# Public Key Cryptography

Though RSA should be avoided for modern secure systems due to concerns with advancements in the discrete logarithm problem. We will still take a look at it.

Public key cryptography is a type of cryptography that simplifies the key exchange problem: there is no need for a secure channel to communicate keys over. Instead, each user generates a private key with an associated public key. The public key can be given out without any security risk. There is still the challenge of distributing and verifying public keys, but that is outside the scope of this document.

Let's delve into RSA first:

In [1]:
import random
import math

random.seed(1)
# Function to test for composite. Return True for composite.
def _func_composite_test(a,d,n,s):
    if pow( a, d, n ) == 1:
        return False
    for i in range(s):
        if pow( a, 2**i * d, n ) == n-1:
            return False
    return True

# Function to test for primality using Miller Rabin.
def _func_millerRabin_probable_prime(n):
    assert n >= 2
    if n == 2:
        return True
    if n % 2 == 0:
        return False
    # Write n-1 as 2**s * d
    # Repeatedly try to divide n-1 by 2
    s, d = 0, n-1
    while True:
        quotient, remainder = divmod(d, 2)
        if remainder == 1:
            break
        s += 1
        d = quotient
    assert ( 2**s * d == n-1 )
    # test the base a to see whether it is a witness for the compositeness of n
    for i in range(0,10): # range is arbitrary...
        a = random.randint( 2, n-1 )
        if _func_composite_test(a,d,n,s):
            return False
    # Return True because n is not found to be a composite.
    return True

# Function to find a prime between a lower and an upper limit.
def find_prime( limit_lower, limit_upper ):
    # Return a pseudo prime number roughly between a and b (can be larger than b).
    # Raise ValueError if cannot find a pseudo prime after 10 * ln(x) + 3 tries.
    x = random.randint(limit_lower, limit_upper)
    for i in range( 0, int(10 * math.log(x) + 3) ):
        if _func_millerRabin_probable_prime(x):
            return x
        else:
            x += 1
    raise ValueError

# Create a prime and show it.
print 'Prime p: ', find_prime( limit_lower=10**12, limit_upper=10**13 )
print 'Prime q: ', find_prime( limit_lower=10**12, limit_upper=10**13 )

Prime p:  2209278197029
Prime q:  1229012748941


We now have two prime numbers and we will use these to generate a large co-prime N. 

$N=p∗q$

The amazing thing about these co-primes is that their factors are p and q. No other integers form the factors of this large co-prime. Since the **factorization** of large numbers is a mathematically hard problem (One-way trapdoor function) this gives us a perfect number that is easy to calculate when you know _p_ and _q_, but very hard to work back from when you only know _N_ and not know _p_ and _q_. 

In [2]:
p = 2209278197029 
q = 1229012748941
N = p * q
print 'N: ', N

N:  2715231070106027509096289


The main idea behind RSA is that we want to have both a part of the key that is public (i.e., everybody can know that part/those parts) and a part that is private (i.e., only we know that part).
In order to achieve this we are going to use another piece of mathematics that is also very easy to calculate but very hard to undo: Modular Arithmetics.

In [3]:
phi_N = N - p - q + 1
print 'Phi of N:   ', phi_N
print 'Difference: ', N - phi_N

Phi of N:    2715231070102589218150320
Difference:  3438290945969


We now need to select two integers _e_ and _d_ 
It is standard practice to select _e = 65537 when N - p - q + 1 > 65537_. We can then select d accordingly. 

In [4]:
# Function to get d from e and phi(N)
def fn_rsa_get_d( e, phi ):
    N_phi = phi
    x = lasty = 0
    lastx = y = 1
    while phi != 0:
        q = e // phi
        e, phi = phi, e % phi
        x, lastx = lastx - q*x, x
        y, lasty = lasty - q*y, y
    if lastx < 0:
        lastx += N_phi
    return lastx

# Lets try this
e = 65537
d = fn_rsa_get_d( e=e, phi=phi_N )
print 'prime p:    ', p
print 'prime q:    ', q
print 'co-prime N: ', N
print 'Phi of N:   ', phi_N
print 'e:          ', e
print 'd:          ', d

prime p:     2209278197029
prime q:     1229012748941
co-prime N:  2715231070106027509096289
Phi of N:    2715231070102589218150320
e:           65537
d:           1662689065800343477772993


In [5]:
mp = 2328
mc = pow( mp,e,N )
md = pow( mc,d,N )
print 'message: ', mp
print 'cipher:  ', mc
print 'decrypt: ', md

message:  2328
cipher:   993844035141996221196954
decrypt:  2328


Now Let's look at how to use pycrypto to do this, it is easy to generate a private/public key pair with pycrypto. We need to specify the size of the key in bits: we picked 1024 bits. Larger is more secure. We also need to specify a random number generator function, we use the Random module of pycrypto for that.

