SID: S3979030

Name: Nguyen Phuc Doan

Lecturer: Dr. Jeff Nijsse 

Subject: INTE264[1|2] - Blockchain Technology Fundamentals

Assignment: 1

Due Date: 12:00pm, 25th Jul 2025

# Hash Function



In [17]:
import hashlib
import time
import secrets
import itertools
import string


# --- Core hash function ---
def hash_string(s, algo='sha256'):
    s_bytes = s.encode()
    if algo == 'sha256':
        return hashlib.sha256(s_bytes).hexdigest()
    elif algo == 'sha3_256':
        return hashlib.sha3_256(s_bytes).hexdigest()
    elif algo == 'blake2b':
        return hashlib.blake2b(s_bytes, digest_size=32).hexdigest()
    elif algo == 'md5':
        return hashlib.md5(s_bytes).hexdigest()
    elif algo == 'sha1':
        return hashlib.sha1(s_bytes).hexdigest()
    else:
        raise ValueError(f"Unsupported hash algorithm: {algo}")


# Flip bit of first character
def string_bitflip(s):
    b = bytearray(s.encode())
    if b:
        b[0] ^= 0x01
    return b.decode(errors='replace')


# Hamming distance between two hex hashes
def hamming_distance(h1, h2):
    b1 = bytes.fromhex(h1)
    b2 = bytes.fromhex(h2)
    return sum(bin(x ^ y).count('1') for x, y in zip(b1, b2))


# --- Avalanche Effect Demonstration ---
def avalanche_demo(user_string, algorithms):
    print(f"Original string: {user_string}\n")
    for algo in algorithms:
        original_hash = hash_string(user_string, algo)
        modified_string = string_bitflip(user_string)
        modified_hash = hash_string(modified_string, algo)
        dist = hamming_distance(original_hash, modified_hash)
        bit_len = len(original_hash) * 4  # bits

        print(f"Algorithm: {algo}")
        print(f"Original hash:  {original_hash}")
        print(f"Modified string:{modified_string}")
        print(f"Modified hash:  {modified_hash}")
        print(f"Hamming distance: {dist} bits (~{(dist / bit_len) * 100:.2f}%)\n")


# --- Pre-image Brute Force Search ---
def brute_force_preimage(
    target_input,
    algo='sha256',
    max_iter=100_000,
    method='exhaustive',
    charset=string.ascii_lowercase,
    length=3,
):
    target_hash = hash_string(target_input, algo)
    print(f"Try to break {algo.upper()} hash of '{target_input}':")
    print(f"Target hash: {target_hash}")
    print(f"Method: {method} | Charset length: {len(charset)} | Length: {length}\n")

    found = False
    start = time.time()

    if method == 'exhaustive':
        for attempt_tuple in itertools.product(charset, repeat=length):
            attempt = ''.join(attempt_tuple)
            h = hash_string(attempt, algo)
            if h == target_hash:
                print(f"Found preimage: '{attempt}' in {time.time() - start:.2f} seconds")
                found = True
                break
    elif method == 'random':
        for i in range(max_iter):
            attempt = ''.join(secrets.choice(charset) for _ in range(length))
            h = hash_string(attempt, algo)
            if h == target_hash:
                print(
                    f"Found preimage: '{attempt}' in {i+1} attempts, {time.time() - start:.2f} seconds"
                )
                found = True
                break
    else:
        raise ValueError("Unsupported method. Use 'exhaustive' or 'random'.")

    if not found:
        print(f"Preimage not found after {max_iter} attempts (expected for strong hash).")
        print(f"Time taken: {time.time() - start:.2f} seconds\n")


# --- Run Avalanche Demo ---
algos_to_test = ['sha256', 'sha3_256', 'blake2b', 'md5', 'sha1']
avalanche_demo("Do", algos_to_test)


# --- Run Pre-image Attacks ---

# MD5 is fast, exhaustive search feasible for short inputs
brute_force_preimage('abc', algo='md5', method='exhaustive', charset=string.ascii_lowercase, length=3)

# SHA1 demo with random search (because exhaustive is expensive)
brute_force_preimage('abc', algo='sha1', method='exhaustive', charset=string.ascii_lowercase, length=5, max_iter=500_000)

# SHA256 random brute force with limited attempts (real exhaustive search infeasible at this length)
brute_force_preimage('abc', algo='sha256', method='random', charset=string.ascii_lowercase, length=5, max_iter=1_000_000)


