# Required Imports

In [1]:
import numpy as np
import os
import math
import binascii
import gmpy2
import secrets
import sympy

# Challenge #1 - Simple factorization

We have a 256-bit number that we need to factorize.

Implement the solution in any chosen programming language!

In [2]:
N=45084338625451438325423490481956431413304720050765378072974100635626511633443

I used PARI/GP as a programming language. It has a built in function factor(N) which can factorise a 256-bit number in about 5 minutes.

![challenge1_GP](./imgs/challenge1_GP.png)

## Double-check the result in python

In [3]:
p = 183110740740421551834702828416497223327
q = 246213512343129886502837029525964480509

print(f"N = {N}\n")
print(f"First prime p:\n{p}\n")
print(f"Second prime q:\n{q}\n")
print(f"N == (p * q) : {N == (p * q)}")

N = 45084338625451438325423490481956431413304720050765378072974100635626511633443

First prime p:
183110740740421551834702828416497223327

Second prime q:
246213512343129886502837029525964480509

N == (p * q) : True


# Challenge #2 - Special prime numbers

We have a 2048-bit number (N) that we need to factorize.

Implement the solution in any chosen programming language!

Why is it possible to factorize N?

In [4]:
N=22311140989820914550000986626313649557247770212361679138331581359889844086641006434638927599137456840774923340635937929656278287765519657407156093608742702815890690039283703218479832880846766137483119331597676869176397230051282616283038805155392350907968441315249545440736908368329882012764550410514806228109178699532952225563465463648637779935978713730794113893058678856727752118507890696573569149769436760361000516604217723497737161022058424978089719431075642078566217626644560471991389891197867565872364584063174387002655505428530638739514738691250640336477678105795431139283491632703173102223358411228793542047717

I used PARI/GP as a programming language. I wrote the Pollard's p-1 function in a .gp file (using the sample codes provided during the semester for help) and used it to factor N.

![challenge2_pollard](./imgs/challenge2_pollard.png)

![challenge2_GP](./imgs/challenge2_GP.png)

We can factorize N because (p-1) factors (where p is a prime factor of N) are "small" (less than 1000000).
![challenge2_p1](./imgs/challenge2_p1.png)

## Double-check the result in python

In [5]:
p = 196743589582521273094768439934425240400806202047896393533852145694623733550913466821701610004580781087873362731511538304593476226798597078462391350256971709375244050847706903327520222600222377808361628795097043322864416037495999994075633350519906340962335551756147121100729321165142182557856646542857854946959
q = N // p
print(f"N:\n{N}\n")
print(f"First prime p:\n{p}\n")
print(f"Second prime q:\n{q}\n")
print(f"N == (p * q) : {N == (p * q)}")

N:
22311140989820914550000986626313649557247770212361679138331581359889844086641006434638927599137456840774923340635937929656278287765519657407156093608742702815890690039283703218479832880846766137483119331597676869176397230051282616283038805155392350907968441315249545440736908368329882012764550410514806228109178699532952225563465463648637779935978713730794113893058678856727752118507890696573569149769436760361000516604217723497737161022058424978089719431075642078566217626644560471991389891197867565872364584063174387002655505428530638739514738691250640336477678105795431139283491632703173102223358411228793542047717

First prime p:
196743589582521273094768439934425240400806202047896393533852145694623733550913466821701610004580781087873362731511538304593476226798597078462391350256971709375244050847706903327520222600222377808361628795097043322864416037495999994075633350519906340962335551756147121100729321165142182557856646542857854946959

Second prime q:
113402124242847703486827409894895569

# Challenge #3 - RSA factorization of a 2048-bit N modulus

In [6]:
N = 15535581225352942041463821607544777291770643359882344938401428172336852955305832816789826908917762000791268397390610001671024565003536712972449937349576931422266924374273664861687976478610350201737963900226657773868150461350359493877196936156218569210023718759878041910536745641395789995483638196572296836920245068164699951235755845295861823399428753179268110375141751024143443708506162937672150318431515228140070417967917887674350832781749068446354057725038818125861384334341342974753340796785156851961281980650710152717379686677032783138068399207659526118075577650936962908393680573715039619296407151631207232016479

In [None]:
#Original source code to generate N

from Crypto.Util import number
# Generate 1024-bit P prime
x = number.getRandomNumber(1024)
while True:
    x=x+2
    if (number.isPrime(x)==True):
        P=x
        break
# Generate 1024-bit Q prime
while True:
    x=x+2
    if (number.isPrime(x)==True):
        Q=x
        break
N=P*Q
print(N)

In the first case, the problem is that P and Q will be consecutive primes.

