# Crypto Lab Part 1

## 1 What is Cryptography? 

---

## 2 Classical Ciphers

### 2.1 Caeser Cipher

A cipher is a system for transforming plain text into a code that others should not be able to read. We will have a look at one of the oldest and most famous ciphers, the **Caesar cipher** — named after Gaius Julius Caesar, who likely used it to send secret messages. It's hardly the best way to prevent others from reading your messages, but we'll get back to that. There exists ready-made Python modules you can use if you want to create something more secure, but for now, we’ll try to implement the Caesar cipher ourselves.

An intutive way to visualize the Caesar cipher is to draw the letters of the alphabet in a circle:

<center><img src="../images/alphabet-wheel.png"/></center>

To create a secret letter from a regular letter, we must use a number as a **secret key**. Both I and Ceasar likes the number 3, so we’ll use that.

In [None]:
A + 3 = D   T + 3 = W   Z + 3 = C 

We start with A and count forward 3 letters: B, C, D. So the letter A becomes the letter D. To decode, we do the same but in reverse. We start with D and count backward to get A. 

Now, we'll try to implement this in code! Below is a code cell where you find some skeleton code for an `encode()` and a `decode()` function. Fill in the missing parts of the functions so they can be used to encrypt and decrypt the input. You can run the cell to verify if your solution works as expected.

In [None]:
alphabet = "abcdefghijklmnopqrstuvwxyz"

def encode(character, key):
    """
    TODO: 
    Implement Caesar cipher encoding for a single lowercase letter.
    """

    return  # Replace this with your code

def decode(character, key):
    """
    TODO: 
    Implement Caesar cipher decoding for a single lowercase letter.
    """

    return  # Replace this with your code

# Test examples
print(encode("a", 17))  # Expected output: 'r'
print(decode("r", 17))  # Expected output: 'a'


<details>
<summary><strong>💡 Hint</strong></summary>

Encryption steps:
1. Find the index of the character in the alphabet.  
2. Add the key to this index to "shift" the letter.  
3. Use some trickery to wrap around if you go past 'z', like modulus operations.  
4. Return the new letter from the alphabet.

Decryption steps:
1. Find the index of the character in the alphabet.
2. Subtract the key to reverse the shift.
3. Use some trickery to wrap around if you go before 'z'.
4. Return the original letter from the alphabet.

</details>


Now that we have some functions, let's use them to encode words and phrases. We'll go through each letter in the word and encode it if it's in the alphabet (we'll skip characters like periods and spaces). Below is a code cell where we use the prior functions to encrypt and decrypt phrases. Running it should display the encryption and decrytion of `hello world`. Run it to see for yourself. 

*NB: Before running this cell, make sure you’ve already run the one above that defines the encode and decode functions. Otherwise, this code won’t work!*

In [None]:
key = 17
message = "hello world"

output = ""

for character in message:
    if character in alphabet:
        output = output + encode(character, key)
    else:
        output = output + character


print(output)

key = 17
message = "yvccf nficu"
output = ""

for character in message:
    if character in alphabet:
        output = output + decode(character, key)
    else:
        output = output + character

print(output)

In the same way we wrote functions to encode and decode individual letters, we now want to create functions to encrypt and decrypt entire messages. Your next task is to automate what we did above to encrypt and decrypt messages. Your task is to:
1. Write a function `encrypt()` that takes `message` and `key` as input, and returns the encrypted message using this key.
2. Write a function `decrypt()` that takes `secretmessage` and `key` as input, and returns the decrypted message using this key.

The skeleton code for these two functions is provided below. 

In [None]:
def encrypt(message, key):
    """
    TODO:
    Write a function to encrypt a full message using the Caesar cipher.
    """
    return  # Replace with your implementation


def decrypt(secretmessage, key):
    """
    TODO:
    Write a function to decrypt a full message using the Caesar cipher.
    """
    return  # Replace with your implementation


# Example tests
print(encrypt("hello world", 5))   # Expected: 'mjqqt btwqi'
print(decrypt("mjqqt btwqi", 5))   # Expected: 'hello world'


#### Expanding the Alphabet

We want to be able to encrypt different characters, not just lowercase letters. Then we need to make our program a bit more flexible, since we have said that our code only works properly if we have 26 characters in the alphabet. For now, we want to add uppercase letters, but it is also possible to add special characters like `,`, `.`, `?`, and `!`. 

