# 1. Keys and Signatures 

Start from the top cell of the workbook and run each cell by pressing the play button at the top of the window ▶️

💡 Blockchain relies on digital signatures - a public key cryptography scheme - to ensure the integrity and ownership of transactions.  

**Symmetric Cryptography**    
Cryptography has been used since the early days of human civilisation by the military to secure communications between the generals in the battlefields and the command centre.  
The Greek historian Polybius developed an algorithm based on the coordinates of a square containing all the letters of the alphabet to encrypt individual letters in the plaintext. The numbers used for the coordinates of the letters on the table is the private key communicated to the intended recipient of the message. 

| |1|2|3|4|5|
|---|---|---|---|---|---|
|**1**| A|B|Γ|Δ|E|
|**2**|Z|H|Θ|I|K|
|**3**|Λ|M|N|Ξ|O|
|**4**|Π|P|Σ|T|Y|
|**5**|Φ|X|Ψ|Ω|  


Caesar developed a simple encryption algorithm where each letter in the plaintext[^1]. is replaced by a letter some fixed number of positions down the alphabet.  For example, if the agreed “shift” is two, the plaintext “car” is encrypted as “ect”. 
[^1]: In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.

|    |    | A  | B  | C  | D  | E  | F  | G  | H  | I  | J  | K  | L  | M  | N  | O  | P  | Q  | R  | S  | T  | U  | V  | W  | X  | Y  | Z  |
|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
| A  | B  | C  | D  | E  | F  | G  | H  | I  | J  | K  | L  | M  | N  | O  | P  | Q  | R  | S  | T  | U  | V  | W  | X  | Y  | Z  |    |    |


The Caesar algorithm is particularly easy to crack through brute force as a maximum of twenty-six attempts is required to guess the right key.
Substitution algorithms evolved over time to include longer shift keys. The Vigenère cypher (first described by Giovan Battista Bellaso but wrongly attributed to Blaise de Vigenère) but remained prone to frequency analysis, a cryptanalysis technique that exploits the fact that certain letters or sequences of letters occur more frequently than others in natural language.  
Algorithms that always produces the ***same ciphertext*** are called ***deterministic***, as opposed to ***probabilistic*** encryption schemes that produce ***different cyphertexts*** every time they are used with the same parameters. A paper published in 1983 by S. Goldwasser and S. Micali first described a probabilistic encryption scheme. 

**Public Key Cryptography**  
Public-key cryptography was introduced by R. Rivest, A. Shamir and L. Adleman in 1978. The authors were aware that the ***randomness*** introduced during the encryption process made their scheme ***probabilistic***. However, they did not explicitly stated that, as the concept of probabilistic encryption had not yet been introduced.   
With symmetric-key encryption, the encryption key is the same as (or can be calculated from) the decryption key and vice versa.  
Public-key encryption involves a pair of keys, a public key and a private key, associated with an entity. Each public key is published, and the corresponding private key is kept secret.  
Data encrypted with a public key can be decrypted only with the corresponding private key.  
💡 Public key encryption allows two people to communicate securely over an insecure channel (like the internet) without needing to share a secret key beforehand.  

💭 *The public key can be shared with anyone, but the private key is kept secret.*  
> If someone wants to send a secret message to the owner of the public key, they encrypt the message using the public key.   
> Only the owner of the private key can decrypt the message.  

Here's an example: Alice wants to send a secret message to Bob. Bob generates a public key and a private key. He shares the public key with Alice, and keeps the private key secret. Alice uses Bob's public key to encrypt her message, and sends it to Bob over the internet. Bob uses his private key to decrypt the message and read what Alice sent.

💭 The beauty of public key encryption is that it allows two people to communicate securely without needing to share a secret key beforehand.  

***Hashing*** 
It is useful to ensure the integrity of a piece of data, as any small change to the data will result in a completely different hash value.  
💭 A hashing algorithm is a mathematical function that takes an input (such as a message or file) and produces a *fixed-size output*, known as a hash value. The output is a unique digital "fingerprint" of the input data.  
A simple hashing algorithm can be built with the modulus function.  
💡 K modulus M is the remainder of K when divided by M, where M is prime number (a number that is not the multiple of another number, i.e. cannot be divided by any whole number other than itself).
> An efficient hashing algorithm is quick to calculate, produces a small hash and minimises the probability of conflicts.  
> A conflict occurs when two distinct numbers (or other data aggregates) produce the same hash. 

***Digital Signatures***  
Public key cryptography can also be used to generate digital signatures to guarantee the integrity of communications.  
Here is the recipe to create digital signatures:
> The sender of the message generates a hash of the message to be signed.  
> The sender encrypts the hash with her private key.    
> The recipient of the message uses the public key of the sender to verify the validity of the digital signature.  