In [None]:
#Correct source code to generate a safe N

from Crypto.Util import number
# Generate 1024-bit P prime
x = number.getRandomNumber(1024)
while True:
    x += 1
    if (number.isPrime(x)==True):
        P=x
        break
# Generate 1024-bit Q prime
x = number.getRandomNumber(1024)
while True:
    x += 1
    if (number.isPrime(x)==True):
        Q=x
        break
N=P*Q
print(N)

In the second case, P and Q are independent of each other. I used another modification too because I don't know if the random number generated with number.getRandomNumber(1024) is odd or even. So I used x + = 1 in the iteration.

For the factorization I used the Fermat factorization algorithm in a PARI/GP function.

![Challenge3_Fermat](./imgs/challenge3_fermat.png)

![Challenge3_GP](./imgs/challenge3_GP.png)

## Double-check the result in python

In [7]:
p = 124641811705995921958457342157731434684508489780920490187682253370599147526053935259367159846032804575002293225670901824648230700265893323791636660209790091975147368979040340491743033498078305644801721830111674952320719470078471592893479516301294592976826520425104345333484756665658281896560151555336234307917
q = N // p

print(f"N:\n{N}\n")
print(f"First prime p:\n{p}\n")
print(f"Second prime q:\n{q}\n")
print(f"N == (p * q) : {N == (p * q)}")

N:
15535581225352942041463821607544777291770643359882344938401428172336852955305832816789826908917762000791268397390610001671024565003536712972449937349576931422266924374273664861687976478610350201737963900226657773868150461350359493877196936156218569210023718759878041910536745641395789995483638196572296836920245068164699951235755845295861823399428753179268110375141751024143443708506162937672150318431515228140070417967917887674350832781749068446354057725038818125861384334341342974753340796785156851961281980650710152717379686677032783138068399207659526118075577650936962908393680573715039619296407151631207232016479

First prime p:
124641811705995921958457342157731434684508489780920490187682253370599147526053935259367159846032804575002293225670901824648230700265893323791636660209790091975147368979040340491743033498078305644801721830111674952320719470078471592893479516301294592976826520425104345333484756665658281896560151555336234307917

Second prime q:
124641811705995921958457342157731434

# Challenge #4 - Encrypted text

Recover the original cleartext message from textEnc!

Implement the solution in any chosen programming language!

In [8]:
textEnc = 25638920938252605568895546745915864430032601449246389102003905595590281535614494083115285466424934888722445856680322471966324253613179786613909109393468757365506827907544722018003777040276697115524948537504116130838520034397491469004478806730598503593969539017431415343224253330093172038891720598510126234425381204670005066424654823235126373391281293899982560510742145411191323345651012335044957173926825573691423859516454384362389818720561877499366050844916793847290840460938497939358354057176088478166060565796668442948448805498970991098488521722959778012607576789719059863048236773059701554299604319833626518330576
N = 30479915487669326930154938380968766431833949993346991132694149723187817935339528962855546989243335804010036419422987797217836348288026014284489006519127280859366514645387949472747931071629724217991985973546443890005626067483439373338965791299306567969307130124133997845851509755838943259384017879067734826353016270127156768168167794991449166504474185759354999418577081672681139858664445489086000031773896480822893296682174804689134484817843679020394838926915616313757974443043422503488635552736371022127054455105212424089722728800842893299361711485229280789384148449349631381448714241530299081398302331503199102701259
d = 11653497144735497884994618170070866540770302042865794235499295201396419640902125169328340340715477749074255497833007388725259401239804504935020538571337904946719360933052868607636066784592306631829732708838568206537848427192769586306276848689850384875824782329377688695294280787220293898872168942670556045347189823824894151854920078650742791530141827190011712249760979061729445384263029983575431519903421329627975147558091383199470264796128084370015805972377702537067596481532759675574858239622528439695446531885371755719959956839104110377238118593431128430936964712765080357811966133828100326883105932717510977473649
e = 65537

