# Research Topics Cryptography Part 3


## 1. Number Theory

### The Extended Euclidean Algorithm
1. What is the extended Euclidean algorithm and how does it work?

The extended Euclidean algorithm is an extension of the Euclidean algorithm. It computes, besides the greatest common divisor of integers a and b, the coefficients of Bézout's identity, that is integers x and y such that ax + by = gcd(a, b).The existence of such integers is guaranteed by Bézout's lemma



2. Explain how the extended Euclidean algorithm can be used to find the modular inverse of a number.

Extended Euclidean Algorithm finds x and y by using back substitutions to recursively rewrite the division algorithm equation until we end up with the equation that is a linear combination of our initial numbers. 


Computing the GCD:
- Begin with two positive integers, a and b.
- Apply the Euclidean Algorithm to find their GCD.
- This involves successive divisions and keeping track of remainders until you reach a remainder of zero. 
- The last nonzero remainder is the GCD.

Finding Bézout’s Coefficients:
- During the Euclidean Algorithm, maintain two sequences: one for quotients (q) and another for remainders (r).
- Use these sequences to write each remainder as a linear combination of a and b.
- The last two remainders are the GCD and 0, so you can write the GCD as a linear combination of a and b.
- This gives you Bézout’s coefficients, x and y.

Example: 56 and 15
![aaa](euclidean_example.jpg)



If a and b are coprime (i.e., their GCD is 1), then x is the modular multiplicative inverse of a modulo b, and y is the modular multiplicative inverse of b modulo a.
So a*x mod b = 1 and b*y mod a = 1

3. Prove that this algorithm find the modular inverse

Because of the Bézout's identity, the extended Euclidean algorithm can be used when the numbers a and b are coprime. This means that the greatest common divisor of a and b is 1. In this case, the extended Euclidean algorithm can be used to find integers x and y such that ax + by = 1. In other words, x is the modular multiplicative inverse of a modulo b, and y is the modular multiplicative inverse of b modulo a.



### Generating Public and Private Keys using the Euclidean Algorithm
1. Describe the process of generating public and private keys using the Euclidean algorithm.
    - Choose two large prime numbers p and q
    - Compute the product of the two primes: n = p * q
    - Compute the totient of the product of the two primes: t = p-1 * q-1
    - Choose a number e such that e is coprime to n and 1 < e < n (gcd(e, n) = 1)
    - Compute the private key with the extended Euclidean algorithm: d = e^-1 mod t
    - The public key is (e, n) and the private key is (d, n)

2. Show an example how to generate a key pair using this method



3. Implement the process in Python

referencies: https://brilliant.org/wiki/extended-euclidean-algorithm/


In [3]:
#Code to generate a private and public key pair
def egcd(a, b):
    x,y, u,v = 0,1, 1,0
    while a != 0:
        q, r = b//a, b%a
        #print(q,r)
        m, n = x-u*q, y-v*q
        print(m,n)
        b,a, x,y, u,v = a,r, u,v, m,n
    gcd = b
    return gcd, x, y

def modinv(a, m):
    gcd, x, y = egcd(a, m)
    if gcd != 1:
        return None  # modular inverse does not exist
    else:
        return x % m

def generate_e(phi):
    e = 2
    while True:
        if egcd(e, phi)[0] == 1:
            return e
        else:
            e += 1
            
def generate_keypair(p, q):
    n = p * q
    phi = (p-1) * (q-1)
    e = generate_e(phi)
    
    d = modinv(e, phi)
    return ((e, n), (d, n))

#print(generate_keypair(56, 15))

print(egcd(56,15))

0 1
1 -3
-1 4
3 -11
-4 15
15 -56
(1, -4, 15)


## 2. Public Key Infrastructure (PKI)

### Components of a PKI
- What are the main components of a Public Key Infrastructure (PKI)?

    - Certificate authority (CA)
    - Registration authority (RA)
    - Certificate database
    - Central directory
    - Certificate management system
    - Certificate policy

- How do these components interact with each other in a PKI system?

    The CA issues digital certificates to users and devices. The RA verifies the identity of the user or device requesting the digital certificate. The certificate database stores the digital certificate and its metadata, which includes how long the certificate is valid. The central directory is the secure location where the cryptographic keys are indexed and stored. The certificate management system is the system for managing the delivery of certificates as well as access to them. The certificate policy outlines the procedures of the PKI. It can be used by outsiders to determine the PKI’s trustworthiness.


- What roles do the Certification Authority (CA), Registration Authority (RA), and Certificate Revocation List (CRL) play in a PKI?

    - Certificate authority (CA): The CA is a trusted entity that issues, stores, and signs the digital certificate. The CA signs the digital certificate with their own private key and then publishes the public key that can be accessed upon request.
    - Registration authority (RA): The RA verifies the identity of the user or device requesting the digital certificate. This can be a third party, or the CA can also act as the RA.
    - Certificate revocation list (CRL): A certificate may be revoked before it expires, which signals that it is no longer valid. Without revocation, an attacker would be able to exploit such a compromised or mis-issued certificate until expiry.The certificate revocation list (CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted"

### How PKI Works
- Explain the process of key pair generation in a PKI.

PKI merges the use of both asymmetric and symmetric encryption.
So it uses the asymetric method to generate the key pairs. With the euclidean algorithm we can generate the public and private keys.


