<a href="https://colab.research.google.com/github/dstrick97/cse380-notebooks/blob/master/08_1_About_Encryption_Resembling_Scrambling.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# About Encryption Resembling Scrambling
## Divide Pair Conquer
### Due: Monday, 22 February 2021, 11:59 pm

## Introduction

### Encryption is Like Scrambling

#### Perfect Shuffling

In [None]:
def shuffle(deck):
  mid = len(deck) // 2
  tuples = list(zip(deck[:mid], deck[mid:]))
  return [i for sub in tuples for i in sub]

deck0 = ['As', '2s', '3s', '4s', '5s', '6s', '7s', '8s', '9s', '10s', 'Js', 'Qs', 'Ks',
         'Ah', '2h', '3h', '4h', '5h', '6h', '7h', '8h', '9h', '10h', 'Jh', 'Qh', 'Kh',
         'Ac', '2c', '3c', '4c', '5c', '6c', '7c', '8c', '9c', '10c', 'Jc', 'Qc', 'Kc',
         'Ad', '2d', '3d', '4d', '5d', '6d', '7d', '8d', '9d', '10d', 'Jd', 'Qd', 'Kd']

deck1 = shuffle(deck0)
deck2 = shuffle(deck1)
deck3 = shuffle(deck2)
deck4 = shuffle(deck3)
deck5 = shuffle(deck4)
deck6 = shuffle(deck5)
deck7 = shuffle(deck6)
deck8 = shuffle(deck7)

In [None]:
deck0 == deck8

In [None]:
deck5

### What is the PCS Cryptosystem?
(Perfect Card Shuffling)

1. Get a new deck of cards.
2. Choose a number, say 5 (this is your encryption key).
3. Write a message, one character per card on your original deck.
4. Perfect shuffle the deck 5 times.
5. Send the shuffled deck to your friend.
6. Your friend does (8 - 5 = 3) perfect shuffles to get the original order back.

### How Does RSA Scramble?

Look at how RSA encryption shuffles/scrambles numbers (say the number 10) with some (very) small primes (say 2 and 11) and the smallest possible encryption exponent (3).

In [None]:
pow(10, 3, 2 * 11)

### Alternatively

What about with 3 and 11?

In [None]:
pow(10, 3, 33)

### Save Typing

In [None]:
for m in range(22):
  c = pow(m, 3, 22)
  print(m, c, m == c)

In [None]:
for m in range(33):
  c = pow(m, 3, 33)
  print(m, c, m == c)

### Tabulate

Count how many scramblings are **not** derangements.

#### Definition

A *derangement* is a permutation where no element is left in its original position.

In [1]:
from math import gcd
from sympy import prime

def find_first_e(n, t):
  for e in range(3, n):
    if gcd(e, t) == 1:
      return e
  return None

headers = '| p | q | n | t | e | # |/| n |=|   %  |\n'\
          '|---|---|---|---|---|---|-|---|-|------|'

print(headers)

for i in range(1, 9):
  for j in range(i + 1, 9):
    p, q = prime(i), prime(j)
    n = p * q
    t = (p - 1) * (q - 1)
    e = find_first_e(n, t)
    num = sum(map(lambda m: m == pow(m, e, n), range(0, n)))
    print(f'|{p}|{q}|{n}|{t}|{e}|{num}|/|{n}|=|{num/n/.01:.2f}|')

| p | q | n | t | e | # |/| n |=|   %  |
|---|---|---|---|---|---|-|---|-|------|
|2|3|6|2|3|6|/|6|=|100.00|
|2|5|10|4|3|6|/|10|=|60.00|
|2|7|14|6|5|6|/|14|=|42.86|
|2|11|22|10|3|6|/|22|=|27.27|
|2|13|26|12|5|10|/|26|=|38.46|
|2|17|34|16|3|6|/|34|=|17.65|
|2|19|38|18|5|6|/|38|=|15.79|
|3|5|15|8|3|9|/|15|=|60.00|
|3|7|21|12|5|9|/|21|=|42.86|
|3|11|33|20|3|9|/|33|=|27.27|
|3|13|39|24|5|15|/|39|=|38.46|
|3|17|51|32|3|9|/|51|=|17.65|
|3|19|57|36|5|9|/|57|=|15.79|
|5|7|35|24|5|15|/|35|=|42.86|
|5|11|55|40|3|9|/|55|=|16.36|
|5|13|65|48|5|25|/|65|=|38.46|
|5|17|85|64|3|9|/|85|=|10.59|
|5|19|95|72|5|15|/|95|=|15.79|
|7|11|77|60|7|21|/|77|=|27.27|
|7|13|91|72|5|15|/|91|=|16.48|
|7|17|119|96|5|15|/|119|=|12.61|
|7|19|133|108|5|9|/|133|=|6.77|
|11|13|143|120|7|21|/|143|=|14.69|
|11|17|187|160|3|9|/|187|=|4.81|
|11|19|209|180|7|21|/|209|=|10.05|
|13|17|221|192|5|25|/|221|=|11.31|
|13|19|247|216|5|15|/|247|=|6.07|
|17|19|323|288|5|15|/|323|=|4.64|


## Your DPC Tasks

### TODO Investigate

Why is 65537 ($2^{16} + 1$) typically used as **e**, the encryption exponent?

In [2]:
e = 2 ** 16 + 1
(e, bin(e))

(65537, '0b10000000000000001')

This is used because it is a commonly known prime that is large enough to avoid attacks that would cripple a small exponent. It is also extremely easy to compute on a binary computer.

### TODO Explore

The book gives some very vague constraints on **p** and **q**, the two primes used in RSA.

Research the criteria the security community uses to judge the goodness (suitability) of these two primes, that in practice are randomly chosen.

What is bad about the choice of **p** and **q** in this next cell?

In [3]:
p = 5179195214309
q = 5179195214311
n = p * q
t = (p - 1) * (q - 1)
e = 65537
d = 17826498662743824930707633
m = 5179195214304
c = pow(m, e, n)
m_again = pow(c, d, n)
(c, m_again, m == m_again)

(8966759170151112623516383, 5179195214304, True)

Because p+1 = q-1 there is an insecurity. The factors being the same for the two keys creates a security risk.

Reference: https://people.csail.mit.edu/rivest/pubs/RS01.version-1999-11-22.pdf

### Bonus

From Wikipedia:



> The earliest known statement of the [Chinese Remainder Theorem], as a problem with specific numbers, appears in the 3rd-century book *Sun-tzu Suan-ching* by the Chinese mathematician Sun-tzu:

> There are certain things whose number is unknown. If we count them by threes,we have two left over; by fives, we have three left over; and by sevens, two are left over. How many things are there?




Can you solve this by hand?
  
That is, with just pencil and paper?

How about this one?

Find all solutions, if any, to the system of congruences:

$x \equiv_{6} 5$

$x \equiv_{10} 3$

$x \equiv_{15} 8$


Challenge yourselves to figure this out without using a computer.

(You can use a calculator, but not its programmability, if it has it!)

#### Hint

You cannot apply the Chinese Remainder Theorem directly, because the moduli are not pairwise coprime. Try using that consequence of the CRT that you used last week to translate these congruences into a set of congruences that together are equivalent to the given ones.