#Lesson 03

Asymmetric key cryptography

RSA example:

In [1]:
import math
# Example function to compute gcd(greatest common divisor)
def gcd(a,b):
    if b == 0:
        return a
    else:
        return gcd(b, a%b)
# let's calculate some examples using algorithm
n1 = gcd(50, 10)
n2 = gcd(99, 33)
n3 = gcd(59, 9)

# do the same with math library
m1 = math.gcd(50, 10)
m2 = math.gcd(99, 33)
m3 = math.gcd(59, 9)

#confirm they are the same
assert(n1==m1)
assert(n2==m2)
assert(n3==m3)

print("gcd(50,10) =",m1)
print("gcd(99,33) =",m2)
print("gcd(59,9) =",m3)

gcd(50,10) = 10
gcd(99,33) = 33
gcd(59,9) = 1


In [2]:
p = 13
q = 19

# calculate n modulus of p and q
n =  p * q

print("n modulus(p*q): ",n)

n modulus(p*q):  247


In [189]:
#Compute Euler's totinent function, phi(n) and keep it secret
phi = (p-1) * (q-1)
print(f"The secret Euler's function(totient) [phi()]: {phi}")
#Choose a integer e such that e and phi(n) are comprime 
e = 2
while (e < phi):
    if(gcd(e, phi) ==1):
        break
    else:
        e+=1
print("\nPublic key(e): ",e)



The secret Euler's function(totient) [phi()]: 216

Public key(e):  5


In [4]:
# Compute avalue for d such that (d * e) % phi(n) = 1
d = 1
while(True):
    if( (d*e) % phi == 1):
        break;
    else:
        d+=1
print("Private key(d): ", d)


Private key(d):  173


In [5]:
#Public and private key pair
public_key = (e, n)
private_key = (d, n)

print(f"Public key: {public_key}")
print(f"Private key: {private_key}")

Public key: (5, 247)
Private key: (173, 247)


In [6]:
#Encryption function
def rsa_encrypt(plaintext):
    return (plaintext ** e) % n
#Decryption function
def rsa_decrypt(ciphertext):
    return (ciphertext ** d) % n
#Simple plaintext
msg = 9
#Enconding and decoding
enc_msg = rsa_encrypt(msg)
dec_msg = rsa_decrypt(enc_msg)

print("Original message: ",msg)
print("Encrypted message: ",enc_msg)
print("Decrypted message: ",dec_msg)


Original message:  9
Encrypted message:  16
Decrypted message:  9


Padding-based key-exchange example:

In [102]:
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.fernet import Fernet

symmetric_key = Fernet.generate_key()
print(f"Symmetric key generated by Alice: {symmetric_key}")

Symmetric key generated by Alice: b'm0rfr6gALhi2f1A0P-f29ISkDFn_oznrqr4W_mh6xME='


In [103]:
# Bob generates a 2048-bit RSA key pair
bob_private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
bob_public_key = bob_private_key.public_key()
print(f'Public key broadcast by Bob: {bob_public_key}')
print(f"\nPublic numbers in Bob's public key: {bob_public_key.public_numbers()}")

Public key broadcast by Bob: <cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fc6e01e31f0>

Public numbers in Bob's public key: <RSAPublicNumbers(e=65537, n=25654810692887016165743985881569276550124159062181384709793001808089966690818717084780729038235299618599212155714628888039005498324433861733633420762850911574366056666216604164479449898902084283051154615918753853130884331102129964698526337881861089857329329140318808671863870656040587107546967970451182808571375710399532822585874499541141215236803796977519970893101706978675405817924349264413197162484362326693428357681044727277489397415244888801701336325668557500368631932464644633293253083784620145101901214408045094757408949307518844938134525895560740753979215086110661551404573823493308142477127539511537911943731)>


In [104]:
#Encryption
ciphertext = bob_public_key.encrypt(
    symmetric_key,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

print(f"Ciphertext: {ciphertext}")

Ciphertext: b"\xba\x02\x9f\xcf\xc5)\xb2\xf6c\xf9\x8d5\x08\xcf\xd8\xff\xdd\x02C`\x8b\x88\x83\xb3\xa9\r\xb3%\x85\x7f\xdb\xfe\xaat\xd1\xe1\xad\x8bH\x16\x05\xf3[\x12\x05\x19\x8c\xb8\xd1\x15U\xe04v(\x19\xe2\xc5^e[\\1\xa9\x1c\xa7\x01<\x8d\xd4\xe3\x01lB\xe2&\x83\x1e\\\xf3\xd1\x1e\xe1\x83\xd4\xaa\x11\xe8\x92K\xe4\xe9\x02\x8d\x00\xd4\x8eFc\xca3\xfd-\xd2\x90\xf9&\xfavN\xbeJxj\x1a\xdf\xcc\x9aQ\xa7\xe2\x800d\xd3\xec2\xd2aI!\x0bF\xa4X\x82\xf3Y\xb1\xa6}5-Q\xd6p\x1bC\xdd\xbd\xb3W\r\xea\xd6\xb6>:\x9f\x92N\xfagL{\xe3D'\x8a\xc2\x93-Hx\xb5\xd9H\xd62\x8f\x9e\x91w\xc8\xd9B\xc7\x89\xa9F\x86/>$\x8eV\x9c\xd8\x9d\xdb\x83\x02\xa7\xf9\t\x02\x0e^\xf9\x84\x9c\x16D\xb2\x88\xadnh\x93\xaaXqy\xc1\xec\xd6\x12\xa4\x04\xc9\x04\xd0\x1e\xbc\xaa\xb5\xca\xb7\x9eA\x13\x1e<s(\xcd;\x042AK\xbd\x8f\x13F\xf3"