In [None]:
alphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
l = len(alphabet)

def dynamic_encode(character, key):
    """
    TODO: 
    Implement Caesar cipher encoding for a single character in an arbitrary long alphabet.
    """

    return  # Replace this with your code

def dynamic_decode(character, key):
    """
    TODO: 
    Implement Caesar cipher decoding for a single character in an arbitrary long alphabet.
    """

    return  # Replace this with your code

# Test examples
print(dynamic_encode("a", 26))  # Expected output: 'A'
print(dynamic_decode("X", 29))  # Expected output: 'u'


#### [Optional Challenge]: Decrypting without the key 

We end this section with a challenge! Below are three different messages encrypted using different keys. They all contain common english words, but might have been encrypted using different alphabets. Use the provided skeleton code to find the secret keys and print the original messages. 

In [None]:
secretmessage_1 = "jhlzhy"
secretmessage_2 = "HVWg Wg O gSQfSh aSggOUS"
secretmessage_3 = "ZCCHMF RODBHzK BGzQzBSDQRv KHJD 'v'v 'w'v 'x'v zMC 'y' LzJDR SGHMFR GzQCDQw"

def find_key(secretmessage):
    """
    TODO: 
    Implement a way to find the key for a given secret message and print out the original message.
    """
    return # Replace this with your code



<details>
<summary><strong>💡 Hint</strong></summary>
The key size of the alphabet is not too large. I mean, we already have functions to decrypt secret messages...why not just try it with all possible keys?
</details>

---

## 3 Symmetric Encryption

### 3.1 Advanced Encryption Standard (AES)

---

## 4 Asymmetric Encryption

### 4.1 Primes and Randomness

### 4.1.1 Primes

Prime numbers are numbers that can only be divided evenly by 1 and themselves, such as 2, 3, 5, 7, and 11.

In modern cryptography, prime numbers are essential because it’s very hard to factor large numbers into their prime components. However, cryptographic systems don’t use small primes like 2 or 5 — instead, they rely on extremely large prime numbers for strong security.

Now, let's get started by looking at a number to see if it is a prime or not! 

Below you have a function 'is_prime' to check if a number is prime or not. Have a look at it and make sure you understand how it works.

In [None]:
def is_prime(n):
    for i in range(2, n):
        if n % i == 0:
            return False
    return True
  
print(is_prime(15)) # Should return False
print(is_prime(29)) # Should return True

#### Question 4.1.1.1: Explain what the function does at each line

Unfortunately, this function only works for small prime numbers. If you test with `is_prime(2147483647)`, you will see that the program takes quite a long time to finish. Thus, we'll have to improve the code to be faster!

In order to increase the computational speed, we will use a mathematical argument. Let's assume $n$ is a product of to other numbers $p$ and $q$: 

$$n=pq$$

Here, either $p$ or $q$ has to be smaller (or equal) to $\sqrt{n}$. Why? If both are bigger than $n$, we'll have the following:

$$ n=pq > \sqrt{n}\sqrt{n}=n $$

Now we have that $n>n$, which is impossible. Thus, one or the other has to be smaller or equal to $\sqrt{n}$.

Use this new knowledge to complete the code below. The only thing you need to change is the range of the function to avoid going through all possible digits up to $n$: 

In [None]:
from math import sqrt, ceil

def is_prime(n):
    """
    TODO: By using this new knowledge, change the '??' so it is possible to quickly computate is_prime(2147483647)

    for i in range(2, ??):
        if n % i == 0:
            return False
    return True
    """

print(is_prime(15)) # Should return False
print(is_prime(25)) # Should return False
print(is_prime(29)) # Should return True
print(is_prime(2147483647)) # Should return True

<details>
<summary><strong>💡 Hint</strong></summary>

1. Try using the newly imported functions, `sqrt` and `ceil` (`ceil` will round up to the nearest integer which is important to use since sqrt may return floats)
2. If 25 doesn't return False, maybe you should add 1? Make sure you understand why it works now by going through each iteration to see what happens.
</details>

Good job! You can now check if a number is prime. However, there are ways to make the algorithm run much faster, especially for large numbers.

