# Diffie Helman Key Exchange
## Allows two (or more) parties that have no prior knowledge of each other to establish a shared secret key over an insecure channel. The key can be used to encrypt subsequent communication

Adversary

Party A (Alice)
- Secret Value: a 

> > Chooses a prime number $p$ and base $g$.
> > Compute $g^{a}$ mod $p$ 



Party B (Bob)
- Secret Value: b
> >  Compute $(g^{a}$ mod $p)^{b}$ mod $p$    



In [0]:
def gcd(a,b):
  a,b = max(a,b),min(a,b)
  c=1
  while c:
    c = a%b
    a = b
    b=c
  return a

def coprime(p):
    '''return the list of numbers that are coprime to p up to p-1'''
    phi = []            #create an empty list
    x = 1               #initial value
    while x < p:        #check for gcd of x and p
        if gcd(x,p)==1:
            phi.append(x)       # if gcd is indeed 1, add number to list phi
        x += 1
    return phi

In [2]:
coprime(6)

[1, 5]

In [0]:
def prime_root(p):
  '''return the list of primitive root of p'''
  coprime_list = coprime(p)           #obtain the list of coprime of p
  roots = []                          # prepare an empty list
  for x in coprime_list:
    y = 1
    while (x**y) % p != 1:          # check the condition
      y +=1
    if y == len(coprime_list):
      roots.append(x)
  return roots

In [4]:
prime_root(10)

[3, 7]

# ELGamal encryption (asymmetric)


---

## Idea: Alice publishes a public key which is accessible to everyone and can be used to encrypt messages.

## To decrypt, Alice has a secret key. We face here a so-called public-key encryption scheme


---


There are several algorithms:

1.   Key Generation: Alice picks a 'large' prime number $p$ and generator $ g \in \{2, \ldots, p-1\}$ of 'large' order. Let this order be $g$.

2.   Next, Aice picks a random number $a \in \{1, \ldots, q\}$ which is her secret key and publishes $(\, g^{\,a} \, \text{mod} \,\,p \,)$ which is her public key along with ($\,p$ and $g\,$)

3. Encryption: suppose Bob wants to send a message $m$ to Alice. Let's assume $m$ is a number mod $p$. He picks a random $k \in \{2, \ldots, g\}$ and sends $g^{\,k} \text{ mod } p, (g^{\,a})^{k} \times m \text{ mod } p$ to Alice

4. Decryption: Alice computes $(g^{\,k})^{a}$ mod $p$ and recovers m = $(g^{\,ak})^{-1} \cdot (g^{\,ak} \cdot m) $ mod $p$



---

How can Alice compute an inverse $\text{ mod }p$? 



> Fermat's Little theorem ensures the following: 

> $x^{\, p-1} =1 \text{ mod } p \,\, \forall \, x \in \{1, \ldots, p-1\}$. Hence $(x \cdot x^{\, p-2})= (x \cdot x^{\, -1}) =( 1 \text{ mod } p)$




In [5]:
# ELGamal encrryption with p = 23 and g = 5

def key_gen(p = 23, g = 5):
  
  '''produce public key and secret key for ELGamal'''
  
  import random 
  
  secret = random.randint(1, p-1)
  
  # public = (g ** (secret) % p) instead of writing this, use the power function
  
  public = pow(g, secret, p) # https://docs.python.org/3/library/functions.html, used for exponentation with powers
  
  return (public, secret)

key_gen()

(7, 19)

In [0]:
def encrypt(pk,m,p=23,g=5):
  '''encrypt message m with public key pk'''
  import random
  
  secret=random.randint(1,p-1)
  gk=pow(g,secret,p)
  gak=pow(pk,secret,p)
  return (gk, (gak*m)%p)

def decrypt(sk,c,p=23,g=5):
  '''decrypt ElGamal ciphertext c'''
  
  gak=pow(c[0],sk,p)
  gak_inv=pow(gak, p-2, p)
  
  return (gak_inv*c[1])%p