# RSA cryptography



## Your name goes here. \(Double\-click on this cell to edit it.\)

Remember to hit Ctrl-Enter after editing any cell.

## Commands in python introduced in this module

---

> none

---

### Recall commands/functions written for these modules

---

- convert\_letter\_to\_number\("a letter goes here"\), 
- convert\_number\_to\_letter\(a number goes here\), 
- affine\_encrypt\_letter\("a plaintext letter goes here", key=a key goes here, m=a multiplier goes here\), 
- affine\_encrypt\("a plaintext message goes here", key=a key goes here, m=a multiplier goes here\), 
- affine\_decrypt\("a ciphertext goes here", key=a key goes here, m=a multiplier goes here\)
- phi\(n\)\-\-outputs the Euler phi value of $n$.  

---



## Math topics used in this module

- Finding inverses mod n \(AKA, using the Euclidean Algorithm\)
- Euler Phi function \(pg 75 of our course pack\) \(Pronounced Oil\-er\)
- Fermat's Little Theorem\-\-more generally Euler's Theorem \(pg 80 of our course pack\)



## Objectives

In this activity we will use Python to explore RSA cryptography.


## Preliminaries
Before working on the questions below, be sure to click in the code cell below and use Ctrl-Enter to run it.

In [6]:
##### Import libraries #####


import math



##### Helper functions #####


### convert_letter_to_number(letter)
### Converts a lowercase number to its value between 0 and 25
### letter: string (a single lowercase letter)

def convert_letter_to_number(letter):
    # Define constant that will allow us to move the letter codes by 97
    MOVE_NUMBER = 86
    letter=letter.lower()
    # Convert input to ASCII (97 to 122)
    number_ascii = ord(letter)
    # Move number to lie in the range 11 to 36
    number = number_ascii - MOVE_NUMBER
    return str(number)


### convert_number_to_letter(number)
### Converts a number between 0 and 25 to its corresponding letter
### number: integer (should be between 0 and 25)

def convert_number_to_letter(number):
    # Define constant that will allow us to move the letter codes by 97
    MOVE_NUMBER = 86
    # Move number to lie in the ASCII range 97 to 122
    number_ascii = number + MOVE_NUMBER
    # Convert number to letter
    letter = chr(number_ascii)
    return letter


### affine_encrypt_letter(plaintext_letter, key, m)
### Applies affine encrytpion to a plaintext letter p to produce ciphertext letter
###     c = m*p + k mod 26
### plaintext_letter: string (can be any character, but should be only a single character)
### key: integer (between 1 and 25)
### m: integer (relatively prime to 26)

def affine_encrypt_letter(plaintext_letter, key, m = 1):
    # Replace uppercase with lowercase
    plaintext_letter = plaintext_letter.lower()
    # Check if plaintext_letter is a lowercase letter
    if ord(plaintext_letter) >= 97 and ord(plaintext_letter) <= 122:
        plaintext_number = convert_letter_to_number(plaintext_letter)
        ciphertext_number = (m* plaintext_number + key) % 26
        ciphertext_letter = convert_number_to_letter(ciphertext_number)
        return ciphertext_letter.upper()
    else:
        # If we get to this spot, we know we don't have a letter at all,
        # so just return the character as is
        return plaintext_letter



##### Affine encryption/decryption functions #####


### affine_encrypt(plaintext, key, m = 1)
### Encrypts ciphertext using c = m*p + k mod 26.
### plaintext: string
### key: integer (the value of k in the linear congruence above, from 1 to 25)
### m: integer (default value 1 results in shift encryption--should be relatively prime to 26)

def affine_encrypt(plaintext, key, m = 1):
    # Stop if m is not chosen appropriately
    if math.gcd(m, 26) != 1:
        print("The value of m must be relatively prime to 26!")
    else:
        ciphertext = ""
        for letter in plaintext:
            ciphertext_letter = affine_encrypt_letter(letter, key, m)
            ciphertext = ciphertext + ciphertext_letter
        return ciphertext


