# Cryptography

### Team
<ol>
    <li> Mark Pearson </li>
    <li> Ronan Geraghty</li>
    <li> Milan Patel </li>
    <li> Will Steynor </li>
</ol>



In [2]:
from NumberFunctions import *
import numpy as np
import random as ran

### Core 2
RSA Sign Message

We know totient(prime) = prime - 1, and also totient is a multiplicative funciton.

So totient(prime1 x prime2) = (prime1 - 1)(prime2 - 1)

n-bit prime means it takes n bits of storage to store

### Modular Inverse
Solve, 
> $ax = 1 \pmod{m} $ for  $x \in \{1,2,3,...,m-1\}$


Proof

We have, where $x,y \in \mathbb{Z}$ are calculated by the Euclidean algorithm.
> $ax+by = gcd(a,b)$

We only need to take into account when $gcd(a,b)=1$ as $e$ is chosen so $gcd(e,\phi{N})=1$

Let $m=b$, where $gcd(a,m) = 1$

So we get
> \begin{align*}
ax+my &= 1\\
ax + my &\equiv 1\pmod{m}\\
ax &\equiv 1\pmod{m}
\end{align*}

Therefore, $x$ is a modular inverse of $a$ for $m$

However, by using the Euclidean algorithum sometimes $x$ is not in the set $\{1,2,...,m-1\}$. This is a problem as if $x$ is negative when we use it later for the RSA signiture we need to take the modulo of $int^{x}$, to do this we must have $int = int^{x}$

Let us consider the case where $x \notin \{1,2,...,m-1\}$, Let $d \in \mathbb{Z}$
> \begin{align*}
ax &\equiv 1\pmod{m}\\
ax + adm &\equiv 1\pmod{m}\\
a(x + dm) &\equiv 1\pmod{m}
\end{align*}

Set $x\prime = x + dm \iff x\prime = x \pmod{m}$

We know $x\prime \in \{1,2,...,m-1\}$


In [168]:
def totient(n):
    '''return the totient of n,
        number of postive integers < n which are coprime to n.'''
    num = 0
    for i in range(1,n):
        if gcd(i,n) == 1:
            num += 1
    return num

#Use hash
def my_hash(message):
    'Turn message to bits'
    'Then turn into int h'
    pass

def modular_inverse(a,n):
    '''Solves ax = 1 mod(n) for x in {1,2,3,...,m-1}'''
    gcd, x, y = gcd_ext(a, n)
    if gcd == 1:
        return x%n
    else:
        return "gcd not = 1"


def primality_test(N, t):
    for i in range(0,t):
        a = ran.randrange(0,N-1)
        if a**(N-1) %N != 1:
            return "composite"
    return "prime"





649102072833799681092928429141278423619000743619292513009867

In [165]:
help(gcd_ext)

Help on function gcd_ext in module NumberFunctions:

gcd_ext(a, b)
    Wish to output (gcd,x,y) such that gcd=ax+by.



In [167]:
#Tests

assert totient(7) == 6
assert totient(35) == 24
assert totient(5321) == 4992



assert modular_inverse(15,7) == 1

a=3487
n=9837
b=modular_inverse(a,n)
assert (a*b)%n == 1

#This test gets negative value originally, but inverse needs to be inbetween {1,2,..,m-1}
a = 3231
n = 12334
assert modular_inverse(a,n) == 11895

In [170]:
modular_inverse(3231,12334)
(3231*(12334-439))**2 % 12334

1

In [171]:
12334-439

11895

Need to gen primes of n bit lenght, idea pick number in range check if it is prime. However, with big primes doesn't work very fast. Use proboballistic approach therefore find prime which has a high prob of being prime(longer it works the higher prob of being prime).

Using Miller Rabin explain, proof

In [172]:
def random_prime(n_bit, t, trails = 500):
    '''Returns a uniform n-bit prime, with probability at most 2^(-t) getting a composite'''
    for i in range(0, trails):
        p = np.random.randint(0,2,n_bit-2)
        b = "".join(str(i) for i in p)
        my_int = int("1" + b + "1", 2) #Want at least n bit and gives odd        
        if is_prime_miller_rabin(my_int, t):
            return my_int
    return "Fail"

def is_prime_miller_rabin(N,t):
    '''If N is prime, test always outputs True(prime)
    If N is composite outputs False(not prime) except with probability at most 2^(-t)'''
    
    if N == 2:
        return True # Prime
    
    if N % 2 == 0:
        return False # Comp
    
    d, s = calc_d_s(N)
    for j in range(0,t):
        a = ran.randrange(2,N-1)
        if is_composite(N, d, s, a):
            return False #Comp
    return True #Prime
    
        
def is_composite(N, d, s, a):
    '''Evaulate a^d != +-1 mod(N), and, a^(d*2^r) != -1 mod(N) for r in {1,2,...,s-1},
    However, if output False does not mean prime could be strong liar'''
    remain = pow(a, d, N)
    if (remain != 1) and (remain != N - 1):
        for r in range(1,s):
            remain = pow(remain, 2, N)
            if remain != N-1:
                pass
            else:
                return False    
    else:
        return False
    
    return True
    
def calc_d_s(N):
    s = 0
    Num = N - 1
    while Num%2 == 0:
        Num //= 2
        s += 1
    d = Num
    return int(d), int(s)

