In [1]:
%matplotlib inline

In [2]:
import numpy as np
import numpy.polynomial.polynomial as p
import matplotlib.pyplot as plt
import time
import random
from random import choice
import string

# The Galois Field in Cryptography

### Abstract
The following survey represents the finite fields theory and finite field arithmetic algorithms. The reader could find an explanation on how to encrypt messages. Also the common encryption and decryption systems are briefly shown, such as symmetrical encryption. There are some code implementation of cryptographic algorithms. 

### Intro
Encryption makes the modern world go round. Every time you make a mobile phone call, buy something with a credit card in a shop or on the web, or even get cash from an ATM, encryption bestows upon that transaction the confidentiality and security to make it possible.

There are many, many ways to perform that transformation, some straightforward and some very complex. Most involve swapping letters for numbers and use maths to do the transformation. However, no matter which method is used the resulting scrambled data stream should give no hints about how it was encrypted.

#### Field Definition

![Algebraic field](Number-systems.png "Algebraic fields")
In mathematics, a field is a set on which addition, subtraction, multiplication, and division are defined, and behave as when they are applied to rational and real numbers. A field is a fundamental algebraic structure, which is widely used in algebra, number theory and many other areas of mathematics.

Informally, a field is a set, along with two operations defined on that set: an addition operation written as $a + b$, and a multiplication operation written as $a ⋅ b$, both of which behave similarly as they behave for rational numbers and real numbers, including the existence of an additive inverse $−a$ for all elements $a$, and of $a$ multiplicative inverse $b^{−1}$ for every nonzero element $b$. This allows us to consider also the so-called inverse operations of subtraction $a − b$, and division $\frac{a}{b}$, via defining:

$$a − b = a + (−b),$$
$$ \frac {a}{b} = a · b^{−1}.$$

Formally, a field is a set $F$ together with two operations called addition and multiplication. An operation is a mapping that associates an element of the set to every pair of its elements. The result of the addition of $a$ and $b$ is called the sum of $a$ and $b$ and denoted $a + b$. Similarly, the result of the multiplication of $a$ and $b$ is called the product of $a$ and $b$, and denoted $ab$ or $a⋅b$. Inside the field there is always one neutral element such as:
* by addition $a + 0 = a$
* by multiplication $a · 1 = a$

Field Examples:
* $\mathbb{Q}$ - field of rational numbers 
* $\mathbb{R}$ - field of real numbers 
* $\mathbb{C}$ - field of complex numbers

#### What is GF(2)? Why is it an algebraic field?

![Évariste Galois portrait](Évariste.jpg "Évariste Galois age 20")
The Galois field (so-named in honot of **Évariste Galois**) is a  a finite field that contains a finite number of elements.  Within the field, addition, subtraction, multiplication and invertion are defined.  The sum and the product belong to the field. The quantity of elements ($m$) in the field is called order or cardinality of field. 

A field with order $p^n$ exists only if is a prime power, for a positive integer $n$ and a prime integer $p$. $GF(p)$ is called the prime field of order $p$, and is the field of residue classes modulo $p$, where the $p$ elements are denoted $0, 1, ..., p-1$. $a=b$ in $GF(p)$ means the same as $a=b$ mod $p$. Finite fields are therefore denoted $GF(p^n)$, instead of $GF(k)$, where $k=p^n$, for clarity.

For instance, the finite field $GF(2)$ stays for a Galois Field of $2$ elements and consists of elements $0$ and $1$ ($GF(2) = \{0,1\}$) which satisfy the following addition and multiplication tables. Arithmetics is simply done by modulo 2.

|+|0|1|
|-|-|-|
|**0**|0|1|
|**1**|1|0|


|*|0|1|
|-|-|-|
|**0**|0|0|
|**1**|0|1|



In [3]:
def calc_GF(num1, num2, operation, gf = 2):
    """
    Implementation of calculation operations within any Galois field between two numbers
    """
    result = -1
    
    if operation == "+":
        result = (num1 + num2)% gf
    elif operation == "-":
        result = (num1 - num2)% gf
    elif operation == "*":
        result = (num1 * num2)% gf
    elif operation == "/":
        result = (num1 / num2)% gf
        
    if result == -1:
        return "Error!"
    else:
        return result

In [4]:
print(calc_GF(1, 1, "+"))
print(calc_GF(1, 1, "*"))
print(calc_GF(100, 2, "-", 9))