Original string: Do

Algorithm: sha256
Original hash:  30094e0bec0046da8f925ebda9575f3d8377a75692436516260782fafd709a6f
Modified string:Eo
Modified hash:  37ace320e479e96115635edebf1bba7338fec7d344d40fbd0206511c7694584f
Hamming distance: 120 bits (~46.88%)

Algorithm: sha3_256
Original hash:  25c801aac4736ed51caeca3c0aa8d8c6e001b5217db393970fdd4199b1569ec9
Modified string:Eo
Modified hash:  9fc850a0fd3fd75b70a73c0108d931c7b93f54a2d38e8d93cd117aab569fadea
Hamming distance: 117 bits (~45.70%)

Algorithm: blake2b
Original hash:  6a6efbda443be4d9264641a6564af24d7078ea6852eea8fbecb66fb247c30b60
Modified string:Eo
Modified hash:  8adaa824edd10de89cf8b2f42da2e19ad009cf8e2553c6b68b42d4d5cb343c87
Hamming distance: 151 bits (~58.98%)

Algorithm: md5
Original hash:  0567953871b1bf589b797d9b178d5a94
Modified string:Eo
Modified hash:  7f09091df867fc39f5fcf9a2531d1a4a
Hamming distance: 56 bits (~43.75%)

Algorithm: sha1
Original hash:  22bdf47be3fd0a53ecdf5d6edbde0a2c6b97f0e0
Modified string:Eo
Modi

# Explanation of the Hash Function Demonstration and Pre-image Brute Force Code

## Overview
This Python script demonstrates the *avalanche effect* of various cryptographic hash functions and attempts *pre-image brute force attacks* on these hashes. It uses several hash algorithms from Python's `hashlib` and conducts experiments to show how small input changes affect the output and how difficult it is to find an original input from a hash.

---

## Code Breakdown

### 1. Hash Function Wrapper: `hash_string`
- Takes a string `s` and an algorithm name.
- Encodes the string to bytes and hashes using the specified algorithm.
- Returns the hash as a hexadecimal string.
- Supports common hashes: SHA256, SHA3-256, BLAKE2b (32 bytes), MD5, and SHA1.  
This standardizes hash calls for other parts of the code.

---

### 2. Input Bit Flip: `string_bitflip`
- Converts the input string into bytes.
- Flips the least significant bit of the first character's byte (`XOR` with `0x01`).
- Converts back to a string, replacing invalid characters if any appear.
- This simulates a *minimal input change* to test the avalanche effect (small input change causes large output change).

---

### 3. Hamming Distance Calculation: `hamming_distance`
- Takes two hexadecimal hashes.
- Converts them to bytes.
- Computes the Hamming distance as the count of bits that differ between two byte sequences.
- Used to measure how drastically the hash output changes after flipping a bit in the input.

---

### 4. Avalanche Effect Demonstration: `avalanche_demo`
- Shows how changing one bit in the input affects the hash output.
- Prints hashes and Hamming distances.
- An ideal hash function exhibits an avalanche effect where about half the bits in the hash output differ after a slight input change[1][3].

---

### 5. Pre-image Brute Force Attack: `brute_force_preimage`
- Simulates how difficult it is to invert a hash (find original input from hash).
- Exhaustive search is feasible for fast hashes (MD5) and short lengths.
- Random search helps for longer inputs/hashes where exhaustive search is infeasible.
- Demonstrates that strong hashes like SHA256 are practically unbreakable in reasonable time[3].

---

## Explanation of the Output Results

### Avalanche Effect Results
- For the original string `"Do"` and bit-flipped `"Eo"`:
- Each hash algorithm produces a vastly different hash output.
- The Hamming distances (number of differing bits) are roughly between **43% and 59%** of the output bit length.
- This confirms the *avalanche effect*, indicating even a 1-bit change in the input drastically changes about half the output bits[1][3].

| Algorithm | Hamming Distance (bits) | Percentage of Bits Changed |
|-----------|------------------------|----------------------------|
| sha256    | 120                    | ~46.88%                    |
| sha3_256  | 117                    | ~45.70%                    |
| blake2b   | 151                    | ~58.98%                    |
| md5       | 56                     | ~43.75%                    |
| sha1      | 69                     | ~43.12%                    |

This validates correctness and strength of the hashing algorithms in randomizing their outputs even with minor input changes.

---

### Pre-image Attack Results
- **MD5, input "abc", length=3, exhaustive search:**
  - Successfully recovers `"abc"` immediately since search space is small.
  - Demonstrates that short inputs hashed with fast but weak hash like MD5 can be brute-forced quickly.
  