In [105]:
# Bob decrypt ciphertext to access the symmetric key
decrypted_symmetric_key = bob_private_key.decrypt(
    ciphertext,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)
#validate integrity of keys
assert(decrypted_symmetric_key==symmetric_key)

print(f"Decrypted key: {decrypted_symmetric_key}")

Decrypted key: b'm0rfr6gALhi2f1A0P-f29ISkDFn_oznrqr4W_mh6xME='


Key Encapsulation Mechanism (KEM) example:

In [106]:
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from os import urandom

private_key2_bob = rsa.generate_private_key(public_exponent=65537, key_size=2048)
public_key2_bob = private_key2_bob.public_key()

print("Bob's private and public keys created.")

Bob's private and public keys created.


In [107]:
# Alice generates a 160 bytes or 1280 bit random message
alice_long_secret = urandom(160)
print("Alice's secret generated.")


Alice's secret generated.


In [108]:
# Alice's secret encryption
alice_ecrypted_secret = public_key2_bob.encrypt(
    alice_long_secret,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)
print("Alice's secret encrypted.")

Alice's secret encrypted.


In [109]:
# Secret decryption by Bob
bob_decrypted_secret = private_key2_bob.decrypt(
    alice_ecrypted_secret,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )   
)
if(alice_long_secret == bob_decrypted_secret):
    print("Secret's match")
else:
    print("Secrets do not match!")

Secret's match


In [110]:
# Key derivation function
def kdf(secret, salt):
    hkdf = HKDF(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        info=None,
        backend=None
    )
    return hkdf.derive(secret)

common_salt = urandom(16)

symmetric_key_alice = kdf(alice_long_secret, common_salt)
symmetric_key_bob = kdf(bob_decrypted_secret, common_salt)

if(symmetric_key_alice==symmetric_key_bob):
    print(f"A symmetric key of length {len(symmetric_key_alice)*8} bits was succesfuly derivated by both parties")
else:
    print("Derivated keys do not match!")

A symmetric key of length 256 bits was succesfuly derivated by both parties


RSA Digital Signatures example: 

In [111]:
from cryptography.hazmat.primitives.asymmetric.utils import Prehashed

#Bob's keys
bob_private_key2 = rsa.generate_private_key(public_exponent=65537, key_size=2048)
bob_public_key2 = bob_private_key2.public_key()

#Alice's keys
alice_private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
alice_public_key = alice_private_key.public_key()

print("Private and Public keys generated for Bob and Alice.")

Private and Public keys generated for Bob and Alice.


In [112]:
ciphertext2 = bob_public_key2.encrypt(
    symmetric_key,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

print(f"Ciphertext of symmetric key: {ciphertext2}")

Ciphertext of symmetric key: b'\x0c\x90\xa0\xea"U!\xd9\x7f\x83K(\x14\x17\xbc\x9f\\\x9c\xc6\x02\x90r\xe9\xf2\xd8\x18Xp\r7\x96\xe4\x99eA\xd1\xe6\xd2\'~\xd0\xcf{\x84\xc27\xc6\x89;\xb1!\xb9\x96&,\xabQ=\xbb\x9e$\x97\x9a\xc0x\xd0Q\x14\xedA\x1cj\xf9&\x83\x8f /\xa6\xa1\x8c\x13\xf0\xddl\xcb\xe1\x8f\xb5.$\r\xe94r,N\x89H\xf4\xb4\xabI\xeb\xff\xa8\x1e\x17N\xc9=\x84\xbd\xbbq!p\x88\xa4\xe0\xa1\x91\xba\xcf\x8e\xa3\xf1\xf2\xc3h3\x18r\xce\xa2\x96n\x0c\xe0\xb99\xc9\\R,\nG\x05\xdb9\xa0&-\xf9U\x16\xbe}Z\xc1fb\xa0\x82g\xfb\x97\xbd\xbe\xcbi\x7f5\xa8C\x86r\x8c\'\x10\x8c\x0e\xa7\xb5\x02\xfc\x17\x9e\xfc\xf4PzR\xd9-\xe4\xedK\x84\xc2\xd5\xb0\\4\xb4\x14\xddk\x9ey\xc2kU\x0c\xe5\x98\xedQcc\xd9f\x81\x10\xb5\xb65\x15\xc0\xb1&\xaf?H\x07\xfds\x98n\x154~\xb1\x1c8x\x13\xaa\xc9J:\x7f4\xcc(\x02'