**A Primer on Functions**  
This training will use Python functions extensively.  
Functions typically take an input, perform some operation on it and returns the output.
The function "power of two", for example, can be represented as
``` Math
y = x * x.
```

In this example, y is the output, x, is the input and and the operation performed on the input is to multiply it by itself.

x and y are variables as they will take whatever value is assigned to them. 
In Python variables can have any name as long as it does not beging with a number, and contains only letters.  
Variable names are case sensitive
To assign a value to a variable use the equal sign; the code below creates two distinct variables and assigns the value 5 to the first one and 3 to the second one:

```python
MyVariable = 5
myvariable = 3
```

You can also assign a string of characters to a variable, as follows:
```python
MyVariable = "This is a string of more than 10 characters!"
```

Note that the string of characters is between double quotes, to inform the system that you do not intend to create or refer to a new variable.  
Strings can also be encolsed inn single quotes as follows:
```python
MyNewVariable = 'A different string.'
```

Functions in Python are represented as follows:

```python
def name_of_the_function(inputs separated by commas):
    some operations on the inputs
    #any comments to make the code more readeble
    return some value or values
``` 
 
The keyword **def**  tells the system that a definition of a function will follow.  
The new function:  
- must have a name
- can have some or no inputs (between brackets) 
- can return some or no values  

Use the keyword **return** to tell the system that what follows is (or are) the value (or values) returned by the function.  
Use the character ***#*** to tell the system that what follows is a comment and not an instruction.  

Here is the function "power of two" in Python.
 
```python
def power_of_two(x):
    y = x * x
    #A comment: we used the variable y to hold the output, but we could have also returned x * x directly 
    return y
``` 
 