- **SHA1, input "abc", length=5, exhaustive search with 500,000 attempts:**
  - No preimage found, indicating search space is too large for exhaustive brute force.
  - Reflects stronger security compared to MD5.

- **SHA256, input "abc", length=5, random search with 1,000,000 attempts:**
  - No preimage found, showing practical infeasibility even with large number of attempts.
  - Demonstrates the robustness of SHA256.

---

## Summary of Code Functionality and Results

- The code illustrates important cryptographic concepts:
  - **Avalanche Effect:** Small input changes cause large unpredictable changes in hash output.
  - **Preimage Resistance:** Hardness of reversing hash outputs to original inputs.
- Hash functions like SHA256, SHA3-256, and BLAKE2b exhibit strong avalanche behavior.
- Practical brute force preimage attacks are only feasible on weak or short hash inputs (e.g., MD5 with very short length).
- Stronger hashes require gargantuan effort to invert, as confirmed by the randomized brute force results.

---

## References
- Avalanche effect: Wikipedia [3]
- Hashlib module usage and hash security basics[2][6][10]
- Hash function design and resistance principles[1][5]


In [4]:
import hashlib

# Target password to hash
target_password = "secret"
hashed = hashlib.sha1(target_password.encode()).hexdigest()
print(f"SHA1 Hash of '{target_password}':\n{hashed}")


SHA1 Hash of 'secret':
e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4


In [19]:
import hashlib
import itertools
import string
import time

# Hash to crack
target_hash = 'e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4'  # SHA1("secret")

# Charset: lowercase only
charset = string.ascii_lowercase

# Max length of password
max_len = 6

found = False
start = time.time()

for length in range(1, max_len + 1):
    for guess in itertools.product(charset, repeat=length):
        guess_str = ''.join(guess)
        guess_hash = hashlib.sha1(guess_str.encode()).hexdigest()
        if guess_hash == target_hash:
            print(f"\nPassword cracked: {guess_str}")
            print(f"Time taken: {time.time() - start:.2f}s")
            found = True
            break
    if found:
        break

if not found:
    print("Password not found (try increasing max_len or charset)")


Password cracked: secret
Time taken: 207.76s


# MERKEL TREE

- **What is it?**  
  A **Merkle Tree** is a way to organize and verify a large number of data items (like transactions) using cryptographic hashes.

  Because checking every single item one by one is slow and inefficient — Merkle Trees help us:
  - **Quickly verify** if a piece of data is part of a larger dataset
  - **Detect tampering** if even a tiny part of the data has been changed
  - **Save space** and improve performance when dealing with big datasets



- **Definition**: 
 
  A **Merkle Tree** is a binary tree data structure where each **leaf node** contains a hash of data, and each **non-leaf node** contains the hash of its two child nodes.



<img src="https://media.geeksforgeeks.org/wp-content/cdn-uploads/MerkleTree-min-1024x512.png" width="600"/>

  - Each data item is **hashed** (converted into a short fixed-length string)
  - Hashes are paired and **combined up** the tree until one single hash remains — the **Merkle Root**
  - To verify a data item, you only need a few hashes (called a **Merkle proof**) — not the whole dataset!




In [1]:
import hashlib

def hash_data(data: str, hash_function: str = "sha256") -> str:
    """Hash string data using specified hash function and return hex digest."""
    h = hashlib.new(hash_function)
    h.update(data.encode('utf-8'))
    return h.hexdigest()

class HashLeaf:
    """Represents a leaf node holding the hash of a transaction (string)."""

    def __init__(self, tx: str, hash_function: str = "sha256"):
        assert isinstance(tx, str), "Transaction must be a string"
        self.tx = tx
        self.hash_function = hash_function
        self.height = 1
        self.data = hash_data(tx, hash_function)

    def duplicate(self):
        """Return a duplicate of this leaf."""
        return HashLeaf(self.tx, self.hash_function)
    
    def update_tx(self, new_tx: str):
        """Update the transaction string and recalculate hash."""
        assert isinstance(new_tx, str)
        self.tx = new_tx
        self.data = hash_data(new_tx, self.hash_function)

    def __eq__(self, other):
        return isinstance(other, HashLeaf) and self.data == other.data and self.height == other.height

    def __repr__(self):
        return f"HashLeaf(height={self.height}, data={self.data[:10]}...)"

class HashNode:
    """Represents an internal node holding hash of two child nodes' hashes."""