### affine_decrypt(ciphertext, key, m = 1)
### Decrypts ciphertext encrypted using c = m*p + k mod 26.
### ciphertext: string
### key: integer (the value of k in the linear congruence above, from 1 to 25)
### m: integer (default value 1 results in shift decryption--should be relatively prime to 26)

def affine_decrypt(ciphertext, key, m = 1):
    # Stop if m is not chosen appropriately
    if math.gcd(m, 26) != 1:
        print("The value of m must be relatively prime to 26!")
    else:
        m_inv = pow(m, -1, mod = 26)
        plaintext = affine_encrypt(ciphertext, -m_inv*key, m_inv)
        return plaintext.lower()

    
#### Here are some Functions that will be helpful for encrypting with RSA.

## Euler phi function.
    
def phi(n): #We're creating a new function, we'll call if phi. It takes in a number n.
    counter = 0        #Here is our counter. We'll start it at 0 because we haven't added anything to it.
    for k in range(1, n): #here is where n plays a role. We're doing a for loop to check every number from 1 to n-1. 
        if math.gcd(n, k) == 1:
            counter += 1 #We count only the values k that are relatively prime to n. This increases our counter by 1.
    return counter   

## A bit of history

RSA is named for its creators, Ron Rivest, Adi Shamir, and Leonard Adleman who were building on the work of Diffie, Hellman, and Merkle. They began thinking about what functions did they know that were "one\-way." That is they were looking for a mathematical function that was easy to do, but hard to undo. For a non example, shifting is easy to do. We just take a number and add 5 to it. BUT it is also easy to undo. We just take our new number and subtract 5 from it. So shifting is not an example of a one way function. They began to build on what Diffie and Hellman had noticed. Numbers are really easy to multiply in the grand scheme of things. But as you all know from experience, it is very hard to find their factors. 

Fun fact! While Rivest, Shamir, Adleman, Diffie, Helman and Merkle were working on their public key cryptography ideas at Universities, the same ideas were being explored in governments in secret starting even before them in the 1960s. James Ellis first showed the existence of public key style cryptographies was possible. Then Clifford Cocks then built on Ellis' "whacky idea" and created what we now know as RSA asymmetric cipher in 1973 \(four years before Rivest, Shamir and Adleman\). His friend Malcolm Williamson then tried to disprove Cocks theory and failed to do so but in the process developed D\-H key exchange. It's interesting to see that timeline wise the ideas came out in opposite orders! Of course, they don't receive recognition for their groundbreaking work because this information was classifies until December 1997. As is always the case with the history of cryptography, government, and secrecy Ellis did not live long enough to see the world acknowledge his contributions. 



## Where is it used?

Everywhere! RSA is used to help encrypt loads of data. RSA hinges on a [trusted authority](https://www.idmanagement.gov/university/fpki/) that will assign public and private keys to all parties. 



---



## The math components needed for RSA:

### The Euler phi function

The _Euler phi function_ of $n$ is denoted with $\varphi$ and we compute $\varphi(n)$. The Euler phi function is defined to be the number of elements smaller than $n$ that are relatively prime to $n.$ For example, the prime number 17 has 16 numbers less than 17 that are all relatively prime to 17. That is because no number smaller than a prime number can share any common factors besides 1. Meanwhile, $\varphi(12)=4$ because only 1,5,7,11 do not share common factors with 12. By the way, the list is not always just the prime numbers, 12 is just fancy like that. 



### Question 1



Suppose Alicia has chosen the primes $p=5$ and $q=3$. What is $\varphi(pq)?$ What is $pq$? 

Try a few more combinations of really small primes \(like $p=2$ and $q=3$\). Do you notice any patterns?



