In [1]:
import secrets

In [2]:
def inverseMod(a, mod):
    return pow(a, -1, mod)

In [3]:
class Curve:
    def __init__(self, a, b, p):
        # curve configuration
        # y^2 = x^3 + a*x + b
        self.a = a
        self.b = b
        self.p = p
    
    def contains(self, x, y):
        return (x**3 + x * self.a + self.b - y**2) % self.p == 0

In [4]:
class Point:
    def __init__(self, x, y, curve):
        xp = x % curve.p
        yp = y % curve.p
            
        if not curve.contains(xp, yp):
            raise Exception("curve does not contain point")
        
        self.x = xp
        self.y = yp
        self.curve = curve
        
    def copy(self):
        return Point(self.x, self.y, self.curve)
    
    def __neg__(self):
        return Point(self.x, -self.y, self.curve)
    
    def __eq__(self, other):
        return self.x == other.x and self.y == other.y and self.curve == other.curve
        
    def __add__(self, other):
        if other.curve != self.curve:
            raise Exception("Can not add with different curves")
        
        if self == other:
            beta = (3 * self.x * self.x + self.curve.a) * inverseMod(2 * self.y, self.curve.p)
        else:
            beta = (other.y - self.y) * inverseMod(other.x - self.x, self.curve.p)

        xnew = beta * beta - self.x - other.x
        ynew = beta * (self.x - xnew) - self.y

        return Point(xnew, ynew, self.curve)
    
    def __sub__(self, other):
        return self + (-other)
    
    def __mul__(self, k):
        temp = self.copy()
        kAsBinary = bin(k)
        kAsBinary = kAsBinary[2:len(kAsBinary)]

        for i in range(1, len(kAsBinary)):
            temp = temp + temp
            if kAsBinary[i: i+1] == '1':
                temp = temp + self

        return temp
    
    def __rmul__(self, k):
        return self * k

In [5]:
curve = Curve(a=-1, b=188, p=751)
g = Point(x=0, y=376, curve=curve)

## ECDH

In [6]:
# Alice gera publica
alicePrivate = secrets.randbelow(g.curve.p)
alicePublic = alicePrivate * g
print(f'{ alicePublic.x = }')

 alicePublic.x = 597


In [7]:
# Bob gera publica
bobPrivate = secrets.randbelow(g.curve.p)
bobPublic = bobPrivate * g
print(f'{ bobPublic.x = }')

 bobPublic.x = 529


In [8]:
# Alice computa shared a partir de publica de Bob
aliceShared = alicePrivate * bobPublic
print(f'{ aliceShared.x = }')

 aliceShared.x = 295


In [9]:
# Bob computa shared a partir de publica de Alice
bobShared = bobPrivate * alicePublic
print(f'{ bobShared.x = }')

 bobShared.x = 295


## Proposed

### Registration (gerar chaves publicas)

In [10]:
# Alice gera publica
alicePrivate = secrets.randbelow(g.curve.p)
alicePublic = alicePrivate * g
print(f'{ alicePublic.x = }')

 alicePublic.x = 243


In [11]:
# Bob gera publica
bobPrivate = secrets.randbelow(g.curve.p)
bobPublic = bobPrivate * g
print(f'{ bobPublic.x = }')

 bobPublic.x = 144


### Computacao (segredo da sessao e envio)

In [12]:
aliceSessionSecret = secrets.randbelow(g.curve.p)
toBob = (alicePrivate + aliceSessionSecret) * bobPublic
print(f'{ toBob.x = }')

 toBob.x = 243


In [13]:
bobSessionSecret = secrets.randbelow(g.curve.p)
toAlice = (bobPrivate + bobSessionSecret) * alicePublic
print(f'{ toAlice.x = }')

 toAlice.x = 678


### Computacao chave sessao

In [14]:
aliceSharedPartial = inverseMod(alicePrivate, g.curve.p) * toAlice - bobPublic
print(f'{ aliceSharedPartial.x = }')

aliceShared = aliceSharedPartial + (aliceSessionSecret * g)
print(f'{ aliceShared.x = }')

 aliceSharedPartial.x = 622
 aliceShared.x = 154


In [15]:
bobSharedPartial = inverseMod(bobPrivate, g.curve.p) * toBob - alicePublic
print(f'{ bobSharedPartial.x = }')

bobShared = bobSharedPartial + (bobSessionSecret * g)
print(f'{ bobShared.x = }')

 bobSharedPartial.x = 480
 bobShared.x = 501