    def __init__(self, left_node, right_node, hash_function: str = "sha256"):
        assert isinstance(left_node, (HashLeaf, HashNode))
        assert isinstance(right_node, (HashLeaf, HashNode))
        assert left_node.hash_function == hash_function == right_node.hash_function

        self.left = left_node
        self.right = right_node
        self.hash_function = hash_function
        self.height = left_node.height + 1
        self.data = hash_data(left_node.data + right_node.data, hash_function)

    def duplicate(self):
        """Return a duplicate node recursively duplicating children."""
        return HashNode(self.left.duplicate(), self.right.duplicate(), self.hash_function)
    
    def recalc(self):
        """Recalculate own hash from left and right children (used after updates)."""
        self.data = hash_data(self.left.data + self.right.data, self.hash_function)

    def __eq__(self, other):
        return isinstance(other, HashNode) and self.data == other.data and self.height == other.height

    def __repr__(self):
        return f"HashNode(height={self.height}, data={self.data[:10]}...)"

def build_merkle_tree(tx_list, hash_function="sha256"):
    """
    Build a Merkle tree from a list of transactions.
    Returns the root node of the tree and list of leaf nodes.
    """
    if not tx_list:
        raise ValueError("Transaction list is empty.")

    # Build the leaf nodes
    leaves = [HashLeaf(tx, hash_function) for tx in tx_list]

    current_level = leaves

    # Repeat combining pairs until a single root node remains
    while len(current_level) > 1:
        if len(current_level) % 2 == 1:  # duplicate last node if odd number
            current_level.append(current_level[-1].duplicate())

        next_level = []
        for i in range(0, len(current_level), 2):
            left = current_level[i]
            right = current_level[i + 1]
            next_level.append(HashNode(left, right, hash_function))
        current_level = next_level

    root_node = current_level[0]

    return root_node, leaves

def get_merkle_proof(root, target_tx):
    """
    Generate the Merkle proof for target_tx.
    Returns empty list if target_tx not found.
    """

    # Search and collect proof
    def _search(node, tx, proof):
        if isinstance(node, HashLeaf):
            return node.tx == tx
        # Check left subtree
        if _search(node.left, tx, proof):
            proof.append({'hash': node.right.data, 'position': 'right'})
            return True
        # Else check right subtree
        if _search(node.right, tx, proof):
            proof.append({'hash': node.left.data, 'position': 'left'})
            return True
        return False

    proof = []
    found = _search(root, target_tx, proof)
    if not found:
        return []  # not found
    return proof

def verify_proof(tx, proof, merkle_root, hash_function="sha256"):
    """
    Verify the proof for the transaction.
    Returns True if verified, False otherwise.
    """
    current_hash = hash_data(tx, hash_function)

    for p in proof:
        sibling_hash = p['hash']
        pos = p['position']
        if pos == 'left':
            current_hash = hash_data(sibling_hash + current_hash, hash_function)
        elif pos == 'right':
            current_hash = hash_data(current_hash + sibling_hash, hash_function)
        else:
            return False

    return current_hash == merkle_root

def update_transaction(leaves, root, index_to_update, new_tx):
    """
    Update the transaction at leaves[index_to_update] with new_tx.
    Recalculate affected hashes up to the root.
    Returns the new root hash.

    - leaves: list of leaf nodes
    - root: root node of the tree
    - index_to_update: integer index of transaction to update
    - new_tx: new transaction string
    """

    # Update leaf tx and hash
    new_leaves = [leaf.duplicate() for leaf in leaves]

    new_leaves[index_to_update].update_tx(new_tx)

    # Build level 0 (leaves)
    level = leaves.copy()

    # Store levels to track path
    tree_levels = [level]

    # Build subsequent levels
    level = new_leaves
    levels = [level]
    while len(level) > 1:
        if len(level) % 2 == 1:
            level.append(level[-1].duplicate())
        next_level = []
        for i in range(0, len(level), 2):
            left = level[i]
            right = level[i + 1]
            next_level.append(HashNode(left, right, root.hash_function))
        levels.append(next_level)
        level = next_level


    new_root = levels[-1][0]
    return new_root

# --- Main ---

def print_tree(node, level=0):
    """Print tree (for visualization), prefix order."""
    indent = "  " * level
    print(f"{indent}{node}")
    if isinstance(node, HashNode):
        print_tree(node.left, level + 1)
        print_tree(node.right, level + 1)

if __name__ == "__main__":
    # Example transactions
    transactions = [
        "tx1 data",
        "tx2 data",
        "tx3 data",
        "tx4 data",
        "tx5 data"
    ]