0
1
8


#### Extension Fields $GF(p^n)$
When $n>1$, $GF(p^n)$ can be represented as the field of equivalence classes of polynomials or an extention field whose coefficients belong to $GF(p)$. Any irreducible polynomial of degree $n$ yields the same field up to an isomorphism. For example, for $GF(2^3)$, the modulus can be taken as $x^3+x^2+1$ or $x^3+x+1$. Using the modulus $x^3+x+1$, the elements of $GF(2^3)$--written $0$, $x^0$, $x^1$, $\cdots$ can be represented as polynomials with degree less than 3. For instance,
$$x^3=-x-1=x+1$$	
$$x^4=x(x^3)=x(x+1)=x^2+x$$

$$x^5=x(x^2+x)=x^3+x^2=x^2-x-1=x^2+x+1$$	
$$x^6=x(x^2+x+1)=x^3+x^2+x=x^2-1=x^2+1$$	
$$x^7=x(x^2+1)=x^3+x=-1=1=x^0$$

The following table contains several different representations of the elements of a finite field. The columns are the power, polynomial representation, triples of polynomial representation coefficients (the vector representation), and the binary integer corresponding to the vector representation.

|power|polynomial|vector|regular|
|:-:|:-:|:-:|:-:|
|0|0|(000)|0|
|$x^0$|$1$|(001)|1|
|$x^1$|$x$|(010)|2|
|$x^2$|$x^2$|(100)|	4|
|$x^3$|$x+1$|(011)|	3|
|$x^4$|$x^2+x$|(110)|6|
|$x^5$|$x^2+x+1$|(111)|	7|
|$x^6$|$x^2+1$|(101)|5|

The set of polynomials in the second column is closed under addition and multiplication modulo $x^3+x+1$, and these operations on the set satisfy the axioms of finite field. This particular finite field is said to be an extension field of degree $3$ of $GF(2)$, written $GF(2^3)$, and the field $GF(2)$ is called the base field of $GF(2^3)$. If an irreducible polynomial generates all elements in this way, it is called a primitive polynomial. For any prime or prime power $q$ and any positive integer $n$, there exists a primitive irreducible polynomial of degree $n$ over $GF(q)$.

Generally, in abstract algebra, a field extension $F$ / $E$ is algebraic if every element $f$ of the bigger field $F$ is the zero of a polynomial with coefficients $e_0, \dots, e_m$ in $E$:
$$p(f) = e_{m}f^m + e_{m−1}f^{m−1} + \dots + e_{1}f + e_0 = 0.$$
It is a fact that every field extension of finite degree is algebraic (proof: for $x$ in $F$ simply consider $1, x, x^2, x^3, \dots$, we get a linear dependence, i.e. a polynomial that $x$ is a root of!) because of the finite degree. In particular this applies to algebraic number fields, so any element $f$ of an algebraic number field $F$ can be written as a zero of a polynomial with rational coefficients. Therefore, elements of $F$ are also referred to as algebraic numbers. Given a polynomial $p$ such that $p(f) = 0$, it can be arranged such that the leading coefficient $e_m$ is one, by dividing all coefficients by it, if necessary. A polynomial with this property is known as a monic polynomial. In general it will have rational coefficients. If, however, its coefficients are actually all integers, $f$ is called an algebraic integer. Any (usual) integer $z ∈ \mathbb{Z}$ is an algebraic integer, as it is the zero of the linear monic polynomial:
$$p(t) = t − z.$$


#### What is perfect secrecy? How does it relate to the participants in the conversation, and to the outside eavesdropper?

After perfect secrecy encryption, each of the participants in the conversation recieves an encrypted message. They have enchaged a key space positions to decrypted it in advance and have choosen a star point. An outside eavesdropper cannot encrypt the message properly without this key set. The size of the message space equals the size of the key space equals the size of the cipher text space.

**Shannon Theorem:** For a perfect encryption scheme, the number of keys is at least the size of the message space (number of messages that have a non-zero probability).

**Proof:** Consider ciphertext $c$. $c$ must be a possible encryption of any plaintext $m$. But, for this we need a different key per message $m$. $m≠m′⟺c≠c′$.

