In [1]:
import os
import random

# example of Diffie-Hellman-Merkle key exchange

check out [this article](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) on DHM key exchange. extra shoutout to the examble, which is super helpful and what we're about to do here

## partner up!

pair up. One of you is partner 1, the other is partner 2. Both of you should execute the following:

In [2]:
p = 23
g = 5

afterward, go through you respective section below and think about each cell you execute. Then, switch roles and try again

## partner 1 does this

this person is Alice

*pick a secret number! Don't tell anyone!!*

In [3]:
p1secretnumber = random.randint(1, 100)
p1secretnumber

65

*prepare a special number to send to partner 2*

In [4]:
forp2 = (g ** p1secretnumber) % p
forp2

14

*give that number to partner 2 and then wait for them to get back to you*

In [9]:
fromp2 = int(input('what number did partner 2 give back to you? '))

what number did partner 2 give back to you? 9


In [10]:
p1result = (fromp2 ** p1secretnumber) % p
p1result

18

*check with partner 2 that you have the same values. Then switch roles*

## partner 2 does this

this person is Bob

*wait for a special number from partner 1*

In [5]:
fromp1 = int(input("what number did partner 1 give you? "))

what number did partner 1 give you? 14


*now you choose your own secret, don't tell partner 1 or anyone!*

In [6]:
p2secretnumber = random.randint(1, 100)
p2secretnumber

54

In [7]:
forp1 = (g ** p2secretnumber) % p
forp1

9

*give that number back to partner 1 and move on*

In [8]:
p2result = (fromp1 ** p2secretnumber) % p
p2result

18

*check with partner 1 that you have the same values. Then switch roles*

## why does this work?

this is simply the result of a property of prime numbers:

$$
\left(a \cdot b\right) \mod n = \left((a \mod n) \cdot (b \mod n)\right) \mod n
$$

to prove: you could write $a = d_a * n + r_a$, and same with b. multiply $a$ and $b$ and all but the remainder terms (the results of the modulo expressions themselves) will fall out because they will have at least one factor of $n$

as a result

$$
\left(g^a \mod p\right)^b = g^{ab} \mod p \\
\left(g^b \mod p\right)^a = g^{ba} \mod p
$$

and the value that you get from that is necessarily identical.

## primitive root diversion

check out [this article](https://en.wikipedia.org/wiki/Primitive_root_modulo_n) on primitive roots

In [11]:
[3 ** i for i in range(1, 7)]

[3, 9, 27, 81, 243, 729]

In [12]:
[(3 ** i) % 7 for i in range(1, 7)]

[3, 2, 6, 4, 5, 1]

In [13]:
def is_primitive(root, modulus):
    return set(range(1, modulus)) == {(root ** i) % modulus for i in range(1, modulus)}

In [14]:
assert is_primitive(g, p)

## concluding thoughts

the process of picking secret numbers and using modulo exponentiation tricks as we did above has one cool feature: between partner 1's secret number, partner 2's secret number, and the secret result, no one in the room knows all three numbers. This is important for public exchange of information -- we just created one shared secret using mutually un-shared secrets.

I wonder if there's an application here...

# making it a bit harder: RSA

Let's do something similar now, but add in a bit more mathematical complexity (we're paranoid)

## partner up!

Same drill, but now you don't even start with the same information. go through you respective section below and think about each cell you execute. Then, switch roles and try again

## partner 1 does this

this person is Alice

*pick two prime numbers with different orders of magnitude. then multiply them -- that's our modulus now*

In [15]:
p = 1987
q = 13

n = p * q
n

25831

*now we do some magic with least common multiples (functions stolend from [here](https://stackoverflow.com/questions/147515/least-common-multiple-for-3-or-more-numbers))*

In [16]:
# ripped straight from here
def gcd(a, b):
    while b:
        a, b = b, a % b
    return a

def lcm(a, b):
    return a * b // gcd(a, b)

*calculate the following SUPER SECRET NUMBER*

In [17]:
lambdaN = lcm(p - 1, q - 1)
lambdaN

3972

*find any number $1 < e < \lambda_n$ such that $e$ and $\lambda_n$ are coprime*

In [18]:
# note: this is a fun but super dumb way to do this. In practice we often just use 
# a favorite number (e.g. 2^16 + 1) every time

while True:
    e = random.randint(1, lambdaN)
    if gcd(e, lambdaN) == 1:
        break
        
e

2425

*find the [modular multiplicative inverse](https://en.wikipedia.org/wiki/Modular_multiplicative_inverse) of $e$ modulo $\lambda_n$*

In [19]:
d = 1
while True:
    if (d * e) % lambdaN == 1:
        break
    d += 1
        
d

3877

In [20]:
print('MY PUBLIC KEYS ARE')
print('  n = {}'.format(n))
print('  e = {} (e is for "encryption")'.format(e))
print('\nMY PRIVATE KEYS ARE')
print('  n = {}'.format(n))
print('  d = {} (d is for "decryption")'.format(d))
print('\nI should also keep the following secret, because they could be used to calculate d:')
print('  p = {}'.format(p))
print('  q = {}'.format(q))
print('  lambdaN = {}'.format(lambdaN))
print('\nso mind your ps and qs, gang')