Can you think of any improvements to optimize it?

#### Question 4.1.1.2: Suggest two ways to improve the code so it runs faster for large numbers

<details>
<summary><strong>💡 Hint</strong></summary>

Do you *really* need to check all digits each time? Could it be a prime if it is an even number? 
</details>

### 4.1.2 Randomness

If the same prime numbers are reused repeatedly, it becomes easier for an attacker to figure them out. That’s why **randomness** is a key part of modern cryptography.

### 🔐 Kerckhoffs's Principle

> **A cryptographic system should remain secure even if everything about it is public—except the key.**

For example, consider the **Caesar Cipher** which we previously looked at:  
If the shift is always fixed at 3, there’s essentially no key and thus no real security. But if the shift is chosen **randomly** and kept **secret**, the cipher becomes (a bit) more secure.

Below you can see a code snippet of how to compute random numbers using 'random'.

##### Task: Run the code several times to check if the same numbers appears several times:

In [None]:
from random import randint

for i in range(100):
    print(randint(0, 1000))

By looking at this examples it may seem like random numbers appears, but unfortunately, computers are not very good at creating truly random numbers. That’s why we often talk about *pseudo-random* numbers.

It's like using a machine to roll a die. If the machine uses the exact same force and angle every time, the result will always be the same.

Similarly, computers need a starting point to generate random numbers, called a seed. If you use the same seed, you’ll always get the same sequence of numbers.

##### Task: Run the code snippet below and verify - does the same numbers appear every single time?

In [None]:
from random import randint, seed

seed('Cybdat')

for i in range(100):
    print(randint(0, 1000))

The key takeaway is this: random numbers are only as good as the seed used to generate them. By default, Python uses the exact time the program starts as the seed. If a cryptographer does the same, and an attacker can guess that time (which often isn’t too hard), the entire system can be broken.

We've now seen that:
1. Random numbers must be **uniformly distributed**.  
2. The numbers **depend entirely on the seed**.  
3. Now, there's a third issue: **If someone sees previous values, can they predict the next ones?**

The Python documentation gives a clear warning:

> ⚠️ *The pseudo-random generators of this module should not be used for security purposes. For cryptographic uses, see the `secrets` module.*

The reason you shouldn't use Python’s `random` module for secret codes is that its output **may be predictable**.   
This is exactly why it's important to read the documentation — especially when working with security.


##### Task: Read the Python documentation for random numbers in the `secrets` module and change the codes above to use functions from `secrets` instead of `random`. 

### 4.2 Diffie-Hellman Key Exhange (DHKE) 

Earlier, you worked with the Caesar cipher, which is a simple form of encryption using **symmetric cryptography**. But that kind of encryption has a built-in problem: before sending a secret message, both sides must agree on a shared key. But how do you secretly agree on a secret in the first place?

A solution to this is the **Diffie-Hellman key exchange**, introduced by Whitfield Diffie and Martin Hellman in 1976 which is still used today. In this section, you'll implement their idea. By the end, you'll be able to "shout across a room" and still agree on a shared secret, without anyone else understanding it.

To do this, you'll need two key tools we've just looked at:  
- Prime numbers  
- Good random number generation 


Below is a picture of how the Diffie-Hellman is used to compute a secret key:

![Diffie-Hellman](../images/Diffie-Hellman-Key-exchange-protocol.png)

In this picture, Bob generates a share ($A$) by using a private number ($a$) and two primes ($g$ and $p$). $A$ is sent together with $g$ and $p$ to Alice, who computes $B$ using the received $g$ and $p$, as well as their private number ($b$). 

$B$ is thus sent back to Bob. and they may both compute the same key $K$ using the other persons share ($A$ or $B$) raised to the power of their private number ($a$ or $b$).