    # Build tree
    root, leaves = build_merkle_tree(transactions)
    print("Merkle Tree:")
    print_tree(root)
    print("\nRoot hash:", root.data)

    # Update transaction tx3
    index_to_change = 2  # zero-based index of tx3
    new_transaction = "tx3 data UPDATED"

    # Update tx and recalc root
    new_root = update_transaction(leaves, root, index_to_change, new_transaction)
    print("\nMerkle Tree after updating tx3:")
    print_tree(new_root)
    print("\nNew Merkle Root:", new_root.data)

    # Show that root changed
    print("\nRoot changed?", root.data != new_root.data)

    # Generate proof for a transaction
    tx_to_prove = "tx3 data"
    print_tree(root)
    proof = get_merkle_proof(root, tx_to_prove)
    print(f"\nProof for transaction '{tx_to_prove}':")
    for step in proof:
        print(f"  {step['position']} sibling hash: {step['hash'][:10]}...")

    print(proof)

    # Verify proof
    verified = verify_proof(tx_to_prove, proof, root.data)
    print(f"\nVerification result: {verified}")



Merkle Tree:
HashNode(height=4, data=c332a37d6d...)
  HashNode(height=3, data=220d7098bf...)
    HashNode(height=2, data=261630696c...)
      HashLeaf(height=1, data=8f421e5979...)
      HashLeaf(height=1, data=40b620e6ec...)
    HashNode(height=2, data=63e88c9762...)
      HashLeaf(height=1, data=02d9bb3605...)
      HashLeaf(height=1, data=5813cc1295...)
  HashNode(height=3, data=15f9f23f4c...)
    HashNode(height=2, data=8109a8c693...)
      HashLeaf(height=1, data=1d536d00f2...)
      HashLeaf(height=1, data=1d536d00f2...)
    HashNode(height=2, data=8109a8c693...)
      HashLeaf(height=1, data=1d536d00f2...)
      HashLeaf(height=1, data=1d536d00f2...)

Root hash: c332a37d6dc6b0a62dd2ab42a263d8a73892edf9f1adfd9cb0854033295fb453

Merkle Tree after updating tx3:
HashNode(height=4, data=0474cb324e...)
  HashNode(height=3, data=3b5f1cafe0...)
    HashNode(height=2, data=261630696c...)
      HashLeaf(height=1, data=8f421e5979...)
      HashLeaf(height=1, data=40b620e6ec...)
    HashNod

# Merkle Tree Implementation in Python: Explanation and Analysis

---

## Overview

This code implements a **Merkle Tree** data structure using various classes and functions:

- `HashLeaf`: represents leaf nodes holding the hash of individual transactions.
- `HashNode`: internal nodes holding hashes derived from their two children.
- Functions to build the tree from transactions, generate and verify Merkle proofs, and update transactions and update the tree.
- Uses a configurable cryptographic hash function (default SHA-256).

Merkle Trees are widely used in blockchains and distributed systems to efficiently verify data integrity.

---

## Code Explanation

### 1. `hash_data(data: str, hash_function: str = "sha256") -> str`

- Generic hashing helper.
- Takes a string and a hash name, applies the hash function using Python's `hashlib.new()`.
- Returns the hexadecimal hash string digest.
- Used throughout the tree construction and verification to produce consistent hashes.

---

### 2. `HashLeaf` Class

- Represents a **leaf node** in the Merkle tree.
- Holds:
  - `tx`: the original transaction string.
  - `data`: the hash of that transaction.
  - `height`: a node height (leaf height is 1).
  - `hash_function`: the name of the hash used.
- Methods:
  - `duplicate()`: returns a new leaf with identical data.
  - `update_tx()`: updates the transaction and recalculates the hash.
  - `__eq__` and `__repr__` for comparisons and debug printing.

---

### 3. `HashNode` Class

- Represents an **internal tree node**.
- Holds:
  - `left` and `right` children (either `HashLeaf` or `HashNode`).
  - `data`: hash of concatenation of left and right children's hash strings.
  - `height`: node height is left child's height + 1.
  - `hash_function`.
- Methods:
  - `duplicate()`: duplicates subtree recursively.
  - `recalc()`: recalculates hash based on current children (useful after updates).
  - `__eq__` and `__repr__` for equality and visualization.

