# **Lab 7**: March 27, 2019.
## Topic: Discrete Log Problem

Main concept: To learn more about the discrete log problem and the ElGamal cryptosystem.

In [12]:
#These are some imports that we will use later. Below are functions that you may find useful during the lab. Remember to run this cell.

import random
import fractions
from sage.all import *

#The function below tests if n is prime and returns True if so and False if not.
def isPrime(n):
    if n==2 or n==3: return True
    if n%2==0 or n<2: return False
    for i in range(3,int(n**0.5)+1,2):
        if n%i==0:
            return False    
    return True

#This function computing modular exponentiation more effectivly
def mod_pow(base, exponent, modulus):
    if modulus == 1:
        return 0
    result = 1
    base = base % modulus
    while exponent > 0:
        if (exponent % 2 == 1):
           result = (result * base) % modulus
        exponent = exponent >> 1
        base = (base * base) % modulus
    return result


### Part 1: Create a public key

Practice creating a public key and publishing it in your group.

**Exercise 4.1**: Choose a prime $p$ that is is at least six digits long. You can use the function $\texttt{isPrime}$ or can look up a prime number.

In [0]:
p = 

**Exercise 4.2**: Find a primitive root modulo $p$ using the Sage command $\texttt{primitive_root(p)}$.

In [0]:
alpha = 

**Exercise 4.3**: Choose an integer $a$ to be your private key. Remember that $1 < a < p - 1$ 

In [0]:
a = 

**Exercise 4.4**: Finally, calculate the last piece of your public key, $\beta$.

In [0]:
beta = 

**Exercise 4.5**: Publish your public key on your group's white board. Remember your complete public key is $(p, \alpha, \beta)$. Your private key $a$ remains private!

### Part 2: Encrypt a message

Use someone else's public key to send a message.

**Exercise 4.6**: Choose a public key from your group's white board. You will send this person a message. 

*Note: now you will use their $p, \alpha, \beta$ and not your own.*

In [0]:
p1, alpha1, beta1 = 

**Exercise 4.7**: Choose a message $m$ that is an integer such that $1 < m < p$.

In [0]:
m =

**Exercise 4.8**: Choose a random encryption key $k$ using the function $\texttt{randint(1,p1)}$.

**Exercise 4.9**: Create your ciphertext. Calculate $r$ and $t$ then send $(r,t)$.

### NOTE: If you have received a ciphertext go to Part 4 to decrypt it. If you have yet to receive a ciphertext, go to Part 5 until you receive a ciphertext.

### Part 4: Decrypt a message

Once you have a received a ciphertext, work on decrypting it here.

**Exercise 4.10**: Now that you have $(r1, t1)$ from someone in your group, use your original public key $(p, \alpha, \beta)$ from Part 1 to decrypt the message. Include your work below, and use the $\texttt{mod_pow}$ function when calculating exponents mod $p$.

In [0]:
r1, t1 =

### Part 5: Diffie-Hellman

ElGamal encryption is actually based off a key exchange protocol called Diffie-Hellman (recall that Diffie and Hellman were two people who invented public key cryptography in the 1970's!). Diffie-Hellman is used to generate a symmetric key publically and securely, making use of the hardness problem of discrete logs.

**Exercise 5.1**: Choose a prime $p$ and primitive root $\alpha$. Then choose $x$, where $1 < x < p-1$, as your private key. Calculate $\alpha^x \mod p$.

**Exercise 5.2**: Then $\alpha^x$ is sent to the person you wish to correspond to. They send you $\alpha^y \mod p$, where $y$ is their private key. Note that you will not be able to tell what $y$ is as long as the parameters are difficult enough. Have a partner choose $\alpha^y \mod p$.

**Exercise 5.3**: Finally, both parties calculate $\alpha^{xy} \mod p$ and this number becomes the symmetric key used in a different symmetric cryptosystem.

**Question:** How is this a public cryptosystem? What makes it secure? 

**Statement:** What makes it not secure?? In 2015 researches discovered a vulnerability with Diffie-Hellman: https://www.wired.com/2015/05/new-critical-encryption-bug-affects-thousands-sites/

### Check your work:

Feel free to use the functions below to check your encryption and decryption techniques if you are having problems.

In [0]:
#This function takes as input a list, pub_key, which is the public key [p, alpha, beta] and the plaintext message, which should be an integer less than p. It will then generate a random integer to encrypt the message.
def elgamal_encrypt(pub_key, ptxt):
    p, alpha, beta = pub_key
    k = randint(1,pub_key[0])
    r = mod_pow(alpha,k,p)
    t = (mod_pow(beta,k,p)*ptxt) % p
    return [r,t]
    
#This function takes an input a list, pub_key, containing the public key information, an integer, a, as the private key, and a list, ctxt, as the ciphertext. It will then decrypt the ciphertext according to ElGamal decryption.
def elgamal_decrypt(pub_key, a, ctxt):
    r_ak = (mod_pow(ctxt[0],a,pub_key[0])) #step 1: find r^ak
    betak_inv = inverse_mod(r_ak, pub_key[0]) #step 2: find the inverse of r^(ak)
    return betak_inv*ctxt[1] % pub_key[0] #step 3: multiply t and r^(-ak)