<span style='color:#9c27b0'>_Please write up your answer here._</span>



If you computed enough examples, perhaps you noticed if $\varphi(n)=\varphi(p*q)$ where $p$ and $q$ are prime numbers has a nice pattern! If we know the that the prime factorization of $n=p*q$ then $\varphi(n)=\varphi(p*q)=(p-1)(q-1)$. This is how we can compute the Euler phi function without a computer. 

So the Euler phi function is just going through each number smaller than $n$ and checking what the gcd is. If the gcd is $1$ then we add it to a counter. That sounds like an algorithm, so this is something we can do with python! 



In [4]:
### Here are some commands for Euler phi function which we may need. 

from math import gcd ##Need the gcd function again from the math library.

def phi(n): #We're creating a new function, we'll call if phi. It takes in a number n.
    counter = 0        #Here is our counter. We'll start it at 0 because we haven't added anything to it.
    for k in range(1, n): #here is where ne plays a role. We'redoing a for loop to check every number from 1 to n-1. 
        if gcd(n, k) == 1:
            counter += 1 #We count only the values k that are relatively prime to n. This increases our counter by 1.
    return counter    

In [5]:
phi(6)

2

### Question 2



Add some code below to test our hypothesis from Question 1. Now try much bigger prime numbers and see if it still works. Does the pattern still hold?


In [6]:
## Add your different tests here. 
phi(44332)

22164

<span style='color:#9c27b0'>_Please write up your answer here._</span>



### Finding an inverse mod$\varphi(n)$

We have studied that not every element mod $n$ has an inverse. We know that an element $e$ must be relatively prime to $n$. This rule does not change if we work modulo $\varphi(n)$. We practiced in class using the Extended Euclidean algorithm to find inverses of $e\mod(\varphi(n))$ . We don't really want to do the Extended Euclidean Algorithm by hand, so we'll use python. \(Sage has the command xgcd, but we're using python right now, so that command won't work. 

To create an efficient algorithm, we'll need to rely on a coding technique called "Recursion". Let's not worry about what that is today. Essentially since we had to keep looping the same steps and sub in the prior values, recursion describes an efficient way to do that. The code is below. Thank you for Geeks for geeks for helping me make the code. 


In [7]:
# function for extended Euclidean Algorithm 
def gcdExtended(a, b): 
    # Base Case 
    if a == 0 : 
        return b,0,1
             
    gcd,x1,y1 = gcdExtended(b%a, a) 
     
    # Update x and y using results of recursive 
    # call 
    x = y1 - (b//a) * x1 
    y = x1 
     
    return gcd,x,y 
     

In [8]:
gcdExtended(3,5)

(1, 2, -1)

We can double check here to make sure the command is working. For example is it true that the gcd of 3 and 5 is 1? Yes. Next I check if $3*2+5*(-1)=1$. Yes. Then it seems to work. 


### Question 3

As always when we have a new code, test how robust it is. Try a few different values and see if the values match what you computed in your homework. Also, does this take in negative numbers?



In [9]:
## Add code here for testing

<span style='color:#9c27b0'>_Please write up your observations here._</span>



Notice that we sometimes are given negative x or y values. If we want to determine the inverse of $e\mod\varphi(n)$ then we'll need to take the $x$ value \(this is the number in the second position if you wrote the gcdExtended\(e,varphi\)\) then mod it by $\varphi(n)$. Try this as well with a few of the values you found above:


In [10]:
## Add code here for finding inverses modulo n

Alternatively, if we want to find the inverse of $e\mod\varphi(n)$, we can use the pow function in python.

### Fermat's Little Theorem and Euler's Theorem

### Question 4

Try out the following computations: 

- $3^4\mod 5$, 
- $2^6\mod7$, 
- $55^{100}\mod 101$

What do you notice?



In [11]:
## add code here using the python pow command to do those computations. 