---

### 4. Building the Merkle Tree: `build_merkle_tree(tx_list, hash_function="sha256")`

- Takes a list of transactions (strings).
- Creates a list of `HashLeaf` nodes for each transaction.
- Iteratively combines pairs of nodes into `HashNode`s, building upward levels until one root remains.
- Handles odd number of nodes by duplicating the last node (standard approach).
- Returns the **root node** and the list of leaf nodes.

---

### 5. Generating Merkle Proofs: `get_merkle_proof(root, target_tx)`

- Given a root and a target transaction string, produces the Merkle proof path to verify that transaction.
- Uses a recursive helper `_search`:
  - Searches the tree for the leaf node with the target.
  - Records sibling hashes at each level along the path.
- Returns a list of dicts with `'hash'` and `'position'` indicating sibling hash and side (left or right).
- If the transaction is not found, returns empty list.

---

### 6. Verifying Proofs: `verify_proof(tx, proof, merkle_root, hash_function="sha256")`

- Verifies a Merkle proof for a transaction string.
- Starts with the hash of the transaction.
- Iteratively combines with sibling hashes from `proof` according to their positions.
- Compares the final computed hash with the known Merkle root.
- Returns True if they match, else False.

---

### 7. Updating a Transaction: `update_transaction(leaves, root, index_to_update, new_tx)`

- Updates a transaction string at given leaf index and rebuilds the affected path up to the root.
- Duplicates the leaves list to avoid mutating the original.
- Updates the leaf's transaction and hash.
- Then builds all upper levels again using these modified leaves.
- Returns the new root node.
- This operation simulates how changes propagate through the Merkle tree, affecting the root hash.

---

### 8. Tree Printing: `print_tree(node, level=0)`

- Recursive utility to print the tree structure and node hashes for visualization.

---

## Walkthrough of the Example and Output

### Initial Setup

- Transactions: ["tx1 data", "tx2 data", "tx3 data", "tx4 data", "tx5 data"]
- Build initial Merkle tree and print it.
- Root hash: `c332a37d6d...` (truncated output shown).

### After Updating a Transaction

- Update transaction at index 2 (`"tx3 data"`) to `"tx3 data UPDATED"`.
- Call `update_transaction` to produce a new root.
- Print updated tree and new root:
    New root: 0474cb324e...
    Root changed? True

- This confirms the new root hash reflects the update: **the root hash changes whenever any leaf changes.**

### Generating & Verifying a Proof for `"tx3 data"`

- Generate proof based on original tree (before update).
- The proof contains hashes of siblings with positions:
[
{'hash': '5813cc1295...', 'position': 'right'},
{'hash': '261630696c...', 'position': 'left'},
{'hash': '15f9f23f4c...', 'position': 'right'}
]

- Verification using `verify_proof` returns `True`.

- This shows the Merkle proof correctly verifies inclusion of `"tx3 data"` in the original tree.


In [5]:
if __name__ == "__main__":
    leaf1 = HashLeaf("tx1", "", "sha256")
    leaf2 = HashLeaf("tx2", "", "sha256")

    node1 = HashNode(leaf1, leaf2, "sha256")
    node2 = node1.duplicate()

    print("Original node:", node1)
    print("Duplicated node:", node2)
    print("Nodes equal?", node1 == node2)

    # Modifying duplicated leaf's left data to test difference
    node2.left.left = "txX_modified"
    node2.left.data = node2.left.evaluate()
    node2.data = node2.evaluate()

    print("Modified duplicated node:", node2)
    print("Nodes equal after modification?", node1 == node2)


Original node: HashNode(height=2, data=f8f28ede...)
Duplicated node: HashNode(height=2, data=f8f28ede...)
Nodes equal? True
Modified duplicated node: HashNode(height=2, data=c0ac6725...)
Nodes equal after modification? False


# Digital Signature

In [16]:
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes, serialization

# --- Key generation for Alice and Bob ---
def generate_rsa_keypair(key_size=2048):
    private_key = rsa.generate_private_key(public_exponent=65537, key_size=key_size)
    return private_key, private_key.public_key()

# --- Digital signature functions ---
def sign_message(private_key, message: bytes) -> bytes:
    signature = private_key.sign(
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    return signature

def verify_signature(public_key, signature: bytes, message: bytes) -> bool:
    try:
        public_key.verify(
            signature,
            message,
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return True
    except Exception:
        return False

# --- Serialization helper ---
def serialize_key(key, private=False) -> str:
    if private:
        return key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption()
        ).decode()
    else:
        return key.public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo
        ).decode()


