***

## CSC424-202: Notes on RSA

author: burt rosenberg
<br>
date: 1 May 2020

***


In [1]:
import math
import random


class Nthy_U:
    
    @staticmethod
    def egcd(a, b):
        if a == 0:
            return (b, 0, 1)
        else:
            g, y, x = Nthy_U.egcd(b % a, a)
            return (g, x - (b // a) * y, y)

    @staticmethod
    def modinv(a, m):
        g, x, y = Nthy_U.egcd(a, m)
        if g != 1:
            raise Exception('modular inverse does not exist')
        else:
            return x % m

    @staticmethod
    def is_prime(n):
        if n < 2: return False
        if n % 2 == 0: return False
        k = 3
        while k*k <= n:
            if n % k == 0: return False
            k += 2
        return True

class RSA_publickey:
    
    def __init__(self, p, q, encryption_exponent):
        assert(Nthy_U.is_prime(p) and Nthy_U.is_prime(q))
        assert(p!=q)
        self.n = p*q
        self.phi_n = (p-1)*(q-1)
        self.e_exp = encryption_exponent
        assert( math.gcd(self.e_exp,self.phi_n) )
        self.d_exp = Nthy_U.modinv(self.e_exp,self.phi_n)
        assert ( (self.e_exp*self.d_exp) % self.phi_n == 1 )
        
        bits = math.ceil(math.log(self.n+1,2))
        assert(2**bits>self.n)
        self.s_sec_bits = bits//4
        self.msg_bits = bits - self.s_sec_bits - 1

    def get_modulus(self):
        # this is public
        return self.n
    
    def get_encryption_exponent(self):
        # this is public
        return self.e_exp
    
    def get_phi_of_modulus(self):
        # this is private
        assert False
        return 0
    
    def get_decryption_exponent(self):
        # this is private
        assert False
        return 0
    
    def get_message_size(self):
        return 2**self.msg_bits-1
        
    def encrypt(self,plaintext,semantic_security=True,verbose=False):
        if not semantic_security:
            return ((plaintext**self.e_exp)%self.n)

        assert(plaintext<2**self.msg_bits)
        b = 2**self.s_sec_bits
        r = random.randint(b//2,b-1)
        wrap_m = (r << self.msg_bits) | plaintext
        assert(wrap_m<self.n)
        
        if math.gcd(wrap_m,self.n)!=1:
            print('factored the modulus, prime is {}'.format(math.gcd(wrap_m,self.n)))
            return 0  
        if verbose: print('rand|msg = {}|{}, rand={:#b}, msg={:#b}, wraped={:#b}'.format( 
            self.s_sec_bits,self.msg_bits,r,plaintext,wrap_m))
        
        return ((wrap_m**self.e_exp)%self.n)
    
    def decrypt(self,ciphertext,semantic_security=True,verbose=False):
        if not semantic_security:
            return ((cipertext**self.e_exp)%self.n)
        
        wrap_m = (ciphertext**self.d_exp)%self.n
        if verbose: print(bin(wrap_m))
        m = ((wrap_m>>self.msg_bits)<<self.msg_bits)^wrap_m
        return m    


In [2]:

rsa_instance = RSA_publickey(137,167,3)

for i in range(2000):
    plaintext = random.randint(1,rsa_instance.get_message_size())
    ciphertext = rsa_instance.encrypt(plaintext)
    if ciphertext!=0:
        decrypt_pt = rsa_instance.decrypt(ciphertext)
        assert decrypt_pt == plaintext

print("done!")

factored the modulus, prime is 167
factored the modulus, prime is 137
factored the modulus, prime is 167
factored the modulus, prime is 167
factored the modulus, prime is 137
factored the modulus, prime is 167
factored the modulus, prime is 167
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 167
factored the modulus, prime is 167
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 167
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 167
factored the modulus, prime is 137
factored the modulus, prime is 137
factored the modulus, prime is 167
factored the modulus