In [9]:
#import binascii

class RSA:
    
    def __init__(self, p=0, q=0, e = 2**16 + 1, N=0, Phi=0, d=0):
        self.p = p
        self.q = q
        self.e = e
        self.Phi = Phi
        if (p and q and e):
            self.N = p * q
            self.Phi = (p - 1) * (q - 1)
            self.d = gmpy2.invert(e,self.Phi)
        elif (Phi):
            self.N = N
            self.Phi = Phi
            self.d = gmpy.invert(e, Phi)
        else:
            self.N = N
            self.Phi = Phi
            self.d = d

    def encodeRSA(self,m):
        """Encode m plain text with e and N"""
        mInt = int(binascii.hexlify(bytes(m, "utf-8")).decode(),16)
        return pow(mInt, self.e, self.N)

    #import binascii
    def decodeRSA(self,c):
        """Recover the original text from cipher text (c) 
           using N (N = p * q, the product of two prime numbers)
           and d (e * d = k * Phi(N) + 1 (where k is a whole number)
           and e is a chosen number,
           which is coprime with Phi(N) = (p-1) * (q-1): (Phi(N), e) = 1)."""
    
        textPlain = pow(c, self.d, self.N)
        return binascii.unhexlify(hex(textPlain)[2:]).decode()


rsa = RSA(N=N, d=d, e=e)
print(rsa.decodeRSA(textEnc))

print(f"""\nReverse the cipher text from plain text:
      \n{rsa.encodeRSA(rsa.decodeRSA(textEnc))}\n""")
print(f"""textEnc == rsa.encodeRSA(rsa.decodeRSA(textEnc))
      : {textEnc == rsa.encodeRSA(rsa.decodeRSA(textEnc))}""")

RSA is a very simple but efficient encryption alghorithm!

Reverse the cipher text from plain text:
25638920938252605568895546745915864430032601449246389102003905595590281535614494083115285466424934888722445856680322471966324253613179786613909109393468757365506827907544722018003777040276697115524948537504116130838520034397491469004478806730598503593969539017431415343224253330093172038891720598510126234425381204670005066424654823235126373391281293899982560510742145411191323345651012335044957173926825573691423859516454384362389818720561877499366050844916793847290840460938497939358354057176088478166060565796668442948448805498970991098488521722959778012607576789719059863048236773059701554299604319833626518330576

textEnc == rsa.encodeRSA(rsa.decodeRSA(textEnc)) : True


# Challenge #5 - Creating the RSA private key

Recreate the RSA public and private key from P and Q numbers!

Implement the solution in any chosen programming language!

In [10]:
def gcd(a, b):
    while (b != 0):
        a, b = b, a % b
    return a

In [11]:
P = 47107077831526529631313930390625355687928115212735348527388428825777111998627
Q = 21536887994154870131965390890995885766722023702428541798692456954162584328961
N = P * Q
Phi = (P - 1) * (Q - 1)
e = 2**16 + 1
d = int(gmpy2.invert(e,Phi))

print(f"gcd(Phi_N, e) == 1 : {gcd(Phi, e) == 1}")
print(f"(e * d) % Phi == 1: {(e * d) % Phi == 1}")

gcd(Phi_N, e) == 1 : True
(e * d) % Phi == 1: True


The public and private keys are (e,N) and (d,N) respectively.

In [12]:
rsa = RSA(p=P, q=Q, e=e)
print(f"e = {rsa.e}\n")
print(f"d:\n{rsa.d}\n")
print(f"N:\n{rsa.N}")

e = 65537

d:
263755285067419757017905656133576409424901606059103358657352872172067604880438816370196886087329806449150011392848879428882092321011620016588589273920513

N:
1014539858989522750069402687288777857992709036054434605958852869089141602362395132312673511162959283855730752398464687181446310999267185535807312348336547


# Challenge #6 - Creating RSA private key from Phi(n)

Recreate the RSA public and private key from Phi(n)!

In [13]:
Phi = 3072714441320937436364108905029797568594870671848898979161725511500698914627748388986524114369299068724750498656873682162990583179243694191533214035821844601433330714115248052020144440299177457772879931674709683365683853822340226112301222737446096815052235437897463832496039668073812763030286916098225937728
N = 93107597851043219479947659123543318576475233023097903780912869778018590795343820615750845368442640247059196244937121317656256132344480973301901504572256334292500791004234335167510313124137882818602148608468157911116083026994893565484372432719563035293741440237660857879036735859687422561206883867922357842063
e = 2**16 + 1
d = gmpy2.invert(e,Phi)

print(f"gcd(Phi_N, e) == 1 : {gcd(Phi, e) == 1}")
print(f"(e * d) % Phi == 1: {(e * d) % Phi == 1}")

gcd(Phi_N, e) == 1 : True
(e * d) % Phi == 1: True


The public and private keys are (e,N) and (d,N) respectively.

