In [2]:
import math

# 1 Shamir's three-pass protocol

In [6]:
M = int("010110111101", 2)
KA = int("101101110100", 2)
KB = int("001011011011", 2)

print("Input message:", M)

# Alice encrypts message
M_KA = M ^ KA

# Bob encrypts message again
M_KA_KB = M_KA ^ KB

# Alice decrypts message
M_KB = M_KA_KB ^ KA

# Bob decrypts message
M_out = M_KB ^ KB

print("Output message:", M_out)

Input message: 1469
Output message: 1469


Shamir's three-pass protocol is susceptible to man-in-the-middle attacks (no authentication of participants).

# 2 Diffie Hellman

## Requirements for n and e (p and g):

<ul>
    <li>n: is a large enough and randomly generated prime</li>
    <li>e: is a primitive root modulo n (1 < e < n - 1) (generator of Z<sup>*</sup><sub>n</sub>)</li>
</ul>

## Are the requirements for n and e fulfilled?

No.
<ul>
    <li>n is not large enough</li>
    <li>not randomly selected values for both e and n</li>
</ul>

In [13]:
n = 13
e = 11

a = 5 # Alice's secret
b = 7 # Bob's secret

A = e**a % n
B = e**b % n

KA = B**a % n
KB = A**b % n

print("Alice's secret key:", KA)
print("Bob's secret key:", KB)

Alice's secret key: 6
Bob's secret key: 6


In [10]:
math.gcd(n, e)

1

# 3 Discrete Logarithm Problem

In [25]:
n = 13
g = 11

A = 9
B = 3

G = [g**i % n for i in range(0, g + 1)]

a = G.index(A)
b = G.index(B)

print("Alice's secret:", a)
print("Bob's secret:", b)

Alice's secret: 8
Bob's secret: 4


# 4 Attack on textbook RSA

In [47]:
n = 2537
e = 13
C = 2081

In [79]:
c = math.floor(math.sqrt(2537))

for i in range(c - 1, 0, -2):
    if n % i == 0:
        p = i
        break
        
q = int(n / p)
phi = (p - 1) * (q - 1)

In [8]:
def ExtendedGCD(a,b):
    # initialization
    s1 = a; s2 = b
    u1 = 1; u2 = 0
    v1 = 0; v2 = 1
    while s2 > 0: # loop if not finished
        q = s1 // s2
        r = s1 % s2
        s1 = s2; s2 = r
        t = u2; u2 = u1 - q*u2; u1 = t
        t = v2; v2 = v1 - q*v2; v1 = t
    return u1, v1, s1

In [81]:
d, v1, s1 = ExtendedGCD(e, phi)

In [87]:
M = pow(C, d, n)
print("Plaintext:", M)
C = pow(M, e, n)
print("Ciphertext:", C)

Plaintext: 1819
Ciphertext: 2081


https://samsclass.info/141/proj/pRSA2.htm

# 5 Attack on textbook RSA — small exponent e

In [130]:
n = [377, 391, 589]
c = [330, 34, 419]

In [126]:
n = [3, 5, 7]
c = [2, 3, 2]

In [128]:
import functools

def mul_inv(a, b):
    return ExtendedGCD(a, b)[0] % b

def chinese_remainder(n, a):
    s = 0
    prod = functools.reduce(lambda a, b: a*b, n)
 
    for n_i, a_i in zip(n, a):
        p = prod / n_i
        s += a_i * mul_inv(p, n_i) * p
    return s % prod

https://rosettacode.org/wiki/Chinese_remainder_theorem

In [131]:
print("Message m:", chinese_remainder(n, c))

Message m: 1061208.0


# 6 Attack on textbook RSA — common module n

In [43]:
p = 11
q = 13
n = p * q

# Random values for eA and eB
e_A = 5
e_B = 11

math.gcd(e_A, e_B)

1

In [44]:
# Messages
m1 = 58
m2 = 58

# Ciphers
c1 = pow(m1, e_A, n)
c2 = pow(m2, e_B, n)

In [45]:
def calculate_comm_mod_n(e_A, e_B, c1, c2, n):
    x, y, temp = ExtendedGCD(e_A, e_B)
    C1, C2 = c1, c2
    
    if x < 0:
        C1 = ExtendedGCD(c1, n)[0]
        x = -x
    elif y < 0:
        C2 = ExtendedGCD(c2, n)[0]
        y = -y
        
    M1 = pow(C1, x)
    M2 = pow(C2, y)
    
    M = M1 * M2 % n
    
    return M

In [46]:
print("Plaintext m1:", m1)
print("Plaintext m2:", m2)
print("Ciphertext c1:", c1)
print("Ciphertext c2:", c2)
print("Decrypted ciphertext M:", calculate_comm_mod_n(e_A, e_B, c1, c2, n))

Plaintext m1: 58
Plaintext m2: 58
Ciphertext c1: 67
Ciphertext c2: 102
Decrypted ciphertext M: 58


# 7 Elgamal

In [235]:
for i in range(0, g + 1):
    print(pow(g, i, p))

1
11
4
5
3
7
12
2
9
8
10
6


In [249]:
p = 13
g = 11


a = 4 # Alice's secret key
b = 3 # Bob's secret key

m = 12

In [250]:
# Bob calculates part of his public key (p, g, pk_B)
pk_B = pow(g, b, p)
print("Bob's public key:", p, g, pk_B)

Bob's public key: 13 11 5


In [266]:
# Alice selects random k (1 ≤ k ≤ p − 2)
k = 7
# Alice calulates temporary key and ciphertext
pk_A = pow(g, k, p)
y = m * pow(pk_B, k)
print("Temporary key:", pk_B)
print("Ciphertext:", y)

Temporary key: 5
Ciphertext: 937500


In [267]:
z = pow(pk_A, p - 1 - b, p) # pk_B
M = z * y % p
z

5

In [268]:
print("Plaintext x:", m)
print("Decrypted ciphertext M:", M)

Plaintext x: 12
Decrypted ciphertext M: 12


http://wwwmayr.in.tum.de/konferenzen/Jass05/courses/1/presentations/Meier%20Andreas%20The%20ElGamal%20Cryptosystem.pdf

# 8 Elgamal

In [272]:
p = 2357
g = 2
a = 1751 # Alice's secret key
pk_A = 1185

m = 2035
k = 1520

In [273]:
# Bob calculates temp key and ciphertext
pk_B = pow(g, k, p)
y = m * pow(pk_A, k)
print("Temporary key:", pk_A)
print("Ciphertext:", y)

Temporary key: 1185
Ciphertext: 22932792403564589667959594096630853365622493513514878135542945887805226172536820259039753922604208754553838123562540011792779155477175662385208782341438288009678191010803316853145067431369966714750828946808477010721897196035639758211717000672704619914068460897222182669183485698464009726021777421316843095400423570986080358681029893312739038144477384687164118287543309070313320609693454520622209835589681719177731518563520077894071759169556090772479755807438140863912358002926558608226396415665473328369859205069493432363276422018404942543677129752024209434479387462945380585508990606803700921240012272029346381905613853643112423033712684876327128234889811597278311634921277749007063632785703223599559084620791806164615009568687873194540068922737387715071169720271361210791114399907081021091270520373325511874334964358427267568908867357030944845038239065123695770231434994710401237759937212844148255974218625327539694380213325345288370037209250132560630970322890430589

In [276]:
z = pow(pk_B, p - 1 - a, p) # pk_A
M = z * y % p
print("Plaintext x:", m)
print("Decrypted ciphertext M:", M)

Plaintext x: 2035
Decrypted ciphertext M: 2035
