## p 为梅森素数，群为 Zp*
- p = 2^61 - 1

In [1]:
def mod_exp(base, exp, mod):
    """快速模幂计算 (base^exp % mod)"""
    result = 1
    base = base % mod
    while exp > 0:
        if exp % 2 == 1:
            result = (result * base) % mod
        exp = exp // 2
        base = (base * base) % mod
    return result

In [2]:
import random

p = (2**61) - 1  
g = 5                 

# Alice 步骤
x = random.randint(1, p-2) 
h_A = mod_exp(g, x, p)    

# Bob 步骤
y = random.randint(1, p-2)  
h_B = mod_exp(g, y, p)     
k_B = mod_exp(h_A, y, p)    

# Bob 发送 h_B 给 Alice
k_A = mod_exp(h_B, x, p)    

print("有限域乘法群 DH:")
print(f"Alice的私钥 x = {x}")
print(f"Alice的公钥 h_A = {h_A}")
print(f"Bob的私钥 y   = {y}")
print(f"Bob的公钥 h_B = {h_B}")
print(f"共享密钥是否一致: {k_A == k_B}\n")

有限域乘法群 DH:
Alice的私钥 x = 128231845321144448
Alice的公钥 h_A = 336044809595302223
Bob的私钥 y   = 1357511315409627098
Bob的公钥 h_B = 852612687814681560
共享密钥是否一致: True



## p 为大素数，群为 Zp* 
- p = 0xEEFC0B79D5FF2502BA4BC0C1BF86293C1B0495086E25C075C1391EC8DD3B1961

In [3]:
#def is_prime(n: int) -> bool:
#    """判断是否为素数"""
#    if n <= 1:
#        return False
#    if n == 2:
#        return True
#    if n % 2 == 0:
#        return False
#    max_divisor = int(n ** 0.5) + 1
#    for i in range(3, max_divisor, 2):
#        if n % i == 0:
#            return False
#    return True
#不推荐使用，请使用下面的方法：

def is_prime(n, k=50):
    """使用Miller-Rabin素性测试检查n是否为素数"""
    if n <= 1:
        return False
    if n <= 3:
        return True
    if n % 2 == 0:
        return False
    
    # 将n-1表示为2^r * d
    r, d = 0, n - 1
    while d % 2 == 0:
        r += 1
        d //= 2
    
    # 进行k次测试
    for _ in range(k):
        a = random.randint(2, n - 2)
        x = pow(a, d, n)
        if x == 1 or x == n - 1:
            continue
        for _ in range(r - 1):
            x = pow(x, 2, n)
            if x == n - 1:
                break
        else:
            return False
    return True

p = 0xEEFC0B79D5FF2502BA4BC0C1BF86293C1B0495086E25C075C1391EC8DD3B1961
print(is_prime(p))

True


In [4]:
fp = GF(p)
r = fp.random_element()
print(f"随机元素: {r}")
g = fp.multiplicative_generator()
print(f"乘法群的一个生成元: {g}")

随机元素: 57984365836306167664704841346595451098093147465177523951412903043162349242304
乘法群的一个生成元: 5


In [5]:
import random

# Alice 步骤
x = random.randint(1, p-2) 
h_A = mod_exp(g, x, p)    

# Bob 步骤
y = random.randint(1, p-2)  
h_B = mod_exp(g, y, p)     
k_B = mod_exp(h_A, y, p)    

# Bob 发送 h_B 给 Alice
k_A = mod_exp(h_B, x, p)    

print("有限域乘法群 DH:")
print(f"Alice的私钥 x = {x}")
print(f"Alice的公钥 h_A = {h_A}")
print(f"Bob的私钥 y   = {y}")
print(f"Bob的公钥 h_B = {h_B}")
print(f"共享密钥是否一致: {k_A == k_B}\n")

有限域乘法群 DH:
Alice的私钥 x = 19577931351050065157720556590491825403728639148794812689898220141463699146880
Alice的公钥 h_A = 71155964006876624059497791023550271693029252597885672084388029427770166710899
Bob的私钥 y   = 38228205764630246868667336487866865525552351081125234061596190330323875853461
Bob的公钥 h_B = 49273394571423802724648309010502490987548908255687432903402237051114772035431
共享密钥是否一致: True