A cipher $(E, D)$ defined over $(K, M, C)$ has perfect secrecy if for every two messages $m_1$ and $m_2$ (of the same size) belonging to $M$ and for every $c$ belonging to $C$, there is an equality:
$$P[E(k, m_1)=c] = P[E(k, m_2)=c]$$

where:
the key $k$ belongs to a set $K$ of all possible keys,
$M$ is a set of all possible messages,
$C$ is a set of all possible ciphertexts.
Given a ciphertexts it is not possible to distinguish between two possible sent messages
Given a ciphertexts it is not possible to find out anything about sent text
It is not possible to break the cipher using ciphertext-only attacks
$$|K| >= |M|$$



#### What is symmetrical encryption?

Symmetric encryption is a form of computerized cryptography using a singular encryption key to guise an electronic message. Its data conversion uses a mathematical algorithm along with a secret key, which results in the inability to make sense out of a message. Symmetric encrpytion is a two-way algorithm because the mathematical algorithm is reversed when decrypting the message along with using the same secret key.

Symmetric encryption is also known as private-key encryption and secure-key encryption.
Symmetric key encryption algorithms include block ciphers and stream ciphers.
Both block ciphers and stream ciphers are widely used today. A block cipher has a
fixed message input length, called block size, and it can be viewed as an enormous
and fixed (for each key) secret substitution table that transforms a block of
plaintext bits into ciphertext. A stream cipher has a variable message input
length, and it can be viewed as a small but changing secret substitution table that
transforms plaintext bits at different positions with different substitution tables
(the XOR operation between plaintext and keystream can be viewed as one-bit
substitution determined by a keystream bit). There is some connection between
block ciphers and stream ciphers. A block cipher in counter (CTR) mode 
or output feedback (OFB) mode is an inefficient synchronous stream cipher;
and a block cipher in cipher feedback (CFB) mode is an asynchronous stream
cipher.
For some applications, a block cipher is more convenient to use than a stream
cipher.

Conversely, stream algorithms are not held in the encryption system memory, but arrive in data stream algorithms. This type of algorithm is considered somewhat more secure, since a disk or system is not holding on to the data without encryption in the memory components.

In [5]:
def encode(text):
    """
    Returns the run-length encoded version of the text
    (numbers after symbols, length = 1 is skipped)
    """
    output = ""
    output = text[0]
    counter = 1
    
    for i in range(1, len(text)):
        if text[i] != text[i - 1]:
            if counter > 1:
                output += str(counter)
            output += text[i]  
            counter = 1
        else:
            counter += 1
    if counter > 1:
            output += str(counter)          
            
    #print (output)
    return output

def decode(text):
    """
    Decodes the text using run-length encoding
    """
    output = ""
    counter = 1
    currentLetter = text[0]
    for i in range(1, len(text)):
       
        if text[i].isdigit():
            if text[i - 1].isdigit():
                counter = counter * 10 + int(text[i])
            else:
                counter = int(text[i])
        else:
            output += currentLetter * counter
            currentLetter = text[i]
            counter = 1
            
    output += currentLetter * counter
    currentLetter = text[i]      
    return output

In [6]:
print(encode("AAAAAAAAAAAAAAAAAAAABCCCDEEEE"))
print(decode("A20BC3DE4"))

A20BC3DE4
AAAAAAAAAAAAAAAAAAAABCCCDEEEE


#### How to encrypt one-bit messages?

By encrypting an 1 bit message, the minimum size of the encrypted message is much larger than a single bit. As well, it is well-known that encrypting each bit of a plaintext string independently is not secure — the resulting scheme is malleable.
The Block ciphers are more secure because they encrypte blocks of 64 bits or so at a time, but stream ciphers encrypt 1 bit at a time.

A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not much used in modern cryptography. 

A stream cipher consists of a state update function and an output function. The state of a stream cipher is updated continuously during encryption so that bits at different positions in a message are encrypted with different states. The output function generates keystream bits from the state and performs encryption or decryption. If the initial state of a stream cipher is not the same as the key, key setup is required to generate the initial state from the key. If a key is used with different initialization vectors (IVs) to generate keystreams, key/IV setup (resynchronization) is required to generate the initial state from the key and IV. 

The initialization vector (IV) is very important in synchronous stream ciphers. It is disastrous if the same key is used with two identical IVs. For a general purpose stream cipher, the IV size should be sufficiently large. The IV may be generated randomly, or be generated from a counter (the counter based IV is inconvenient to use in some applications), so we cannot simply assume that IV can only be generated from a counter. The IV size should be sufficient large to prevent the collision of IVs if IVs are generated randomly. 

Stream ciphers can be classified according to the state update. If the state is independent of the message, the cipher is called a synchronous stream cipher since it requires synchronization between the sender and receiver. If the state depends only on $N$ previous ciphertext bits, the cipher is called asynchronous or self-synchronizing stream cipher. The basic requirement on the state update is that the states should be generated with a sufficiently large period. 

