def rand_legible_string(length):
    bits = length * 8
    s = ""
    for _ in range(length):
        s += chr(random.randint(32,126))
    return s


'~'

In [32]:
s=rand_string(3)
print(s)
print(len(s))

24 24
c;
4


In [101]:
ord('A')

65

In [45]:
bin(8386)

'0b10000011000010'

In [47]:
chr(0b1000010)

'B'

In [48]:
chr(0b1000001)

'A'

In [49]:
bin(64)

'0b1000000'