In [11]:
from Crypto.PublicKey import RSA
from Crypto import Random
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
key

<_RSAobj @0x7fa105ffcd40 n(1024),e,d,p,q,u,private>

Now that we have our key pair, we can encrypt some data. First, we extract the public key from the key pair and use it to encrypt some data. 32 is a random parameter used by the RSA algorithm to encrypt the data. This step simulates us publishing the encryption key and someone using it to encrypt some data before sending it to us.

In [16]:
public_key = key.publickey()
enc_data = public_key.encrypt(r'abcdefgh', 32)
enc_data

('\r\xd3\xbby\x87\x1d\xd0K9\x08\x8f\x81N\xa7\x02\xfath\xf4BH\x82\xc7\xc9w\xe3\x96T+\x00\x95\x8ce\xc8\x0b+\x12\x81\xc3\xba\x90\'\xb3\xd8\xa2\xb6`\x9b~v|t\xdb+\xcfx\x96\x92\xc4\xfa\x7f\x93v]q\xf5\xc3\\RB\xbe\xff\xb8\xc5\x90\x89\xe8MUi\xa7\xc4\xd6\xc8\x10\xda\xc7hk_\xe0\x82\xbb\xdb\xc7\xb5\xce\xac65\x15\xa2\xdd2m?\x98Y"\xa9\xbdn0\xdd\x8b\xfb\xa5\xb9t\xb6\xea.H+\x8c\xf6\xd3\x90',)

In [17]:
key.decrypt(enc_data)

'abcdefgh'

In [18]:
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto import Random
key = RSA.generate(1024, random_generator)
text = r'abcdefgh'
hash = SHA256.new(text).digest()
signature = key.sign(hash, '')

In [19]:
text = r'abcdefgh'
hash = SHA256.new(text).digest()
public_key.verify(hash, signature)

False

In [20]:
import Crypto
from Crypto.PublicKey import RSA
from Crypto import Random
from Crypto.Hash import MD5
 
# Use a larger key length in practice...
KEY_LENGTH = 1024  # Key size (in bits)
random_gen = Random.new().read
 
# Generate RSA private/public key pairs for both parties...
keypair_snowden = RSA.generate(KEY_LENGTH, random_gen)
keypair_pytn    = RSA.generate(KEY_LENGTH, random_gen)
 
# Public key export for exchange between parties...
pubkey_snowden  = keypair_snowden.publickey()
pubkey_pytn     = keypair_pytn.publickey()
 
# Plain text messages...
message_to_snowden  = 'You are a patriot!'
message_to_pytn     = "Russia is really nice this time of year...\nUse encryption and make the NSA CPUs churn and burn!"
 
# Generate digital signatures using private keys...
hash_of_snowden_message = SHA256.new(message_to_snowden).digest()
signature_pytn          = keypair_pytn.sign(hash_of_snowden_message, '')
hash_of_pytn_message    = SHA256.new(message_to_pytn).digest()
signature_snowden       = keypair_snowden.sign(hash_of_pytn_message, '')
 
# Encrypt messages using the other party's public key...
encrypted_for_snowden   = pubkey_snowden.encrypt(message_to_snowden, 32)    #from PyTN
encrypted_for_pytn      = pubkey_pytn.encrypt(message_to_pytn, 32)          #from Snowden
 
# Decrypt messages using own private keys...
decrypted_snowden   = keypair_snowden.decrypt(encrypted_for_snowden)
decrypted_pytn      = keypair_pytn.decrypt(encrypted_for_pytn)
 
# Signature validation and console output...
hash_snowden_decrypted = SHA256.new(decrypted_snowden).digest()
if pubkey_pytn.verify(hash_snowden_decrypted, signature_pytn):
    print "Edward Snowden received from PyTn:"
    print decrypted_snowden
    print ""
 
hash_pytn_decrypted = SHA256.new(decrypted_pytn).digest()
if pubkey_snowden.verify(hash_pytn_decrypted, signature_snowden):
   print "PyTN received from Edward Snowden:"
   print decrypted_pytn

Edward Snowden received from PyTn:
You are a patriot!

PyTN received from Edward Snowden:
Russia is really nice this time of year...
Use encryption and make the NSA CPUs churn and burn!