# --- Simulation ---
def alice_sends_file(file_content: bytes, alice_private_key):
    signature = sign_message(alice_private_key, file_content)
    return file_content, signature

def bob_receives_file(file_content: bytes, signature: bytes, public_key, label="[Bob]"):
    print(f"{label} File content (raw):", file_content)
    print(f"{label} Signature (hex):", signature.hex())
    if public_key is None:
        print(f"{label} No public key provided. Verification skipped.")
        return False
    valid = verify_signature(public_key, signature, file_content)
    if valid:
        print(f"{label} Signature is valid!")
    else:
        print(f"{label} Signature invalid!")
    print()
    return valid

if __name__ == "__main__":
    # Generate keys for Alice and Bob
    alice_private_key, alice_public_key = generate_rsa_keypair()
    bob_private_key, bob_public_key = generate_rsa_keypair()


    # Serialize keys for printout
    alice_private_pem = serialize_key(alice_private_key, private=True)
    alice_public_pem = serialize_key(alice_public_key, private=False)

    print("--- Alice's Keys ---")
    print("Private Key PEM:\n", alice_private_pem)
    print("Public Key PEM:\n", alice_public_pem)


    # Original file content
    original_file = b"This is Alice's very important document."

    print("\n--- Valid file and signature ---")
    file_sent, signature_sent = alice_sends_file(original_file, alice_private_key)
    bob_receives_file(file_sent, signature_sent, alice_public_key)

    print("\n--- Tampered file ---")
    tampered_file = b"This is Alice's VERY important document (tampered)."
    bob_receives_file(tampered_file, signature_sent, alice_public_key)

    print("\n--- Bob missing Alice's public key ---")
    bob_receives_file(file_sent, signature_sent, None)

    print("\n--- Non-Repudiation Test ---")
    print("Only Alice's private key can produce a valid signature.")
    forged_signature_by_bob = sign_message(bob_private_key, original_file)
    bob_receives_file(original_file, forged_signature_by_bob, alice_public_key, label="[Bob as Attacker]")

    print("\n--- Forge a signature without access to Alice's private key ---")
    print("Attacker tries to forge a signature without access to Alice's private key...")
    fake_signature = b'\x00' * len(signature_sent)  # simulate random garbage
    bob_receives_file(original_file, fake_signature, alice_public_key, label="[Attacker]")


--- Alice's Keys ---
Private Key PEM:
 -----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDAfJiFd26XEihc
F4QNOb43ZjuZbh+xttpbCcqnTm6uQiBNfHki44ParFilPd4aFGDy6/ESrkf7ZRcI
nA6ApM1fRjKfbsi1qo9AkBQJDaplYuNuRY6eJKF+ZcNua1R1cmMTnHDtLj+s6xgE
2r016gcJFUhS/4O8eYFVHEEOKyQnwI3o/Gd35mxVSCJN+J+2Ddsx1W9swwH99Am1
+prTyPhFAXSKA0BXy0zgtRL9gYpRmcXuK4k/ps9m4oS4WMxbhluyM3WxBZ5HHMun
yi2HE8+a/Xv/X3+gYEKJbghM1sSuOnHMyY37MEFns1sFlAdG6bWMuquhZ3dJ+J3m
vFvST0jJAgMBAAECggEAC9Gaq9dBexUqVT08ZnN9Mnmcfzc7yvWnQp+/SbaPJTP6
N8fEyFef6PVcHAlIceF+cmv6SWNaGB2E5IpweYWk9oyg3xk2SbFHSneOQ2ALbl48
CLFMqHknUVN+RHFipjN30eRxKp8EWeG1f9bOd1j/RZeA8VevBwuO3WL2u5/6gFY+
5PfRJ3BIcxpeRamuf0q4BL8mAfP4tx1UT8jNOi5lY8Ut3ZbTUAIifrP+sfkL2zR6
6KRZZZmuHpBmkX/UeTBv9zNnPuqC04TxcfDwwvtTwRISh07S8B3VeKag58MubNPZ
WPccmugA1OSVqDO0qkAEgeiX72HrVj4IPocIrG+uYQKBgQD8LfwX72BANu2Q4iJt
nQQ+Zx/hIl3+ZfTnOlg1/a/XvW3w1WwqAqxosSV4NE0OoCE+hzVr1jEq8m0lHnLN
dhCEmcnxu2s3oQBJV750IQApLOV8g1DWG7zNpR+qN0NL7XPS7dYtguC0lYvQgCm8
ib8kJC6JI86eeeyIhBl9f5u

the code was reference from this site and modified base on needs: https://dev.to/0x2633/the-flow-of-creating-digital-signature-and-verification-in-python-37ng

