# Modern Cryptography

- Assumes Alice & Bob have a secure way to share key
- Robustness against chosen-plaintext attacks

public-key cryptography
- public info: encryption key 
- private info: decryption key

> Relies on ONE-WAY FUNCTIONS

## 4.1 Interlude: Primes

> Positive integer, $p \geq 2$, is *prime* if only postive divisors are [1, p]. Otherwise, *composite*

### Exercise 4.1.2

"twin prime conjecture" states t.e. inf. many "twin primes". Examples are (3,5) (5,7) (11,13). 

> Give 5 more examples (of twin primes):

-- See following script block

In [78]:
# Sieve of Aritosthenes
"""
This was a side project of mine from around a year ago

Programming a way to generate a prime list using the 
sieve of Aritosthenes method
"""

def run_sieve(n = 20):
    primes = [1]
    mults = [1]

    for i in range(2,n+1):
        if (i not in mults):
            primes.append(i)
            [mults.append(i*j) for j in range(i, n//i+1)]
    
    return primes

In [79]:
k = 100

# Verify the sieve works by using this code:
# it generates the factor list for each value in the input list
# -- if sieve works, should be a list of [1,p] pairs only
# [[i for i in range(1, k) if p%i == 0] for p in run_sieve(k)]

# Check for twin primes
p_list = run_sieve(k)
[(a, b) for i in range(len(p_list)-1) if (b := p_list[i+1]) - (a := p_list[i]) == 2]

[(3, 5), (5, 7), (11, 13), (17, 19), (29, 31), (41, 43), (59, 61), (71, 73)]

### Exercise 4.1.3

Variation of twin prime conjecture: Every even integer can be written as the diff of consecutive primes in inf many ways.

EX:

$$ 6 = 29-23 = 137-131 = 599-593 $$

> Express the integer 10 as diff of 2 consecutive primes in 5 diff ways:

In [80]:
k = 100

# Verify the sieve works by using this code:
# it generates the factor list for each value in the input list
# -- if sieve works, should be a list of [1,p] pairs only
# [[i for i in range(1, k) if p%i == 0] for p in run_sieve(k)]

# Check for twin primes whose diff = 10
p_list = run_sieve(k)
[(b, a) for a in p_list for b in p_list if b - a == 10][:5]

[(11, 1), (13, 3), (17, 7), (23, 13), (29, 19)]

### Exercise 4.1.4

> Explain why, if an integer $n \geq 2$ is composite, it must be divisible by a prime $p$ such that $p \leq \sqrt{n}$. Then use this fact to determine whether or not 701 is prime

https://math.stackexchange.com/a/161100

- Suppose $n = pq$

- both $q>\sqrt{n}$ and $p>\sqrt{n}$ cannot be true at the same time 
  - since that would imply $pq > \sqrt{n}^2 > n$

- Thus t.e. $p \leq \sqrt{n}$

In [81]:
def is_prime(n):
    return not any([n%i == 0 for i in range(2, int(n**.5)+1)])

[is_prime(a) for a in [9, 10, 11, 701]]

[False, False, True, True]

## Ubiquity of Primes

Every positive integer $n \geq 2$ can be written (uniquely) as a product of primes (aka *prime factorization*)

## Fundamental Theorem of Arithmetic 4.1.5

Any positive integer $n \geq 2$ has a unique prime factorization. 

I.e. t.e. expression

$$ n = p_1^{\epsilon_1} \dots p_1^{\epsilon_1}$$

- $p_1,...p_r$ are primes
- $\epsilon_1...\epsilon_r$ are positive integers

Expression is unique up to reordering the indices

### Exercise 4.1.6

> Find the prime factorization of 1231 and of 1232

In [121]:
class continue_outer(Exception):
    pass

def get_prime_factorization(n):
    sqrt_n = int(n**.5) + 1
    primes = run_sieve(sqrt_n)

    primelist = []
    while (n != 1):
        try:
            for k in primes[1:]:
                if n%k==0:
                    primelist.append(k)
                    n //= k
                    raise continue_outer
        except continue_outer:
            continue
        primelist.append(n)
        n //= n
    return [1] + primelist

[get_prime_factorization(i) for i in [1231, 1232]]

[[1, 1231], [1, 2, 2, 2, 2, 7, 11]]

### Exercise 4.1.7

> A) Find all prime factors of 50!
> 
> B) Find the prime factorization of 10!
> 
> C) Find the prime factorization of $11!/2^8$

$$ 
2 * 3 * 2^2 * 5 * 2*3 * 7 * 2^3 * 3^2 * 2*5 * 11 / 2^8 \\
3 * 5 * 3 * 7 * 3^2 * 5 * 11
$$

In [147]:
from functools import reduce

A_ans = []
for i in range(1, 51):
    A_ans += get_prime_factorization(i)[1:]


B_ans = []
for i in range(1, 10):
    B_ans += get_prime_factorization(i)[1:]

C_ans = []
# for i in range(1, reduce(lambda a,b: a*b, range(1, 11), 1)//8):
    # C_ans += get_prime_factorization(i)[1:]

# Verifying
# reduce(lambda a,b: a*b, A_ans, 1) == reduce(lambda a,b: a*b, range(1,51), 1)
# reduce(lambda a,b: a*b, B_ans, 1) == reduce(lambda a,b: a*b, range(1,10), 1)

{
    'A': A_ans,
    'B': B_ans
}

{'A': [2,
  3,
  2,
  2,
  5,
  2,
  3,
  7,
  2,
  2,
  2,
  3,
  3,
  2,
  5,
  11,
  2,
  2,
  3,
  13,
  2,
  7,
  3,
  5,
  2,
  2,
  2,
  2,
  17,
  2,
  3,
  3,
  19,
  2,
  2,
  5,
  3,
  7,
  2,
  11,
  23,
  2,
  2,
  2,
  3,
  5,
  5,
  2,
  13,
  3,
  3,
  3,
  2,
  2,
  7,
  29,
  2,
  3,
  5,
  31,
  2,
  2,
  2,
  2,
  2,
  3,
  11,
  2,
  17,
  5,
  7,
  2,
  2,
  3,
  3,
  37,
  2,
  19,
  3,
  13,
  2,
  2,
  2,
  5,
  41,
  2,
  3,
  7,
  43,
  2,
  2,
  11,
  3,
  3,
  5,
  2,
  23,
  47,
  2,
  2,
  2,
  2,
  3,
  7,
  7,
  2,
  5,
  5],
 'B': [2, 3, 2, 2, 5, 2, 3, 7, 2, 2, 2, 3, 3]}

## Euclid's Lemma 4.1.8

Suppose a and b are integers and that d is a divisor of ab such that gcd(a,d) = 1. 

Then d is a divisor of b

> *Proof*
> 
> By Bezout's thm, t.e. x and y s.t. 1 = gcd(a,d) = ax + dy
> 
> b = abx + bdy
> 
> - given that d divides ab ==> d also divides abx
> - d divides bdy since it is a multuple of d
> 
> Thus d divides the sum of abx+bdy = b

### Exercise 4.1.9

> Explain why lemma 4.1.8 implies the following:
>  
> If a and b are integers, p is a prime, and p divides ab
>  
> Then either 
> - p divides a
> - p divides b

If p is prime, then either
- gcd(p, a) = 1 
- gcd(p, b) = 1

leaving proof of this till later due to lack of time

-- Lack of time to do Proof Exercises 4.1.10 and 4.1.11

## Scarcity of Primes

Literal Sense
- As a proportion of all integers, very few integers end up being prime!

Difficulty of Factoring Sense
- prime factorizations are extremely difficult to actually calculate, even for moderately large numbers

## One-Way function revisited

$$ u(p, q) = pq $$

- p,q are sufficiently large prime numbers

Easy to compute product, Hard to invert function.
- basis for RSA

# 4.2 Euler's Phi Function

> Defn 4.2.1: For a positive integer, n, let $\phi(n)$ denote the number of integers $r$ with $0 \leq r < n$ and gcd(n, r) = 1. The function $ n \rightarrow \phi(n) $ is called *Euler's phi function* (or *Euler's totient function*).

Ex: When counting num of affine encryption using English alphabet, finding the number of inversible $a$ values:

$$ \phi(26) = 12 $$

### Exercise 4.2.2

> Compute $\phi(12), \phi(13), \phi(14), \phi(15)$

In [157]:
def gcd(n, r):
    if r==0:
        return n
    return gcd (r, n%r)

def phi(n):
    return len([i for i in range(1, n) if gcd(n, i) == 1])

[print(f'phi({n})={phi(n)}') for n in [12, 13, 14, 15]]

phi(12)=4
phi(13)=12
phi(14)=6
phi(15)=8


[None, None, None, None]

### Exercise 4.2.3 

> Explain why, in a languge that uses an alphabet with $n$ letters, the number of dstinct affine encryption functions is $n\phi(n)$

Affine encryption functions are made distinct by their values of (a, b). Valid values of a must be inversible under modulo n (for an alphabet of n letters). Valid values of b fall within the range of [0, n-1].

The number of unique pairs (a,b) can be calculated by multiplying the magnitude of each set. $||a|| = \phi(n)$, $||b|| = n$.

### Important Exercise 4.2.4

> Suppose p is prime.
> 
> a) Explain why $\phi(p) = p - 1$
> 
> b) Explain why $\phi(p^e) = p^e - p^{e - 1} = p^{e - 1}(p - 1)$ for any $e \geq 1$

A) If p is prime, then the only factors of p are (1, p). For all integers r with $0 \geq r < p$, gcd(p, r) = 1 since there are NO common factors / common divisors for any values (1..p-1). Thus the value of $\phi(p) = p-1$

B) Struggled with this. Found a post on class Zulip that addressed this. Shoutout to Theodore Ching

$$
\begin{align*}
\phi(p^e) &= |n \leq p^e:\{gcd(n, p^e) = 1\}| \\
          &= |n \leq p^e| - |n \leq p^e:\{gcd(n, p^e) \neq 1\}| \\
          &= |\{1,2,\dots,p^e\}| - |n \leq p^e: \text{multiples of $p^e$}| \\
          &= |\{1,2,\dots,p^e\}| - |\{kp | 1 \leq k \leq p^{e-1}\}| \\
          &= p^e - p^{e - 1} \\
          &= p^{e - 1}(p - 1) \\
\end{align*}
$$

## 4.2.5 Multiplicity of Euler's Phi Functions 

If gcd(a,b) = 1

Then $\phi(ab) = \phi(a)\phi(b)$

### Proof Exercise 4.2.6

> Fill in details of the proof sketch for Multiplicity of Euler's Phi functions. In particular, explain how the Affine Cipher Lemma plays into the ideas discussed in the second paragraph of the sketch above.

-- skipping for purpose of time

## 4.2.7 Formula for Euler's Phi Function 

Suppose $n = p_1^{e_1} \dots p_r^{e_r}$ is the prime factorization of n. Then

$$ \phi(n) = p_1^{e_1-1} (p_1 - 1) \dots p_r^{e_r -1} (p_r - 1) $$

### Proof Exercise 4.2.8

> Prove the formula for Eurler's phi function using the multiplicativity property and the calculation of $\phi(p^e)$

$$ \phi(n) = p_1^{e_1-1} (p_1 - 1) \dots p_r^{e_r -1} (p_r - 1) $$

Since gcd($p_1^{e_1}$, $p_r^{e_r}$) = 1 for all prime factors of $n$ (since they are all prime)

Then $\phi(n) = \phi(p_1^{e_1})\dots\phi(p_r^{e_r})$

Which $= p_1^{e_1-1}(p_1 - 1)\dots p_r^{e_r}(p_r - 1)$

### Exercise 4.2.9 

> Use the formula for Euler's phi function to calculate $\phi(n)$ for each of the following values of n
> 
> a) n = 20 = 2^2 * 5
>
> b) n = 25 = 5^2
>
> c) n = 30 = 2 * 3 * 5
>
> d) n = 35 = 5 * 7
>
> e) n = 40 = 2^3 * 5


In [181]:
from collections import Counter

def phi_e(n):
    return reduce(lambda a,b: a*b, [p**(e-1) * (p-1) for p,e in Counter(get_prime_factorization(n)[1:]).items()], 1)

# Test with the other phi function defined
# phi_e(20) == phi(20), phi_e(25) == phi(25), phi_e(30) == phi(30), phi_e(35) == phi(35), phi_e(40) == phi(40)

[phi_e(v) for v in [20, 25, 30, 35, 40]]

[8, 20, 8, 24, 16]

### Exercise 4.2.10 

> Explain why $\phi(n)$ is always even when $n \geq 3$

Note how Euler's Phi Function involves multiplying $(p_r - 1)$

We know that the values of p are prime. All prime numbers above 2 are ODD since any even numbers would be composite with respect to 2.

This means that the phi function would always end up multiplying by some even number (odd - 1) = even.

Having an even number as multiplicand or multiplier ANYWHERE will ensure the end result is an even number

$$
a = 2n.\\
ka = 2kn = 2(kn)
$$

### Exercise 4.2.11

> Explain why we can also write 

$$
\phi(n) = n \prod_{p|n} (1 - \frac{1}{p})
$$

$$
\begin{align*}
\phi(n) &= p_1^{e_1-1} (p_1 - 1) \dots p_r^{e_r -1} (p_r - 1)\\
\phi(n) &= p_1^{e_1-1} (p_1 - 1) \dots p_r^{e_r -1} (p_r - 1)
\end{align*}
$$

-- out of time

## 4.2.13 Euler's Theorem

Suppose n is a positive integer and a is another integer with gcd(a, n) = 1

Then

$$ a^{\phi(n)} \equiv 1 \text{\qquad (mod n)} $$

*Proof Sketch*

Let $r_1, \dots, r_{\phi(n)} $ be integers 0 and n-1 which are relatively prime to n.

Since gcd(a, n) = 1, 
- $ar_1, \dots, ar_{\phi(n)}$ represent the same congruence classes

Communicative multiplication of integers:

$$
\begin{align*}
r_1 \dots r_{\phi(n)}   & \equiv (ar_1) \dots (ar_{\phi(n)}) \\
                        & = a^{\phi(n)}r_1 \dots r_{\phi(n)}
\end{align*}
$$

Can now multiply mod n by $r_{\phi(n)}^{-1}$, and $r_{\phi(n)-1}^{-1}$, and so forth, all the way down to $r_1^{-1}$ to conclude

$$
1 \equiv a^{\phi(n)} \text{\qquad mod n}
$$

### Proof Exercise 4.2.14

> Fill in the details in the above proof sketch

Examples

> Note that 20 = 2^2 * 5. So $\phi(20) = 2(1) * 1(4) = 8$

For any a relatively prime to 20, $a^{\phi(20)} = a^8 \equiv 1$ mod 20

Take a = 3. Can check if gcd(3,20) = 1:

$$
\begin{align*}
3^2 &= 9\\
3^4 &= (3^2)^2 = 9^2 = 81 \equiv 1 \text{\qquad (mod 20)}\\
3^8 &= (3^4)^2 = 1^2 = 1 \text{\qquad (mod 20)}
\end{align*}
$$

---

Can also use this thm to compute large powers of numbers

$7^{20232023}$ mod 20?

> Note that 20232000 is divisible by 8

$$ 20232023 = 2023200 + 23 \equiv 23 \equiv 7 \text{\qquad (mod 8)} $$

$$7^{20232023} = 7^{8q+7} = (7^8)^q7^7 \equiv q^q7^7 = 7^7 \text{\qquad (mod 20)}$$

Now to compute $7^7$ mod 20:

$$
\begin{align*}
7^2 &= 49 \equiv 9 \text{\qquad (mod 20)}\\
7^4 &= (7^2)^2 \equiv 9^2 = 81 \equiv 1 \text{\qquad (mod 20)}\\
7^7 &= (7^4)\cdot 7^2 \cdot 7= 1 \cdot 9 \cdot 7 = 63 \equiv 3 \text{\qquad (mod 20)}
\end{align*}
$$

Thus $7^{20232023}$ mod 20 = 3


### Exercise 4.2.15

> Show that 51 divides $10^{32n+9} - 7$ for any integer $n \geq 0$

- 51 = 3*17

-- lack of time to work this out

### Exercise 4.2.16

> Find the units digit of $3^{100}$

- Units digit AKA mod 10. 
- 10 = 2*5
- gcd(3, 10) = 1

$\phi(10) = 1(1) * 1(4) = 4$

$ 3^{100} = (3^4)^25 \equiv 1^25 = 1 $ (mod 10)

In [185]:
# Verifying
3**100 % 10

1

### Exercise 4.2.17

> Fix prime number p. There are two versions of "Fermat's little theorem"
>
> a) If a is in integer that is NOT divisible by p, then $a^{p-1} \equiv 1$ (mod p)
> 
> b) For any integer a, we have $a^p \equiv a$ (mod p)
> 
> Explain how to derive both of these statements from Euler's theorem. You may find it helpful to first derive statement (a), then use that to derive statement (b).

-- out of time to work this out