- How are digital certificates issued and validated in a PKI?

By the CA. The CA is a trusted entity that issues, stores, and signs the digital certificate. The CA signs the digital certificate with their own private key and then publishes the public key that can be accessed upon request.


- What is the role of a Certificate Authority (CA) in the PKI workflow?

The CA is a trusted entity that stores, issues, and signs the digital certificate. So it is the one that validates the digital certificate.

### PKI Certificates
- What information is typically included in a PKI certificate?

    The PKI certificate will contain the following:

    - Distinguished name (DN) of the owner
    - Owner’s public key
    - Date of issuance
    - Expiration date
    - DN of the issuing CA
    - Issuing CA’s digital signature

- How are certificates used for authentication and encryption purposes?

PKI certificates are used for authentication and encryption purposes by using the public key to encrypt the data and the private key to decrypt the data. The digital signature is used to verify the authenticity of the sender.

- What is the difference between a self-signed certificate and a certificate signed by a trusted CA?

A self-signed certificate is signed by the owner of the certificate, while a certificate signed by a trusted CA is signed by a trusted third party. The self-signed certificate is not as secure as the certificate signed by a trusted CA.

### Why is PKI Used?
- What are the main advantages of using a PKI for secure communication?

Cost Effectiveness: While for some that initial cost did seem jarring, in the the long run PKI’s fixed algorithm makes things much cheaper for organisations.
Government approved: PKI is often used by federal organisations. These organisations often consider PKI to be strategic to their security goals. Defence, health and banking also rely on PKI for authentication and authorisation.

- How does PKI help in ensuring the confidentiality, integrity, and authenticity of data?
    - Confientiality: PKI uses encryption to ensure that only the intended recipient can read the data.
    - Integrity: PKI uses digital signatures to ensure that the data has not been tampered with.
    - Authenticity: PKI uses digital certificates to verify the identity of the sender.


- Can you provide real-world examples of how PKI is used in different industries or applications?

 One of the most common uses of PKI is the TLS/SSL (transport layer security/secure socket layer), which secures encrypted HTTP (hypertext transfer protocol) communications. 
 
    Other examples include:
    - Email encryption and authentication of the sender
    - Signing documents and software
    - Using database servers to secure internal communications
    - Securing web communications, such as e-commerce
    - Authentication and encryption of documents
    - Securing local networks and smart card authentication
    - Encrypting and decrypting files
    - Restricted access to VPNs and enterprise intranets
    - Secure communication between mutually trusted devices such as IoT (internet of things) devices

ref: [text](https://www.okta.com/identity-101/public-key-infrastructure/)
[text_2](https://en.wikipedia.org/wiki/Public_key_infrastructure)
[text_3](https://cogitogroup.net/pki-the-pros-and-cons/)

## 3. Digital Signatures

### What's the goal of using digital signatures?
- Why are digital signatures important in cybersecurity?

Because they provide a way to verify the authenticity and integrity of digital documents. They are used to ensure that the sender of the document is who they claim to be and that the document has not been tampered with. And they are used to provide non-repudiation, which means that the sender cannot deny having sent the document.

![non-rep](Image+-+Non+repudiation.png)


- How do digital signatures help ensure the authenticity and integrity of digital documents?

-

- What are the advantages of using digital signatures over traditional handwritten signatures?

-The digital signature is unique to the signer and the document, and it cannot be forged.
- The digital signature enables the signer to sign documents remotely, without the need for a physical presence.
- The digital signature prevents the signer from denying that they signed the document.

### Implementation with public key cryptography
- How does public key cryptography work in the context of digital signatures?
- What are the key components involved in implementing digital signatures using public key cryptography?
- Explain the process of generating and verifying a digital signature using public key cryptography.

### How PKI integrates with digital signatures?
- What is PKI (Public Key Infrastructure) and how does it relate to digital signatures?
- How does PKI provide a framework for managing digital certificates used in digital signatures?
- Explain the role of Certificate Authorities (CAs) in PKI and their relationship with digital signatures.

## 4. Key Management and Distribution

### Symmetric Key Distribution using Symmetric Encryption
1. What are the advantages and disadvantages of using symmetric encryption for key distribution?
2. Can you provide examples of commonly used symmetric encryption algorithms for key distribution?
3. What are some best practices for securely distributing symmetric keys using symmetric encryption?

### Symmetric Key Distribution using Asymmetric Encryption
1. How does asymmetric encryption facilitate the distribution of symmetric keys?
2. What are the benefits and drawbacks of using asymmetric encryption for symmetric key distribution?
3. Can you explain the process of distributing symmetric keys using asymmetric encryption?
4. Are there any specific algorithms or protocols commonly used for symmetric key distribution using asymmetric encryption?

### Distribution of Public Keys
1. How are public keys distributed in a secure manner?
2. What are the challenges associated with distributing public keys?
3. Are there any specific protocols or standards used for the distribution of public keys?