## Exercise 5 ~ Polynomial Encryption Scheme

In [1]:
import random
import utils
params = utils.get_parameters()

In [2]:
# p: a large public prime
p = Integer(params.Q5_p)

# y: the private key for part 2
y = Integer(params.Q5b_y)

# z: the random number for encryption in part 1
z = Integer(params.Q5a_z)

In [3]:
ring = IntegerModRing(p)
Ring.<x> = PolynomialRing(ring)

In [4]:
# P: a public reducible polynomial of degree k > 0
# Used for modulation
P = Ring(params.Q5_P)

# G: a public reducible polynomial of degree k > 0
# Used as a base
G = Ring(params.Q5_G)

# Y: a public reducible polynomial of degree k > 0
# Used as the public key in part 1
Y = Ring(params.Q5a_Y)

# M: a public reducible polynomial of degree k > 0
# Used as encrypted data in part 1
M = Ring(params.Q5a_M)

# Z: a reducible polynomial of degree k > 0
# Z=G^{z_2}, used in part 2
Z = Ring(params.Q5b_Z)

# V: a reducible polynomial of degree k > 0
# Encrypted message to decrypt in part 2
V = Ring(params.Q5b_V)

We build `QRing`, the ring of polynomials modulo $P$.

In [5]:
QRing.<x> = Ring.quotient(P)

### 1. Encrypt $M(x)$ for the public key $Y(x)$ by using the integer $z$

In [6]:
# Encryption algorithm
def encrypt(G, Y, M, z):
    # 1: Sample z from { 0, 1, ..., n-1 }
    # 2: Z(x) <- (G(x))^z mod P(x)
    Z = QRing(G) ** z
    # 3: V(x) <- M(x) * (Y(x))^z mod P(x)
    V = QRing(M) * (QRing(Y) ** z)
    # 4: return (Z(x), V(x))
    return (Z, V)

In [7]:
a_Z, a_V = encrypt(G, Y, M, z)

In [8]:
print a_Z
print a_V

225908100365443684627306957924584923*x^16 + 38288812065621670387851925324921584*x^15 + 220746096145500473829711170083446554*x^14 + 64488510482324258144802004375227464*x^13 + 112687822123130875554237550668201034*x^12 + 476728348298306181635479343932709082*x^11 + 286569228701237719156121883478877783*x^10 + 144651844568979744198085562118925311*x^9 + 162735568017991734164720037662573479*x^8 + 538820669586962493187829763983808048*x^7 + 72131441992823027199706500722730450*x^6 + 82338937875812413136638724593009818*x^5 + 644214900178284851076679780873178607*x^4 + 181842784107414246180627179777111307*x^3 + 572083026649562563683756466345767486*x^2 + 277769076800908100739374495022601031*x + 485557968317910457471890026994886642
443766152124804919445034718980552468*x^16 + 646427559877355027502943381127693326*x^15 + 323696457239519122274690270026981104*x^14 + 366804946919289785422697218673359581*x^13 + 291616180259097720193194897959488231*x^12 + 23660637528384932031137307997328128*x^11 + 11788077662

### 2. Decrypt $Z(x)$, $V(x)$ with the secret key $y$

$A(x)=Z^y(x)=G^{zy}(x)=Y^z(x)$

$V(x)\times H^{-1}(x)=M(x)$

In [9]:
# Decryption algorithm
def decrypt(Z, V, y):
    # 1: A(x) <- (Z(x))^y mod P(x)
    A = QRing(Z) ** y
    # 2: B(x) <- (A(x))^-1 mod P(x)
    B = QRing(A) ** -1
    # 3: M(x) <- V(x) * B(x) mod P(x)
    M = V * B
    # 4: return M(x)
    return M

In [10]:
b_M = decrypt(Z, V, y)

In [11]:
print b_M

503872880176649919187500647298316272*x^16 + 448108830212726884195635070845879966*x^15 + 40142176636285399918280438448300632*x^14 + 545235221455774785336133991069896063*x^13 + 624103169448316473411194704127776080*x^12 + 422957851022610057192913669426144858*x^11 + 539858395160763652194579794579767763*x^10 + 405191785295021611611097957015438901*x^9 + 325546388948605779361074857529948791*x^8 + 661733762726954561371271906315852834*x^7 + 497710875828618858689680214284131868*x^6 + 283508675643580136908811425697299200*x^5 + 167853340820944549302371557532309047*x^4 + 445579911746622424641985456428136658*x^3 + 337126671827574694981362335395032279*x^2 + 157940171676356532805653092288576637*x + 654765336382858625101155794138000514