Why does this work?  
A proof for those interested (this will become relevant for later courses in your study):

##### Party A
$$
\begin{aligned}
A &= g^{a} \mod p \\\\
K_a &= B^{a} \mod p \\\\
    &= (g^{b} \mod p)^{a} \mod p \\\\
    &= (g^{b})^{a} \mod p \\\\
    &= g^{b a} \mod p
\end{aligned}
$$

##### Party B
$$
\begin{aligned}
B &= g^{b} \mod p \\\\
K_b &= A^{b} \mod p \\\\
    &= (g^{a} \mod p)^{b} \mod p \\\\
    &= (g^{a})^{b} \mod p \\\\
    &= g^{a b} \mod p
\end{aligned}
$$


Try it yourself with the code provided below. Simulate where one of you are Bob who picks the number $a$ between 1 and 23, and one other is Alice who picks number $b$:

In [None]:
p = 23
g = 5

def generate_A(a, g, p):
    return g**a % p

def generate_B(b, g, p):
    return g**b % p

def generate_K(B, a, p):
    return B**a % p

"""
TODO: Define a and b

a = 
b = 


A = (generate_A(a,g,p))
B = (generate_B(b,g,p))
K1 = (generate_K(B,a,p))
"""
"""
TODO: Fill out K2 so you can check if K1 and K2 are the same

K2 = (generate_K())
"""

Now that you've tested that the simple Diffie-Hellman code works, let's move on! 

Unfortunately, humans are not the best at finding random numbers. Let's therefore use a library we've covered already: `secrets`

In [None]:
from secrets import randbelow

def generate_A_and_a(g, p):
    a = randbelow(p - 1) + 1
    return (a, g**a % p)

#### Question 4.2.1: Explain what happens in the code snippet above. Why do we use `randbelow(p-1)+1`?

Now, let's assume two other groups tried to have a conversation that your group wasn't invited in on. Try to figure out how you may find the private number $a$ and thus $K$ by only eavesdropping on the information provided - namely $A$, $g$ and $p$.

In [None]:
unknown_a, A = generate_A_and_a(g, p)
B = generate_B(5, g, p)
unknown_K = generate_K(B, unknown_a, p)


def find_a(A, g, p):
    """"
    TODO: Fill in your code here without using unknown_a to figure out what a is

    """
    return False



a = find_a(A, g, p)
print(f" Found a: {a}, actual a: {unknown_a}")
K = generate_K(B, a, p)
print(f" Found K: {K}, actual K: {unknown_K}")

<details>
<summary><strong>💡 Hint</strong></summary>

Considering that $p$ is such a small number, is it possible to brute force this? 
</details>

### 🔒 Final Note: From Learning to the Real World

Every time you visit a website with a little padlock in the address bar, your browser is using the **same core ideas** you've just explored (algorithms like Diffie-Hellman) to agree on secret keys and keep your data safe.

> ⚠️ **Important Warning**  
> The code you've written here is great for learning, but it should **never be used in real-world security systems**.  
> Writing secure cryptographic code is extremely difficult, and even small mistakes can lead to serious vulnerabilities.  
> 
> Real-world systems use much **larger numbers** and rely on carefully tested, expert-built libraries.


# MARIUS: *Burde vi her vise viktigheten av større primes? Eller blir det for mye? Han har en oppgave om å finne et primtall større enn en bestemt grense for å lage p. Usikker på hvor mye det gir.*

---

## 5 Hashfunksjoner

Earlier, we looked at how we can ensure that no one can read the messages we send back and forth. Encryption also has another important purpose: to make sure that no one can alter the message while it is in trasnit. To understand why this is useful, imagine that you’re about to transfer 200 NOK to a friend. But by the time your message reaches the online bank, it has been changed to say that you want to transfer 2,000 NOK to your professor instead. This section is about a tool we have to help with this — hash functions.