<span style='color:#9c27b0'>_Please write up your observations here._</span>


Fermat is first credited for noticing that $a^{p-1}\mod p\equiv 1$, for all primes p in 1640. The first known proof\* of this statement is attributed to Euler in 1736 \(practically 100 years later!\). In 1763, he published a generalization of the theorem to numbers that are not prime. This later became known as Euler's Theorem:

---
**Euler's Theorem**

If $n$ and $a$ are relatively prime, then $a^{\varphi(n)}\equiv 1\mod n$.

---

This allows us to simplify really high exponents of numbers modulo n. Euler's Theorem will be key in how to decrypt using RSA. 

\*A proof is what mathematicians work on. We create logical arguments for why something must be true. The beauty of a proof is once you've proved something, it's always true no matter what.


---



## Putting the math together: Creating Alicia's Private Key and Public Key

- Alicia begins by making a private key by selecting two very large primes $p$ and $q$. She first computed $p*q=n$. 
- Since she knows the primes she can compute 
  $$\varphi(n)=\varphi
  (pq)=(p-1)(q-1).$$
- Alicia then selects $n>e>1$ where $gcd(e,\varphi(n))=1$. 
- She will then find  $d=e^{-1}\mod{\varphi(n)}$. Recall, we need to use the Euclidean algorithm to find inverses $\mod{\varphi(pq)}$
- The public key is then $(e,n)$. Notice that although the product of $n=pq$ is public, the individual primes that made up the number are a secret, and so is $d$. 



### Question 5

Alicia has chosen the following information $p=13$, $q=41$, and $e=107$. 

Find $\varphi(13*41)$. Doublecheck that Alicia's $e$ is appropriate \(remember, it must be relatively prime to $\varphi(n)$ and less than $n$\). Then compute $e^{-1}$. 



In [12]:
##Add code here to compute varphi


In [13]:
##Add code here to double check that e is relatively prime to varphi.


In [14]:
##Add code here to compute e^-1


---



## Beto sends Alicia a message


For simplicities sake, we'll assume Beto's message is just one letter, $m$. 

- Now Beto can look at some public directory and get Alicia's public key $(e,pq)$. Eve can also get this. Even you can get this key.

- Beto creates his message, then rewrites it into an integer $m$ or blocks of integers $m_1m_2\cdots m_n$ using ASCII code.

- He will compute
  $$ c\equiv m^e\mod{pq}$$
  or for longer messages:

  $$
  c_1\equiv m_1^e\mod{pq}, \cdots, c_n\equiv m_n^e\mod{pq}
  $$

- Now he broadcasts $c$ publicly to Alicia. Eve can see this $c$ as well and knows $pq$. 



So if Beto has a message "The cat is in the tree." He'll first need to convert his message to numbers, which we know how to do. Recall the command below \(I've modified the old code to be able to handle either upper or lower case letters\). Try for yourself to see it can handle either!. 



In [7]:
convert_letter_to_number("A")

'11'

Let's store our message as a string:


In [8]:
message="The cat is in the tree."

Next our goal is to create a function that takes in a message and outputs the numbers that represent that message. Unlike the commands we already have, we need to keep this list as a number. So we'll loop through our message, changing each letter into a number and create the list. In practice, we usually wouldn't display everything as a list because each number would be coded in binary and so would be the same length no matter if we chose upper or lower case. 


In [9]:
def convert_message_to_number(plaintext):
    #first we make an empty list of numbers
    converted_message = []
    plaintext=plaintext.lower()
    for letter in plaintext: #We'll loop through our message
        if ord(letter) >= 97 and ord(letter) <= 122:
            plaintext_number = convert_letter_to_number(letter) #This converts every letter to a number
            converted_message.append(plaintext_number)
        else:
            # If we get to this spot, we know we don't have a letter at all,
            # so just return the character as is
            converted_message.append(letter)
    return(converted_message)


In [11]:
print(convert_message_to_number(message))

['30', '18', '15', ' ', '13', '11', '30', ' ', '19', '29', ' ', '19', '24', ' ', '30', '18', '15', ' ', '30', '28', '15', '15', '.']