In [113]:
alice_digest = hashes.Hash(hashes.SHA256())
alice_digest.update(ciphertext2)
hash_to_sign = alice_digest.finalize()

signature = alice_private_key.sign(
    hash_to_sign,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    Prehashed(hashes.SHA256())
)

print("Signature: ",signature)

Signature:  b'\xac\x12\xcf\xb2bU?\xb8\xbc\x9fqS\xbde\xed\x01\xe0\xd7\x89\xc5_S\x8c\x07\x8c\x8f\xe7\x87\x8c\xefx\x0f\x89\xcc\x1a\xc2H\x13\xa5\xa4\x1c\xbb\x96\xf7\xb2\xef\xfa\x1f\x95\x0e%+\xf7hU\xdb\xc2\xdae\xd3!@\xdc\x93\xeaKj>9\x80)\xb4\r\x9a\x8dZ\xca>\xa8L&\xf4\x98:\x13\xcb\x90\x8f\xe3\x9bU\x0bV9m\xa1\xc0\xf2R\x00\xa2\xec\xab\x1e\t\xe5\x07\xdd\xedB\xe7\x80\x17\xed\x91\xeb\xe0\\\xbeSd\xd4\xcc#\x0e|h\xcb\xb3\x14n1Np\x80D\xb3\x8e\xea5\xec\x8a\xe9AW\x96\x13\xcc8\x86\x06\xdb\xbeD\x88\xa1\xd8\xfb\xb4?\x12\xd7\xc5\xec[c\xfa5\x04\x96R\x1d\x9c\xc6[\xb2P\t{\x92\x0e?\xbfLIE\x04T\x9b\xa2\xde\x88\x8d\x06Q\xc7j\xc04\xa3\xd0_\xe8\xd9\xe9\x16\xce\xa7\xca\xc9\x8a\x1c3\x94vP8\x925/\xc0\x9c\x1f6\x03\xbf;\x08\x90\xf2\xcd\xb9D`\xd2\xc7\xe6\\\xeef9\x8f\xa0\x04\x01p\x82Pl\xe8\xa1\xf0\xa0!\xb5\x99'


In [114]:
#Bob receives the ciphertext and signature
received_ciphertext = ciphertext2
received_signature = signature

print("Sending ciphertext and signature...")

Sending ciphertext and signature...


In [115]:
#Bob creates a hash of the ciphertext received
bob_digest = hashes.Hash(hashes.SHA256())
bob_digest.update(received_ciphertext)
hash_to_verify = bob_digest.finalize()

print("Hash to verify: ",hash_to_verify)

Hash to verify:  b'\xb6\x8e\xa4\xa8/\x92\xeey\xbb"\xbd\xdd\xac\x11\xf6\x9fs\xc8\xdd\xd5,\xd3\xe5\x9av\xba\xcd~Q\xc6\xd0@'


In [116]:
#Bob verifies signature using Alice's public key
try:
    alice_public_key.verify(
        received_signature,
        hash_to_verify,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        Prehashed(hashes.SHA256())
    )
    print("Signature validated.")
except:
    print("Signature cannot be validated!")


Signature validated.


In [117]:
#Bob decrypts the message using his private key
decrypted_message = bob_private_key2.decrypt(
    received_ciphertext,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

print("Decrypted message: ",decrypted_message.decode())

Decrypted message:  m0rfr6gALhi2f1A0P-f29ISkDFn_oznrqr4W_mh6xME=


Breaking RSA by Shor's Algorithm (non-realistic example):

In [132]:
#Suppose we have only public key(5, 247)

n = 247 # modulus
e = 5   # public key number
a = 6   # a integer coprime to n

if(math.gcd(a ,n) == 1):
    print(f"Checked {n} and {a} are coprime")
else:
    print("They have divisors in common!")


Checked 247 and 6 are coprime


In [133]:
r=0
rem = 100
while(rem != 1):
    r+=1
    rem = a**r % n

print(f"Period r: {r}")
if(a**r % n == 1):
    print(f"Checked {a}^{r} mod {n} is 1")
else:
    ("It's not equal to 1")

 


Period r: 36
Checked 6^36 mod 247 is 1


In [135]:
f1 = int(a**(r/2) - 1)
f2 = int(a**(r/2) + 1)

print("f1 = ",f1)
print("f2 = ",f2)

f1 =  101559956668415
f2 =  101559956668417


In [184]:
q_found = math.gcd(f1,n)
p_found = int(n/q_found)

assert(n == p_found * q_found), "n != p_found * q_found"

print(f"One possible prime factor of n({n}) is {q_found}")
print(f"Second prime of n({n}) is {p_found}")

One possible prime factor of n(247) is 19
Second prime of n(247) is 13


In [187]:
# Calculate the totient
phi_found = (p_found - 1) * (q_found - 1)
print("The totient is: ", phi_found)

d_found = 1
while(True):
    if((d_found * e)% phi_found == 1):
        break
    else:
        d_found+=1
print(f"\nPrivate key number: {d_found}")


The totient is:  216

Private key number: 173