### 5.1 Barcodes
We’ll start with an example used every time we’re at the store — the EAN-13 barcode. It is not a hash function per se, but it exhibits similar properties as one. Find a book nearby and look at the back. There, you’ll most often see a barcode with 13 digits underneath. The job of the last digit is to check whether an error has occurred in the other 12. If there has been an error, the cashier has to scan the item again — but that’s far better than accidentally registering a carton of cream when it was supposed to be milk. We’re now going to build a program that does the same thing as the checkout system in your local grocery store.

The rule is simple enough: Start with 12 digits, and process them one by one. Add the 2nd, 4th, 6th, etc. digits and multiply the sum by 3. Then add the 1st, 3rd, 5th, etc. digits and add that to your previous result. Look at the number you now have, and figure out how much you need to add to reach the nearest multiple of ten above. That’s your check digit.

In [None]:
def interpret_barcode(barcode):
    """Helper function for converting a barcode string into a list of digits."""
    # Check that we have a valid length of the barcode and that it only contains digits.
    if (len(barcode) != 13) or not (barcode.isdigit()):
        return None

    # Convert the string into a list of digits
    digits = [int(d) for d in barcode]

    return digits

def verify_barcode(digits):
    """
    TODO:
    Implement a function to verify a barcode using the checksum algorithm described for EAN-13.
    The function should return True if the barcode is valid, and False otherwise.
    """
    return  # Replace this with your code

verify_barcode(interpret_barcode("9780062731029"))  # Should return True
verify_barcode(interpret_barcode("9780062731028"))  # Should return False

#### Question 5.1: Check these barcodes: `9788205260429` and `978098146739`. If any of the check digits are incorrect, are you able to find the correct check digit?

#### Question 5.2: Could cheksum functionality, like we saw in EAN-13, be used for verification in secret messaging? Why or why not?

### 5.2: Using actual hash functions
Now we’re not going to try to program our own hash functions, because fortunately they are built into Python. All we need to do is create a small wrapper around the built-in functions to make them easier for us to use.

The hash function we’ll use now is strong enough to be used in almost any situation where high security is needed. It’s called SHA-256 and is commonly used in real-world systems. We have already defined a method for using it to hash data, as found in the code block below.

In [None]:
from hashlib import sha256

def hash(data):
    h = sha256()
    h.update(data.encode())
    return h.hexdigest()

You can test the function by for passing in arbitrary data. Try it for your self and observe how the output differs. You can also observe how the length of the output stays the same, regardless of your input.  

Previously, you programmed the Caesar cipher. However, one of its many weaknesses is that if you send the message with a messenger, the messenger can simply insert an entirely new message. It will probably be completely incomprehensible when decrypted, but there's no way for the recipient to determine whether you made a mistake or if the messenger tampered with the message. Now, we can do something about that.

We introduce the concept of a Message Authentication Code (MAC). MACs helps you verify that a message hasn’t been changed and that it came from someone who knows the secret key. It’s a way of adding a signature to a message that only the sender and receiver can create and verify — using a shared secret key. We can create a MAC by hashing the key and message together, and we can verify it by checking that the MAC someone gives us matches the MAC we calculate ourselves.

And now it's your turn to implement a function for both generating and verifying MACs:

In [None]:
def mac(key, message):
    """
    TODO:
    Implement a function to create a message authentication code (MAC) using the provided key and message.
    """
    return # Replace this with your code

def verify_mac(key, message, mac):
    """
    TODO:
    Implement a function to verify a message authentication code (MAC) using the provided key, message, and MAC.
    This function should return True if the MAC is valid, and False otherwise.
    """

    return # Replace this with your code

## 6: Putting it all together

**Prerequisites:**
- Complete all parts 1-5 of this lab
- Complemte the IoT lab

Now the time has come to put everything together. Your task is to create your own secret messaging scheme for the MicroBit. How you do this is up to you, but we have some pointers on how the scheme should work:
1. You should be able to exchange secret messages between two MicroBits. 
2. Provided with the same keys, the two MicroBits should be able to correctly decrypt eachother messages. 
3. Messages that has been changed in transit should be flagged somehow, meaning that you will have to implement message authentication. 
4. Two MicroBits with different keys should be able do correctly decrypt eachother's messages.  