### Question 6

- Create your own message and use the code to turn it into a list of numbers. 
- Choose the first letter of your message and encrypt it by computing $m^e\mod\varphi(n)$. Remember that if you're computing large powers you may want to use the python's built in pow function learned in an earlier module.  
- Encrypt the second letter of your message.
- Optional: encrypt your whole message.



In [20]:
##Add code here to encrypt your message. 



NameError: name 'n' is not defined

*****



## Alicia decrypts Beto's message

- Alicia receives the encrypted message from Beto: $c$ or $c_1c_2\cdots c_n$. 
- She computes $$c^dc^{e^{-1}}\mod{pq}\equiv (m^e)^{e^{-1}} \mod{pq}$$
  $$\equiv (m^{ee^{-1}})\mod{pq}$$
  $$\equiv m^{1+k\varphi(pq)}\mod{pq}$$ for some integer $k$.
  $$\equiv m*(m^{\varphi(pq)})^k\mod{pq}$$
  $$\equiv m*(1)^k \mod{pq}$$ by Euler's Theorem.
  $$\equiv m\mod{pq}.$$And voila! Alicia now has Beto's message. If he sent lots of encrypted parts to the message, she can just apply this process to each individual command. 



---



### Question 7

- Decrypt the first letter of your encryption from Question 5 by computer $c^{e^{-1}}
  \mod n$ . Recall you computed $e^{-1}$ in  Question 4. 
- Check to see if your result is the same as your message from Question 5. 
- Where does Euler's Theorem play a role in the decryption?



In [22]:
## Add code here

<span style='color:#9c27b0'>_Please write up your observations here._</span>


### Question 8

You've now worked through the math and seen what Alicia and Beto are doing. Explain how the padlock analogy works for RSA encryption. How are we "undoing" our encryption, eg what mathematical operations are we using to do and undo our encryption?



<span style='color:#9c27b0'>_Please write up your answer here._</span>


*****



## So what does Eve need to know when she intercepts the Encryption?

Eve can intercept the public key $(e,pq)$ and the message $c$. Eve wishes to decrypt the message.



### Question 9



- What can be considered the private key of RSA? 
- What two bits of information would Eve need to solve for in order to find the private key? 
- Why can't Eve just use Brute force to decrypt Beto's message?



<span style='color:#9c27b0'>_Please write up your answer here._</span>



You may have noticed that we can use the phi\(n\) function in Python to compute the Euler phi function. In practicality, the algorithm we're using is a for loop. This means that if we were to choose unbelievably huge prime numbers to start with, this function would be impractical. So Eve needs to know $\varphi(p*q)$ and she even can use a computer, but if Alicia was careful, Eve can not compute this value in her lifetime. 


### Question 10

What do you conclude from this module?

<span style='color:#9c27b0'>_Please write up your answer here._</span>



### Supreme Challenge Question

Use the space below to create your own encryption function that uses RSA to encrypt. 



You may first wish to write out the "pseudocode", by which I mean the steps you'd take in words then see if there's a command that already does that. 


In [23]:
def rsa_encryption(plaintext, e, p,q):
    n=p*q
    if math.gcd(e, phi(n)) != 1:
        print("The value of e must be relatively prime to varphi(n)!")
    else:
        convert_message_to_number
        ciphertext = ""
        ### Add code here to make this work. It may need for loops.
    return(ciphertext)

In [24]:
#It'd be nice if it found e^-1 inside the function, so we don't have to do extre computations to find it. Recall we can grab something form a list by doing list_here[1], where 1 is the position in the list. 
def rsa_decryption(ciphertext, e, p,q):
    n=p*q
    if math.gcd(e, phi(n)) != 1:
        print("The value of e must be relatively prime to varphi(n)!")
    else:
        ### Add code here to make this work. It may need for loops.
    return(plaintext)

IndentationError: expected an indented block after 'else' statement on line 6 (1957511658.py, line 8)