In [173]:
#Tests
assert calc_d_s(71)[0] == 35
assert calc_d_s(71)[1] == 1
assert calc_d_s(127)[0] == 63
assert calc_d_s(127)[1] == 1
assert calc_d_s(9627824804082068411)[0] == 4813912402041034205
assert calc_d_s(9627824804082068411)[1] == 1
assert calc_d_s(203981900391787397947)[0] == 101990950195893698973
assert calc_d_s(203981900391787397947)[1] == 1



N, d, s = 221, 55, 2
#137 is a witness for compositeness of 221
a = 137
assert is_composite(N, d, s, a) == True

#174 will lead to 221 being a prime or 174 is a strong liar for 221
a = 174
assert is_composite(N, d, s, a) == False

N, d, s = 71, 35, 1
a = 19
assert is_composite(N, d, s, a) == False


assert is_prime_miller_rabin(203981900391787397947,40) == True

(p,q) is the private key with 512 bit primes, in question but books say (N,f) is private key

(N,e) is the public key, where N=pxq, 

h = hash(message)

computes signature
s = h^f mod(N)

f is the multiplicative inverse of e modulo φ(N)

send s to bob

In [208]:
def gen_modulas(n_bit):
    '''n_bit is the size of the primes you want, the secuirty level.
    This will output (N,p,q), N = p*q, p,q are n_bit uniform primes'''
    
    p=""
    q=""
    
    while type(p) == str or type(q) ==str:
        p = random_prime(n_bit, 40)
        q = random_prime(n_bit, 40)
    N = p*q
    return N, p, q

def choose_e(phi_n):
    e = 2
    while True:
        if gcd(e, phi_n) == 1:
            return e
        else:
            e += 1

def gen_RSA(n_bit):
    '''n_bit is the size of the primes you want, the secuirty level.
    output, N,e,f, N = p*q, e is relatively prime to phi(N), f solves ef = 1mod(phi(N))'''
    N, p, q = gen_modulas(n_bit)
    phi_n = (p-1)*(q-1)
    e = choose_e(phi_n)
    f = modular_inverse(e,phi_n)
    return N,e,f
    

In [195]:
assert choose_e(448) == 3
gen_RSA(100)

p: 41
q: 61
7
2400


(2501, 7, 343)

In [209]:
message = "Hello"
N, e, f = gen_RSA(512) #N is product of two 512 bit primes except with negligible prob
private_key = [N,f]
public_key = [N,e] #maybe save as dict


def Alice_part(message, private_key):
    N = private_key[0]
    f = private_key[1]
    h = hash(message)
    s = pow(h,f,N)
    return s

#Bob will get the public key, message and s
s = Alice_part(message, private_key)

def Bob_part(message, s, public_key):
    N = public_key[0]
    e = public_key[1]
    h_prime = hash(message)
    h = pow(s, e, N)
    if h == h_prime%N:
        return "Authenticated" #Message from Alice
    else:
        return "Intruder" #Message not from Alice
    
Bob_part(message, s, public_key)

'Authenticated'

In [197]:
pow(1053,7,2501)

15

In [44]:
e = 11 #need to chose e so gcd(e,phi(N))=1
message = "Hello"
h = hash(message)
print(message + " hashes to " + str(h))
p = random_prime(512, 40)
q = random_prime(512, 40)
N = p*q
print ("N is: " + str(N))
tot_N = (p-1)*(q-1)
print ("phi(N) is: " + str(tot_N))

f = modular_inverse(e,tot_N)
s = pow(h, f, N)
#Send s to bob still working progress

Hello hashes to 5648249924368395339
N is: 149034529219695800793470810661398045399855555913713242039707118969801278763904847219027681407782401533571375058821646870283598295576228556877550874819103739478953609684788156099452709192871021619083357779228456085542309986963526381461000452179205128944349914446204765632718104781004614511219086547591306792623
phi(N) is: 149034529219695800793470810661398045399855555913713242039707118969801278763904847219027681407782401533571375058821646870283598295576228556877550874819103715062343538401944739184708306887043564562591601575481743186332531710711193024908456547985089089232235449550793896153673657720962530246519737316098070785920


62861950319384268118105945380194311353348822309999329910700516105653360815920249348525534288676007169961624157266275126954988382573261612912349658909028116289671431645061915439037639501783607627841827439869043312384695489799731205453304252674118014258619614955479885628040355746080595030193207632613575873423

In [11]:
help(pow)


Help on built-in function pow in module builtins:

pow(x, y, z=None, /)
    Equivalent to x**y (with two arguments) or x**y % z (with three arguments)
    
    Some types, such as ints, are able to use a more efficient algorithm when
    invoked using the three argument form.