There are several advantages to using this approach over block ciphers, namely:

* The size of the key can be much smaller than the size of the message to be encrypted.
* The encryption operation is very fast; usually stream ciphers are much faster than block ciphers.
* There is no error propagation, that is, if parts of the cipher text are corrupted during the transmission, it does not affect other uncorrupted parts.

![Stream Cipher](keystream.png "Stream Cipher concept")

In [7]:
# Stream cipher example (а try of)  Ron Rivest's Cipher #4

def lcg(key):  # A psuedo-random number generator to take key and produce consistent stream of psuedo-random bytes
    X = key
    m = 2
    a = 1103519545
    c = 54621
    while True:
        X = (a * X + c) % m
        yield int(X)

def enc(msg, key):   # encryption
    rand = lcg(key)
    return "".join(chr(ord(c) ^ next(rand)) for c in msg)

dec = enc   # decryption

key = 1001100
msg = "Mamma is here!"
ciphertext = enc(msg, key)
plaintext = dec(ciphertext, key)

print("Original Message:", msg)
print("Ciphered message:", ciphertext)
print("Decrypted message:", plaintext)

Original Message: Mamma is here!
Ciphered message: Lalm` hs!hdrd!
Decrypted message: Mamma is here!


#### How to extend the one-bit encryption system to many bits?

If you want to encrypt more than 1 bit message you should use block cipher. The modes of operation of block ciphers are configuration methods that allow those ciphers to work with large data streams, without the risk of compromising the provided security.

A block cipher is a versatile algorithm which implements a key-dependent permutation of values which are sequences of a fixed number of bits (called "blocks"). Usually a block contains more than 1 bit. The method can be used for various roles in many kinds of cryptographic protocols. One such role is bulk encryption of long streams of data; to achieve such a thing, the block cipher must be used with an appropriate mode of operation (aka "chaining mode"), the traditional one being CBC, and the trendy newer mode being CTR.

#### Symmetric Encryption in simple words

![Symmetric Encryption](dec-enc.gif "Symmetric Encryption Flow")


1. Plaintext (P): The original message or data. The plaintext is an input to the encryption algorithm.
2. Encryption Algorithm (E): This algorithm preforms various substitutions and transpositions on the plaintext and produces the ciphertext.
3. Ciphertext (C): This is the output produced by the encryption algorithm. The ciphertext is a scrambled message and it appears as a random stream of data.
4. Encryption Key (K): Encryption key or secret key is a value that’s independent of the plaintext. Encryption key is an input to the encryption algorithm. The encryption algorithm will produces a different with different keys.
5. Decryption Algorithm (D): This algorithm is a reverse of the the encryption algorithm. It takes ciphertext and the encryption key as input and produces the plaintext as output.

_How It Works:_

Alice wants to send an encrypted message to Bob and both have the secret key, which is generated by the encryption algorithm or by a third-party software. This process will work as follows:
1. Encryption algorithm E (on Alice’s computer) takes the plaintext P and the secret key K. It generates a ciphertext C.
$$C = E(P,k)$$
2. The ciphertext C will be transferred via the internet.
3. Decryption algorithm D (on Bob’s computer) takes the ciphertext and the secret key K (the same key) and regenerates the original plaintext P again.
$$P = D(C,K)$$

_Requirements:_
* The encryption key is independent of the plaintext and the encryption algorithm.
* The sender and receiver must have copies of the encryption key and they must secure that key.
* No need to keep the encryption algorithm secure because it’s impractical to decrypt a ciphertext by only using the decryption algorithm. That’s the same for the encryption algorithm.
* Key exchange must be done via a secured channel.

#### Why is the system decryptable? 
The conversion of encrypted data into its original form is called Decryption. When a system is encrypted once it could be decrypted but under certain conditions - а properly implemented decrypthion algoritхm and а beforehand-knowн key / password.
Decryption decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password. 

#### How do the participants decrypt the encrypted messages?
The recipient of decryption receives a prompt or window in which a password can be entered to access the encrypted data. For decryption, the system extracts and converts the garbled data and transforms it into words and images that are easily understandable not only by a reader but also by a system. Decryption can be done manually or automatically. It may also be performed with a set of keys or passwords.

#### Why isn't the eavesdropper able to decrypt?
Quality encryption always follows a fundamental rule: the actual procedure being used, the algorithm, doesn't need to be kept secret. But the key does. Even the sharpest hacker in the world won't unable to decrypt data as long as the key remains secret.