MY PUBLIC KEYS ARE
  n = 25831
  e = 2425 (e is for "encryption")

MY PRIVATE KEYS ARE
  n = 25831
  d = 3877 (d is for "decryption")

I should also keep the following secret, because they could be used to calculate d:
  p = 1987
  q = 13
  lambdaN = 3972

so mind your ps and qs, gang


*send your public key values $n$ and $e$ to your partner and move on*

In [23]:
encryptedMessage = int(input('was the encrypted message partner 2 gave you? '))

was the encrypted message partner 2 gave you? 2754


*let's decrypt that message*

In [24]:
# note -- d below is totally private, partner 2 doesn't know it
decryptedMessage = (encryptedMessage ** d) % n
decryptedMessage

1337

*check with partner 2 that you have the same values. Then switch roles*

## partner 2 does this

this person is Bob

*wait for a pair of special numbers from partner 1*

In [21]:
fromp1n = int(input("what number did partner 1 give you for n? "))
fromp1e = int(input("what number did partner 1 give you for e? "))

what number did partner 1 give you for n? 25831
what number did partner 1 give you for e? 2425


*let's send a message to our partner*

In [22]:
message = 1337
encryptedMessage = (message ** fromp1e) % fromp1n
encryptedMessage

2754

*give that encrypted message to partner 1*

*check with partner 1 that they got your message. Then switch roles*

# ssh keys

let's start by creating a public and private key and seeing how that works.

in a shell session, execute the following:

```shell
ssh-keygen -t rsa
```

and at the prompt, enter a path you can remember (e.g. `/tmp/key`). No password is necessary

let's read it:

In [4]:
%%bash
less /tmp/key

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtmioDhGV0dQqa4udsM+IE94/d85cIPnnLXVXol4aAxdMk1DY
m2mCrp22/CNwSXTfD+Yw86VwxVtS8jTEkNYUDiPvuiK1dhG2RE5XO1egLn5g2lb5
6/Z72CFhG3R8d28nZAqN6ggFpQilfojOBfC3nWF1BkkCBZyCC2VCHmb9PFPKU2b0
fyBoqdt8Xf9Z93uKD66B9j+dnH21FsDFN/sKDkEULBl0QDNe1owyUooDlh8JMFWp
o5ioRaYwOdcD7IZtgNe+DRtsXTpulrLHI01Dlj5KYOXRaalmB1Lc7qZ10PHMbRHO
m1uaKjnaVS3ya/5SqXG6+PPeBavJpWqO+pjdvwIDAQABAoIBAA+vyGQNVxkIae19
wD3oWwd6YXLoKDwdwafDI5ovBYWmh0tT9IzI8hgaMBZW5d0rU9OGNEd/vsb6J5P0
vcLG5kqhBIi5W2mf9FDDe/T6gCf/bkzYlf2Y4OWhWTyHM/0Bbh3IWpP5xKKAr9rF
4RHZtbCvJOU5ehcJcpWQS7NZoAWD+frRfBmNG6ao+eCe0jmR3icT51QwXJ7o3X0I
tBjXmY+AvZ0+KbROygeD0pAx+IHb6gjWDsABe8pUTfnWPwPHj6NmbB7tVJF4QZFU
yXAZ6tbupJevrGQ9D/4hqu7ig4YG7b4AwOV60d2nZaE9uCiyEI2CPFO9r/zNNseW
hUDeGWECgYEA4YB/d5wAU4FsvTqk9FYaQajjpTwatjIDxPz1UOj2kgFD/uQ5QTHs
Cgan96QSPUQB7QIIpJVotfDMvlhrm8L2iglE8YjTelM3kJTVnmQkKGfYo9OFMxlg
auE7DbpkRhW5uCS2E3ON/zfAkzf6NivjWaWeDFOOo0yqmteekm1l1/0CgYEAzxQn
rFoTrFV2iOwWf2mY5G33csxTvjSg+6SBdJoRn4SeAkuFChBBOrnSsVLfTj

there is also a "public" version of this key, created with the same name and an additional `.pub` extension.

In [29]:
%%bash
less /tmp/key.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2aKgOEZXR1Cpri52wz4gT3j93zlwg+ectdVeiXhoDF0yTUNibaYKunbb8I3BJdN8P5jDzpXDFW1LyNMSQ1hQOI++6IrV2EbZETlc7V6AufmDaVvnr9nvYIWEbdHx3bydkCo3qCAWlCKV+iM4F8LedYXUGSQIFnIILZUIeZv08U8pTZvR/IGip23xd/1n3e4oProH2P52cfbUWwMU3+woOQRQsGXRAM17WjDJSigOWHwkwVamjmKhFpjA51wPshm2A174NG2xdOm6WsscjTUOWPkpg5dFpqWYHUtzupnXQ8cxtEc6bW5oqOdpVLfJr/lKpcbr4894Fq8mlao76mN2/ zlamberty@megaman


These keys can both be parsed into a particular structured format called ASN.1. You can use linux tools to do this parsing, (see below), or you can go to [this awesome online parser site](http://lapo.it/asn1js/).