In [14]:
print(f"e = {e}\n")
print(f"d:\n{d}\n")
print(f"N:\n{N}")

e = 65537

d:
546587499533385547601092232095417551225704598813105029205905000428386223762611818038739919821128348004839118564197833081406598085106474005293104799267758126913190555947870085454794145063213311605905583768920846066758355857925177472530138008653838239008177987015100376264382416808894352677221796357372445825

N:
93107597851043219479947659123543318576475233023097903780912869778018590795343820615750845368442640247059196244937121317656256132344480973301901504572256334292500791004234335167510313124137882818602148608468157911116083026994893565484372432719563035293741440237660857879036735859687422561206883867922357842063


# Challenge #7 - Diffie-Hellman key exchange

Implement and demonstrate the Diffie-Hellman key exchange in python!

![Diffie-Hellman](./imgs/diffieHellman.png)

In [15]:
#import secrets
#import sympy

P = '0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF'
P = int(P,16)

class User:
    #Standards for choosing P prime and g generator,
    #all participants have this dictionary in their system.
    #in this example I will use the RFC 3526 standard
    #(the other "standards" only demonstrates the option of choose)
    #RFC 3526 now consist of a 2048 bit P prime and the generator g = 2
    standardsMap = {"RFC_3526" : (P,2), 'P7g3' : (7,3), 'P353g3' : (353,3)}
    
    def chooseStandard(self):
        self.standardName = "RFC_3526"
        self.P = self.standardsMap["RFC_3526"][0]
        self.g = self.standardsMap["RFC_3526"][1]
    
    def receiveStandard(self, name):
        self.StandardName = name
        self.P = self.standardsMap[name][0]
        self.g = self.standardsMap[name][1]
        
    def generatePrivateKey(self):
        self.privateKey = secrets.randbits(2048) % (self.P - 1) #{0,1,...,P-2}
        
    def generatePublicKey(self):
        self.publicKey = pow(self.g, self.privateKey, self.P)
        
    def receivePublicKey(self, key):
        self.receivedPublicKey = key
    
    def createCommonKey(self):
        self.commonKey = pow(self.receivedPublicKey, self.privateKey, self.P)
    
    
def diffieHellmanAB(A, B):
    #Share P and g
    A.chooseStandard()
    B.receiveStandard(A.standardName)
    
    #Create private keys
    A.generatePrivateKey()
    B.generatePrivateKey()
    
    #Create public keys
    A.generatePublicKey()
    B.generatePublicKey()
    
    #Share public keys
    A.receivePublicKey(B.publicKey)
    B.receivePublicKey(A.publicKey)
    
    #Create shared secret (or common key)
    A.createCommonKey()
    B.createCommonKey()
    
    
def testDiffieHellman(times):
    for i in range(times):
        A = User()
        B = User()
        diffieHellmanAB(A, B)
        print(f"""keyA:\n{A.commonKey}\nkeyB:\n{B.commonKey}\n\t\t\t\t\t 
        keyA == keyB : {A.commonKey == B.commonKey}\n\n""")
        
testDiffieHellman(5)

keyA:
6813558378495060920993017228276398163883358878924437225574176922845613159271465322901251234179021735563711011657264025987695819917894727401181554156816895591234863236010445034506855079506199266890658644805432624499561742536613914726827016441790393163455100717566601964823824962887461306797461681363219146221599006172836691471947600497889039390947021585155163320080556359730821288576074344338798100875948359102402874589388426270925864291462375960981504942717727647766121167566902307338855278049625542938826659377429518438042326458857638261179894515610077452514335749993074856363252920501143633597270759033672545884369
keyB:
68135583784950609209930172282763981638833588789244372255741769228456131592714653229012512341790217355637110116572640259876958199178947274011815541568168955912348632360104450345068550795061992668906586448054326244995617425366139147268270164417903931634551007175666019648238249628874613067974616813632191462215990061728366914719476004978890393909470215851551633200805563597