## Elliptic group generation demo

In [1]:
from crypto.ecc import generate_group

group = generate_group(a=0, b=7, m=71)
group

{(1, 24),
 (1, 47),
 (2, 21),
 (2, 50),
 (6, 9),
 (6, 62),
 (11, 29),
 (11, 42),
 (13, 28),
 (13, 43),
 (15, 20),
 (15, 51),
 (19, 11),
 (19, 60),
 (21, 31),
 (21, 40),
 (22, 17),
 (22, 54),
 (24, 25),
 (24, 46),
 (25, 15),
 (25, 56),
 (28, 34),
 (28, 37),
 (29, 16),
 (29, 55),
 (30, 13),
 (30, 58),
 (31, 7),
 (31, 64),
 (33, 35),
 (33, 36),
 (34, 30),
 (34, 41),
 (36, 4),
 (36, 67),
 (37, 26),
 (37, 45),
 (40, 6),
 (40, 65),
 (41, 22),
 (41, 49),
 (46, 12),
 (46, 59),
 (49, 3),
 (49, 68),
 (51, 32),
 (51, 39),
 (54, 8),
 (54, 63),
 (55, 10),
 (55, 61),
 (56, 18),
 (56, 53),
 (57, 23),
 (57, 48),
 (59, 14),
 (59, 57),
 (60, 5),
 (60, 66),
 (61, 1),
 (61, 70),
 (64, 27),
 (64, 44),
 (65, 2),
 (65, 69),
 (66, 33),
 (66, 38),
 (70, 19),
 (70, 52)}

In [2]:
group_order = len(group)
group_order

70

## Base point choice

Let subgroup order be $n = 7$, so subgroup cofactor is $h = \frac{70}{7} = 10$. Let's take $P = (2, 50)$ and calculate $G = hP$. It will be the base point.

In [3]:
from crypto.ecc import scalar_mult


h = 10
P = (2, 50)

G = scalar_mult(h, P)
G

(40, 65)

## ECDH demo

In [4]:
from crypto.ecdh import make_keypair
from crypto.ecc import curve, scalar_mult

print('Curve:', curve)

# Alice generates her own keypair.
alice_private_key, alice_public_key = make_keypair()
print("Alice's private key:", hex(alice_private_key))
print("Alice's public key: (0x{:x}, 0x{:x})".format(*alice_public_key))

# Bob generates his own key pair.
bob_private_key, bob_public_key = make_keypair()
print("Bob's private key:", hex(bob_private_key))
print("Bob's public key: (0x{:x}, 0x{:x})".format(*bob_public_key))

# Alice and Bob exchange their public keys and calculate the shared secret.
s1 = scalar_mult(alice_private_key, bob_public_key)
s2 = scalar_mult(bob_private_key, alice_public_key)
assert s1 == s2

print('Shared secret: (0x{:x}, 0x{:x})'.format(*s1))

Curve: EllipticCurve(name='E71(0, 7)', p=71, a=0, b=7, g=(40, 65), n=7, h=10)
Alice's private key: 0x6
Alice's public key: (0x40, 0x1b)
Bob's private key: 0x1
Bob's public key: (0x28, 0x41)
Shared secret: (0x40, 0x1b)


## ECDSA demo
The script first signs a message (the byte string `"Hello!"`), then verifies the signature. Afterwards, it tries to verify the same signature against another message (`"Hi there!"`) and verification fails. Lastly, it tries to verify the signature against the correct message, but using __another random public key__ and verification fails again.

In [5]:
from crypto.ecdsa import sign_message, verify_signature

print('Curve:', curve.name)

private, public = make_keypair()
print("Private key:", hex(private))
print("Public key: (0x{:x}, 0x{:x})".format(*public))

msg = b'Hello!'
sign = sign_message(private, msg)

print()
print('Message:', msg)
print('Signature: (0x{:x}, 0x{:x})'.format(*sign))
print('Verification:', verify_signature(public, msg, sign))

msg = b'Hi there!'
print()
print('Message:', msg)
print('Verification:', verify_signature(public, msg, sign))

private, public = make_keypair()

msg = b'Hello!'
print()
print('Message:', msg)
print("Public key: (0x{:x}, 0x{:x})".format(*public))
print('Verification:', verify_signature(public, msg, sign))


Curve: E71(0, 7)
Private key: 0x1
Public key: (0x28, 0x41)

Message: b'Hello!'
Signature: (0x1, 0x6)
Verification: signature matches

Message: b'Hi there!'
Verification: invalid signature

Message: b'Hello!'
Public key: (0x16, 0x11)
Verification: invalid signature
