### UC Berkeley, MICS, W202-Cryptography
### Week 04 Breakout 2
### Discrete Logarithms - Finding Generators (Primitive Roots) for a Discrete Logarithm for a large prime p using the method of p = 2q + 1, where p and q are large primes

Discrete Logarithm Problem: give a large prime p, a generator (primitive root) g, a in 1..(p-1) inclusive, find k such that g ^ k is congruent to a (mod p)

Solving the discrete logarithm problem is computationally intractible given a large prime p.  

A generator (primitive root), when raised to powers between 1..(p-1) inclusive, produces all values from 1..(p-1) inclusive

Finding a generator for a large p in computationally intractible, unless we use our special method of p = 2q + 1, which we will cover in this breakout:

* we need to size p in bits using RSA guidelines, 1024 bits is safe today, most now recommend 2048, some even use 4096

* q should be 1 bit smaller than p

* we find a random prime q, calculate p = 2q + 1, and check to see if p is prime (which is relatively rare)

* if p is prime, we continue, otherwise we keep generating random prime q until we find p = 2q + 1 where p is prime

* note: it can take a lot of tries to find a p depending on the number of bits

* after we find a suitable p and q, we need to find a generator g.  if g ^ q (mod p) is not equal to 1, then g is a generator

* since the computational intractibility of a discrete logarithm is not affected by the size of g, we want to use the smallest g, even 2 is ok if 2 is a generator


In [1]:
from sage.all import *

In [2]:
def my_print_number(label, x):
    "prints a number in decimal, number of digits, hex, number of bits"
    
    print ("\n", label, '\n')
    print ("decimal:", "{:,}".format(x), "\n")
    print ("number of digits:", x.ndigits(), "\n")
    print ("hex:", x.hex(), "\n")
    print ("number of bits:", x.nbits(), "\n")

In [3]:
def my_find_prime(b):
    "find a prime p of the given number of bits"
    
    upper_limit = (2^b) - 1
    lower_limit = (2^(b-1))
    
    p = random_prime(upper_limit, false, lower_limit)
   
    return (p)

In [4]:
def my_find_discrete_log_p_q(b, max_tries):
    "given a number of bits, find p and q, such that p is of bit size, p and q are both prime, and p = 2q + 1"
    
    tries = 0
    
    found = False
    
    while not found:
        
        q = my_find_prime(b-1)
    
        p = (2 * q) + 1
        
        if is_prime(p):
            found = true
            break
        
        tries += 1
        
        if tries > max_tries:
            print ("maximum tries without finding a p an q")
            return (1, 1)
    
    print ("\nTook " + str(tries) + " tries to find a p and q in " + str(b) + " bits")
    
    return (p, q)


In [5]:
# here you can set the bit size for p
# > 1024 will take a long time

# time permitting you can come back here and try it multiple times, and also try different bit sizes

b = 64
#b = 128
#b = 256
#b = 512
#b = 1024
#b = 2048
#b = 4096

In [6]:
(p, q) = my_find_discrete_log_p_q(b,1000)


Took 35 tries to find a p and q in 64 bits


In [7]:
my_print_number("p", p)


 p 

decimal: 10,931,848,699,714,761,683 

number of digits: 20 

hex: 97b5ba7914d073d3 

number of bits: 64 



In [8]:
my_print_number("q", q)


 q 

decimal: 5,465,924,349,857,380,841 

number of digits: 19 

hex: 4bdadd3c8a6839e9 

number of bits: 63 



In [9]:
def my_find_generator(p, q, num_generators):
    "given p and q where p = 2q + 1, start with 2 and find the first generator (generator size does not matter, smallest is best)"
    
    print ("\nFinding the first " + str(num_generators) + " generators for p:\n")
    print ("{:,}".format(p), "\n")
    
    generator_list = []
    
    g = 2
    
    while len(generator_list) < num_generators:
        
        if g == (p - 1):
            break
        
        if power_mod(g, q, p) != 1:
            generator_list.append(g)
            print ("generator: " + str(g))
        
        g += 1
            
    return generator_list

In [10]:
generator_list = my_find_generator(p, q, 100)


Finding the first 100 generators for p:

10,931,848,699,714,761,683 

generator: 2
generator: 5
generator: 6
generator: 7
generator: 8
generator: 13
generator: 15
generator: 17
generator: 18
generator: 20
generator: 21
generator: 22
generator: 23
generator: 24
generator: 28
generator: 31
generator: 32
generator: 38
generator: 39
generator: 45
generator: 47
generator: 50
generator: 51
generator: 52
generator: 54
generator: 55
generator: 58
generator: 60
generator: 63
generator: 66
generator: 68
generator: 69
generator: 70
generator: 72
generator: 74
generator: 77
generator: 79
generator: 80
generator: 82
generator: 83
generator: 84
generator: 86
generator: 88
generator: 89
generator: 92
generator: 93
generator: 95
generator: 96
generator: 97
generator: 98
generator: 106
generator: 107
generator: 112
generator: 114
generator: 117
generator: 118
generator: 122
generator: 124
generator: 125
generator: 128
generator: 130
generator: 133
generator: 134
generator: 135
generator: 137
generator