Here is how the function can be used:
```python
print(power_of_two(3))
``` 

The command ```python print() ``` tells the system to print whatever is within brackets. In this example it will print the number nine, having evaluated the function power_of_two(3).
```python print() ``` is also a function. Please note that a function can take the output of another function as its input.
 
Another example. 
If you try to divide any number by zero, the system will complain, halting the execution of your program and dispalying an error message.  
In the next cell, try: 
```python
print(10/0)
```
To solve this problem, you could write a function to handle this situation garcefully. For example, you can decide to return a zero in the event that users attempt to divide a number by zero.  
```python
def divide(numerator, denominator):
    if denominator == 0:
        return 0
    else:
        return numerator/denominator 
```
You can use this function for the following calculations:
```python
print(divide(10,5))
print(divide(10,0))
```

**Exercise**  
Write a function that, given an account, returns true if the limit has been breached or false otherwise.      
Test the function with three separate accounts that represent all possible scenarios.  

If you want to practice functions further, design and implement a hashing algorithm that returns a single digit number regardless of the length of the given input.  
💭 The modulus operator in python is the symbol %.  
What is the probability of a conflict of your algorithm if the given input is a number between 0 and 99?

#Cell 1

In [None]:
#your code:

#Cell 2

In [None]:
print("Generating functions...") 

%pip install ecdsa -q
import ecdsa 
import binascii

def generate_keys(): # Note, this funciton does not take any input, keys are generated at random!
    kpr = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
    private_key = kpr.to_string().hex()
    kpu = kpr.get_verifying_key() 
    public_key = kpu.to_string().hex()
    return public_key, private_key
    #Note, this function will return two outputs, a public and a private key

def sign_message(message, private_key): 
    bmessage = message.encode()
    sk = ecdsa.SigningKey.from_string(bytes.fromhex(private_key), curve=ecdsa.SECP256k1)
    signature = sk.sign(bmessage)
    return signature.hex(), message

def verify_signature(public_key, signature, message): 
    vk = ecdsa.VerifyingKey.from_string(bytes.fromhex(public_key), curve=ecdsa.SECP256k1)
    try: 
      vk.verify(bytes.fromhex(signature), message.encode())
      return True 
    except:
      return False
  

print("Functions generated, you can now use them on this workbook to generate key pairs, sign messages and verify digital signatures.") 

#Cell 3

**Create a key pair**  
We use the generate_key() function to randomly generate a private key and derive the corresponding public key.  
In this session we let the system generate a private key at random. In the next session we will explore interesting alternatives. 
The author (sender of the message) will use the private key to digitally sign a message. Readers will use the public key of the author to verify the integrity of the message published.  
The author will also be able to encrypt the message, using her private key.  
The author publishes his public key, the message and the digital signature. Of course the author does not publish the private key.  

#Cell 4

In [None]:
# Here the keys are also assigned to variables.
public_key, private_key = generate_keys()
print("Public key:", public_key)
print("Private key:", private_key)

#Cell 5

**The sender uses his private key to sign a message**  
We use the sign_message() function to sign a message with the private key.

#Cell 6

In [None]:
signature, message = sign_message("I owe John 21 pounds, Sincerely Francesco Roda", private_key)
print("Message: ", message)
print("Signature: ",signature)

#Cell 7

**The recipient uses the sender public key to verify the integrity of the message**  
We use the verify_signature() function to check the signature for a given message and a given private key.

#Cell 8

In [None]:
test = verify_signature(public_key, '6b298bb3bc945d7ceec829c60779611f66f243a86fba766d0217702a7d60f2bedcc1958e7c5a5f25bb36dc929adf23d4830217f4045f43039d5b78aed2c0e016', message) #this is what miners do 
print("The digital signature proves the integrity of the message", test)

#Cell 9

**The recipient uses the sender public key to verify the integrity of another message with the same digital signature**  
We use the verify_signature() function to check the signature for a given message and a given private key.

#Cell 10

In [None]:
message_changed = "I owe John 19 pounds, Sincerely Francesco Roda"
print("New message: ", message_changed)
test = verify_signature(public_key, signature, message_changed)
print("The digital signature proves the integrity of the message", test) 

#Cell 11

**"Sending" messages**  
Digitally signed messages can be send via email to the intended recipient but they do not guarantee privacy: if the message is intercepted, its content is clear for everyone to read.  
Public key cryptography can be used to enforce privacy of cimmunications.  
The recipe is as follows:  
> The recipient publishes her public key  
> The sender encrypts the message with her public key of the recipient  
> The encrypted message is published: there is no need to send it as no one but the recipient can decrypt it       
> The recipient decrypts the message with her private key to access its content   
>
💡 Public key cryptography is also called asymettric cryptography: the asymmetry refers to the role of the public key (encypt messages) and the need for the private key to decrypt them.
💡 More formally:   
> a single key is required to encypt a message (the public key of the recipient)  
> both keys are required to decrypt a message  
> the public key can be derived from the private key but **not vice versa**   
>
The code below defines functions that use the SECP256K1 algorithm to encrypt and decrypt messages.   

#Cell 12

In [2]:
print("Generating functions...") 
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import base64

def generate_rsa_keys():
    modulus_length = 1024
    key = RSA.generate(modulus_length)
    pub_key = key.publickey()
    return key.export_key().hex(), pub_key.export_key().hex()

def encrypt(message, public_key):
    encryptor = PKCS1_OAEP.new(RSA.import_key(bytes.fromhex(public_key)))
    encrypted_msg = encryptor.encrypt(message.encode())
    return encrypted_msg.hex()

def decrypt(encoded_encrypted_msg, private_key):
    decryptor = PKCS1_OAEP.new(RSA.import_key(bytes.fromhex(private_key)))
    decrypted = decryptor.decrypt(bytes.fromhex(encoded_encrypted_msg))
    return decrypted.decode() 

print("Functions generated, you can now use them on this workbook to encrypt and decrypt messages.") 

#Cell 13

Generating functions...


ModuleNotFoundError: No module named 'Crypto'

**Group Exercise**    
Work in pairs to complete the following tasks:  
> 1) Exchange a signed message and verify its integrity
> 2) Exchange an encrypted message
> 3) Exchange an encrypted and signed message  
>
💡 To complete these task each player would need to create a key pair. Players should not disclose their private keys!  

💭 ***Use the functions defined in this workbook. For your convenience they are listed below***  
> generate_keys()  ℹ️ *Returns a public key and a private key. Store the private key somewhere you can retrieve it from and send the public key to anyone you wish to communicate with (ideally, you would publish it to a secure repository)*    
> derive_public_key(private_key_asc)  ℹ️ *Requires a valid private key. You can use the one that you generated and saved. You probably do not need this function unless you forget your public key (but you still have your private key)*       
> sign_message(message, private_key)  ℹ️ *Requires the message to be signed and the private key you will sign the message with. The function will return a signature, send it to anyone you wish to communicate with*  
> verify_signature(public_key, signature, message)  ℹ️ *Requires the publick key of the author of the message, the signature and the message to be verified*  
> encrypt_message(public_key, message)  ℹ️ *Requires the publick key of the recipient of the message, and the message to be encrypted. The funciton returns the encrypted (unreadaeble) message*      
> decrypt_message(private_key, encrypted message)  ℹ️ *Requires the private key of the recipient of the message, and the encrypted message to be decrypted*    
        
💭 ***Remember to use single or dourble quotes ('some text and 1 number' or "some text and 1 number") when entering strings of characters; alternatively use variables to store keys, signatures and messages, for example:***  
>    private_key, public_key = generate_keys()  
    *this function, unlike others, returns two values which you have to capture in two separate variables*  
    
#Cell 14

In [None]:
#your code:

#Cell 15

**Conclusions**  
You have learned a key aspect of cryptography: digital signatures.  
💡 Blockchains use digital signatures to ensure that transactions are posted by the user that owns the account which funds are transferred from.  
Just like wet (traditional) signatures are used to ensure that a cheque is written by the owner of the account, digital signatures ensure that an account is operated only by its owner, the person who is in possession of the private key.  
Blockchain transactions are like cheques: as soon as they are signed, they can be posted to the blockchain for the funds be transferred to the intended recipient.  
Wet signatures can be counterfeited - digital signatures, that rely on strong cryptography, cannot!     

#Cell 16