Today's ciphers use either secret-key or public-key techniques. Secret-key ciphers can be used to protect critical/sensitive data. Because secret-key ciphers use a single key that users must share, this is also known as symmetric cryptography. 

Public-key ciphers  or asymmetric, use a pair of keys: the public key that gets shared with other people, and a corresponding private key that is kept secret by its single owner. Even if the eavesdropper gets the public key he can't duplicate the process and derive a shared key, since the eavesdroppers don't know the private keys. In that case the eavesdropper can't guess the message without knowing the private key.

#### What is a one-time pad? How does the one-time pad achieve perfect secrecy?

The one-time pad (OTP) is the only cipher known to have perfect secrecy. OTP is a stream cipher with symmetric secret key and it allows very fast encryption and decryption. However, the secret key must be at least as long as the message, what makes it quite inconvenient to use while sending large electronic information.


#### What happens if we try to use a one-time pad many times?

Encrypting a message $m_1$ with a one-time-pad key $k$ gives encrypted message $Enc(m_1,k)=m1 \oplus k$.
Using the same $k$ to encrypt a different message $m_2$ gives encrypted second message $Enc(m_2,k) = m_2 \oplus k$, but by performing $XOR$ operation of the two ciphertext the result is an exclusive disjunction between the two initial messages:

$$(m_1\oplus k)\oplus (m_2\oplus k)=m_1\oplus m_2$$

This means that the key is easily revealed by one initial message leakage:
$$(m_2\oplus k)\oplus m_2=k$$



#### What are some current enterprise-grade applications of encryption over GF(2)?
The Advanced Encryption Standard (AES) is the most widely used symmetric cipher today. Rijndael (a.k.a AES) uses what is known as a galois field to perform a good deal of its mathematics. In more detail, Rijndael's galois field only allows an 8 bit number (a number from 0 to 255) to fit in it. All mathematical operations defined in the field result in an 8-bit number. 

The AES block cipher is also mandatory in several industry standards and is used in many commercial systems. Among the commercial standards that include AES are the Internet security standard IPsec, TLS, the Wi-Fi encryption standard IEEE 802.11i, the secure shell network protocol SSH (Secure Shell), Skype and numerous security products around the world. To date, there are no attacks better than brute-force known against AES. 

Within the call for proposals, the following requirements for all AES candidate submissions were mandatory:
* block cipher with 128 bit block size
* three key lengths must be supported: 128, 192 and 256 bit
* security relative to other submitted algorithms
* efficiency in software and hardware

#### Implementation of cryptosystem based on GF(2). Show correctness on various test cases
(a try)

In [8]:
# text to number
def encode(text):
    result = 0
    for c in text:
        result = 256 * result + ord(c)
    return result

# number to text
def decode(number):
    number = int(number)
    result = ''
    while number != 0:
        result = chr((number % 256)) + result
        number //= 256
    return result

In [9]:
assert "ba" == decode(25185)
assert encode("end is near") == 122622815104125043470590322

### References:
1. [Wikipedia Article for Field in Maths](https://en.wikipedia.org/wiki/Field)
2. [Wikipedia Article for Finite Fields](https://en.wikipedia.org/wiki/Finite_field)
3. [Christoforus Juan Benvenuto - Galois Field in Cryptography](https://sites.math.washington.edu/~morrow/336_12/papers/juan.pdf)
4. [Wikipedia Article for Algebraic Fields](https://en.wikipedia.org/wiki/Algebraic_number_field)
5. [Wolfram Article for Finite Fields](http://mathworld.wolfram.com/FiniteField.html)
6. [Understanding Cryptography, Paar, c. and Jan Pelzl](https://samsclass.info/141/slides/ch4.pdf)
5. [Kham Academy video about Perfect Secrecy](https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/perfect-secrecy)
7. [Cryptanalysis and Design of Stream Ciphers, Preneel, B.](https://www.esat.kuleuven.be/cosic/publications/thesis-167.pdf)
8. [Reggit Article about RC4](https://www.reddit.com/r/dailyprogrammer/comments/3chvxy/20150708_challenge_222_intermediate_simple_stream/)
9. [A Perfect Security Blog post](http://www.crypto-it.net/eng/theory/ciphers-security.html)
10. [How Symmetric Encryption Works Article](https://www.cybrary.it/0p3n/symmetric-encryption/)
11. [Stackexchange Article about Encrypting with the same one-time-pad](https://cs.stackexchange.com/questions/349/why-is-encrypting-with-the-same-one-time-pad-not-good?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa)