This isn't for the course, just me learning some crypto thing I thought was interesting. It helps me learn general principles I can apply to other crypto topics.

ElGamal Encryption: https://en.wikipedia.org/wiki/ElGamal_encryption

In [1]:
import numpy as np
from crypto import GeneratePrimeGeneratorPair

# ElGamal Encryption

It's homomorphic!

## Multiplicative 
The multiplication ElGamal encryption scheme is

$$\large E(m) = (g^r, m \cdot h^r)$$

Where:
- $g$ is the generator of a cyclic group with prime-order $q$, $\mathbb{Z}_q$
- $r$ is an ephemeral key, chosen randomly from $\{1,...,q\}$, $ r \in \mathbb{Z}_q$
- $x$ is the private key, chosen randomly from $\{1,...,q\}$, $ x \in \mathbb{Z}_q$
- $h$ is the public key, $h = g^x \mod q$
- $m$ is the message, must be in $\mathbb{Z}_q$
- All computations are taken modulus $q$

In [2]:
def generate_keys(q, g):
    x = np.random.randint(1, q)
    h = pow(g, x, q)
    
    return x, (q, g, h)

In [3]:
def encrypt(message, public):
    q, g, h = public
    y = np.random.randint(1, q)
    s = pow(h, y, q)
    c1 = pow(g, y, q)
    c2 = (message * s) % q
    return c1, c2

def decrypt(c1, c2, secret, public):
    q, g, h = public
    s = pow(c1, secret, q)
    # Using Fermat's little theorem
    s_inv = pow(s, q-2, q)
    decrypted = (c2 * s_inv) % q
    return decrypted

In [4]:
# Alice and Bob agree on a group with a prime order and a generator of that group
q, g = GeneratePrimeGeneratorPair(13)
print(q, g)

# Alice generates the secret and public keys
secret, public = generate_keys(q, g)
print(secret, public)

c1, c2 = encrypt(69, public)
print(c1, c2)

message = decrypt(c1, c2, secret, public)
print(message)

4793 4557
4033 (4793, 4557, 3208)
3477 2626
69


In [5]:
# Encrypt two messages
a1, b1 = encrypt(3, public)
a2, b2 = encrypt(20, public)

# Multiply the encrypted messages
a3, b3 = a1*a2, b1*b2

# Decrypt the result
message = decrypt(a3, b3, secret, public)
print(message)

60


We get the result of multiplying the unencrypted values!

There's also an additive form:
$$\large E(m) = (g^r, g^m \cdot h^r)$$

This is homomorphic under addition.