**note**: you have to do a little conversion to the public key (see two cells below) before the online parser commands will work

In [30]:
%%bash
openssl asn1parse -in /tmp/key

    0:d=0  hl=4 l=1188 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=4 l= 257 prim: INTEGER           :B668A80E1195D1D42A6B8B9DB0CF8813DE3F77CE5C20F9E72D7557A25E1A03174C9350D89B6982AE9DB6FC23704974DF0FE630F3A570C55B52F234C490D6140E23EFBA22B57611B6444E573B57A02E7E60DA56F9EBF67BD821611B747C776F27640A8DEA0805A508A57E88CE05F0B79D6175064902059C820B65421E66FD3C53CA5366F47F2068A9DB7C5DFF59F77B8A0FAE81F63F9D9C7DB516C0C537FB0A0E41142C197440335ED68C32528A03961F093055A9A398A845A63039D703EC866D80D7BE0D1B6C5D3A6E96B2C7234D43963E4A60E5D169A9660752DCEEA675D0F1CC6D11CE9B5B9A2A39DA552DF26BFE52A971BAF8F3DE05ABC9A56A8EFA98DDBF
  268:d=1  hl=2 l=   3 prim: INTEGER           :010001
  273:d=1  hl=4 l= 256 prim: INTEGER           :0FAFC8640D57190869ED7DC03DE85B077A6172E8283C1DC1A7C3239A2F0585A6874B53F48CC8F2181A301656E5DD2B53D38634477FBEC6FA2793F4BDC2C6E64AA10488B95B699FF450C37BF4FA8027FF6E4CD895FD98E0E5A1593C8733FD016E1DC85A93F9C4A280AFDAC5E111D9B5B0AF24E5397A170

In [31]:
%%bash
ssh-keygen -f /tmp/key.pub -e -m pem

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAtmioDhGV0dQqa4udsM+IE94/d85cIPnnLXVXol4aAxdMk1DYm2mC
rp22/CNwSXTfD+Yw86VwxVtS8jTEkNYUDiPvuiK1dhG2RE5XO1egLn5g2lb56/Z7
2CFhG3R8d28nZAqN6ggFpQilfojOBfC3nWF1BkkCBZyCC2VCHmb9PFPKU2b0fyBo
qdt8Xf9Z93uKD66B9j+dnH21FsDFN/sKDkEULBl0QDNe1owyUooDlh8JMFWpo5io
RaYwOdcD7IZtgNe+DRtsXTpulrLHI01Dlj5KYOXRaalmB1Lc7qZ10PHMbRHOm1ua
KjnaVS3ya/5SqXG6+PPeBavJpWqO+pjdvwIDAQAB
-----END RSA PUBLIC KEY-----


In [32]:
%%bash
ssh-keygen -f /tmp/key.pub -e -m pem >> /tmp/key.pub.pem
PUBKEY=$(grep -v -- ----- /tmp/key.pub.pem | tr -d '\n')
echo $PUBKEY | base64 -d | openssl asn1parse -inform DER -i

    0:d=0  hl=4 l= 266 cons: SEQUENCE          
    4:d=1  hl=4 l= 257 prim:  INTEGER           :B668A80E1195D1D42A6B8B9DB0CF8813DE3F77CE5C20F9E72D7557A25E1A03174C9350D89B6982AE9DB6FC23704974DF0FE630F3A570C55B52F234C490D6140E23EFBA22B57611B6444E573B57A02E7E60DA56F9EBF67BD821611B747C776F27640A8DEA0805A508A57E88CE05F0B79D6175064902059C820B65421E66FD3C53CA5366F47F2068A9DB7C5DFF59F77B8A0FAE81F63F9D9C7DB516C0C537FB0A0E41142C197440335ED68C32528A03961F093055A9A398A845A63039D703EC866D80D7BE0D1B6C5D3A6E96B2C7234D43963E4A60E5D169A9660752DCEEA675D0F1CC6D11CE9B5B9A2A39DA552DF26BFE52A971BAF8F3DE05ABC9A56A8EFA98DDBF
  265:d=1  hl=2 l=   3 prim:  INTEGER           :010001
  270:d=0  hl=4 l= 266 cons: SEQUENCE          
  274:d=1  hl=4 l= 257 prim:  INTEGER           :B668A80E1195D1D42A6B8B9DB0CF8813DE3F77CE5C20F9E72D7557A25E1A03174C9350D89B6982AE9DB6FC23704974DF0FE630F3A570C55B52F234C490D6140E23EFBA22B57611B6444E573B57A02E7E60DA56F9EBF67BD821611B747C776F27640A8DEA0805A508A57E88CE05F0B79D6175064902059