## 椭圆曲线群
- P-256 参数

In [6]:
p = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B
Gx = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
Gy = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
n = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

E = EllipticCurve(GF(p), [a, b])

R = E.random_point()
print(f"随机点 R = {R}")
G = E.gens()[0]
print(f"生成元点 G = {G}")
print(f"生成元点的阶是否为预期值: {G.order() == n}")

随机点 R = (29158265598049434005416650500127191355924494711986095392256281105470088759891 : 52211006685353056933144255217327036450930237353842351677369036859294949233014 : 1)
生成元点 G = (38764697308493389993546589472262590866107682806682771450105924429005322578970 : 112597290425349970187225006888153254041358622497584092630146848080355182942680 : 1)
生成元点的阶是否为预期值: True


In [7]:
def generate_keypair():
    private_key = random.randint(1, G.order() - 1)
    public_key = private_key * G
    return private_key, public_key

def compute_shared_secret(private_key, other_public_key):
    shared_point = private_key * other_public_key
    shared_secret = shared_point[0]  
    return shared_secret

# Alice生成密钥对
alice_private, alice_public = generate_keypair()
print(f"Alice的私钥: {alice_private}")
print(f"Alice的公钥: {alice_public}")

# Bob生成密钥对
bob_private, bob_public = generate_keypair()
print(f"\nBob的私钥: {bob_private}")
print(f"Bob的公钥: {bob_public}")

# Alice计算共享密钥
alice_shared = compute_shared_secret(alice_private, bob_public)
print(f"\nAlice计算的共享密钥: {alice_shared}")

# Bob计算共享密钥
bob_shared = compute_shared_secret(bob_private, alice_public)
print(f"Bob计算的共享密钥: {bob_shared}")

print(f"共享密钥是否一致: {alice_shared == bob_shared}")

Alice的私钥: 55898499798804488832753462940949206642493778847148317416904998229269195983409
Alice的公钥: (23902350511451714540364028943910366097812699939461119676210124734906454002287 : 100485110899025638489213173587936538337779141155341146876203128401256590830970 : 1)

Bob的私钥: 71883399351671030416010748534747635733620426530252990108813708629349728727809
Bob的公钥: (87624283845420109320647739917081154616242789728366260515882516388460531246120 : 63207787330009166184473323616312703379230767419256264858582261867075191870947 : 1)

Alice计算的共享密钥: 49933013216280283402865048943249369108555928374597778478837217606323810085793
Bob计算的共享密钥: 49933013216280283402865048943249369108555928374597778478837217606323810085793
共享密钥是否一致: True


# 测试

In [22]:
p = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B
Gx = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
Gy = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
n = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

E = EllipticCurve(GF(p), [a, b])
G = E(Gx, Gy) 

def generate_keypair_(private_key):
    public_key = private_key * G
    return private_key, public_key

def compute_shared_secret_(private_key, other_public_key):
    shared_point = private_key * other_public_key
    shared_secret = shared_point[0]  # 取第一个
    return shared_secret

alice_private, alice_public = generate_keypair_(65537)
print(f"Alice的私钥: {alice_private}")
print(f"Alice的公钥: ({alice_public[0]}, {alice_public[1]})")

bob_private = 2**32
bob_public = generate_keypair_(bob_private)[1]
print(f"\nBob的私钥: {bob_private}")
print(f"Bob的公钥: ({bob_public[0]}, {bob_public[1]})")

alice_shared = compute_shared_secret_(alice_private, bob_public)
print(f"\nAlice计算的共享密钥: {alice_shared}")

bob_shared = compute_shared_secret_(bob_private, alice_public)
print(f"Bob计算的共享密钥: {bob_shared}")

print(f"共享密钥是否一致: {alice_shared == bob_shared}")

Alice的私钥: 65537
Alice的公钥: (11849740311970813061251866619377318194422684910211998295454231065277556759479, 41177557732807933106412093593072366836582086536891432954584462402740857191652)

Bob的私钥: 4294967296
Bob的公钥: (57845546284519137759868071879580864747474048681904255205518830050186748385603, 104300214627605143922035278089265480928211230602089785806215194357861799731457)

Alice计算的共享密钥: 27789339966828980564115416551894358796676365996850021724102056751057065485141
Bob计算的共享密钥: 27789339966828980564115416551894358796676365996850021724102056751057065485141
共享密钥是否一致: True