# RSA Digital Signature Demonstration in Python: Explanation and Analysis

---

## Overview

This code demonstrates how to:

- Generate RSA key pairs (private/public keys) for two parties (Alice and Bob).
- Create digital signatures using private keys.
- Verify digital signatures using corresponding public keys.
- Serialize keys in PEM format for readability.
- Simulate sending and receiving signed messages/files.
- Show common scenarios like tampering detection, missing public key verification, and forging attempts.
- Illustrate the *non-repudiation* property of digital signatures.

It uses the **`cryptography`** Python library with secure padding scheme **PSS** (Probabilistic Signature Scheme) and SHA-256 hashing.

---

## Code Components and Flow

### 1. RSA Key Generation: `generate_rsa_keypair(key_size=2048)`

- Generates a new RSA private key with a public exponent of 65537 (common choice) and specified key size (default 2048 bits).
- Returns:
  - `private_key`: instance capable of signing messages.
  - `public_key`: corresponding public key for verifying signatures.


---

### 2. Signing Messages: `sign_message(private_key, message: bytes) -> bytes`

- Signs the given byte message using the private RSA key.
- Uses **PSS padding** with MGF1 using SHA256 and the max salt length.
- The signature returned is raw bytes.

---

### 3. Verifying Signatures: `verify_signature(public_key, signature: bytes, message: bytes) -> bool`

- Verifies the provided signature corresponds to the message and was produced by the private key corresponding to the `public_key`.
- Returns `True` if signature is valid, else `False`.
- Handles failure gracefully by catching exceptions.

---

### 4. Key Serialization: `serialize_key(key, private=False) -> str`

- Converts RSA keys to PEM-encoded strings (human-readable base64).
- Supports both private and public key serialization.
- Useful for storage, transfer, or display.

---

### 5. Simulated Communication

- `alice_sends_file(file_content: bytes, alice_private_key)`:
  - Alice signs the file content and returns `(file_content, signature)` tuple.

- `bob_receives_file(file_content: bytes, signature: bytes, public_key, label="[Bob]")`:
  - Bob prints received content and signature.
  - Verifies signature using Alice's public key (if available).
  - Prints verification result.
  - Returns verification boolean.

---

## Example Run and Output

### Key Generation

- Alice and Bob each generate separate key pairs.
- Alice's private and public keys are printed in PEM format.

---

### Valid File and Signature

- Alice sends a file (`"This is Alice's very important document."`) signed with her private key.
- Bob verifies using Alice's public key.
- Signature verification succeeds.
- Output: [Bob] Signature is valid!

This shows normal digital signing and verification workflow.

---

### Tampered File

- The file content is altered slightly (`VERY important document (tampered)`).
- Original signature from Alice is reused.
- Bob fails to verify signature because content no longer matches signature.
- Output: [Bob] Signature invalid!


This demonstrates **integrity checking**—any content change invalidates signature verification.

---

### Bob Missing Alice's Public Key

- Bob receives original file and signature but is missing Alice's public key.
- The verification step is skipped because the public key is `None`.
- Output: [Bob] No public key provided. Verification skipped.

Shows that verifying a signature requires the signer's public key.

---

### Non-Repudiation Test (Forgery Attempt by Bob)

- Bob attempts to impersonate Alice by signing Alice's file with *his* private key.
- Bob sends this forged signature.
- Bob verifies it using Alice's public key (which should not match Bob's signature).
- Verification fails.
- Output: [Bob as Attacker] Signature invalid!

This exhibits **non-repudiation**: only Alice's private key can produce a valid signature verifiable by Alice's public key.

---

### Forge a Signature Without Private Key

- An attacker tries to forge a signature by producing garbage bytes of the same length.
- Verification correctly fails.
- Output: [Attacker] Signature invalid!

Confirms that randomly guessing or fabricating a valid signature is practically impossible.

---

## Key Concepts Demonstrated

| Concept                 | Explanation                                        | Code Element                  |
|-------------------------|----------------------------------------------------|-------------------------------|
| **Confidential Key Pair**| Private key signs; public key verifies.          | `generate_rsa_keypair`        |
| **Signature Generation** | Signing message with private key produces unique signature | `sign_message`                |
| **Signature Verification** | Verifies signature with public key and original message | `verify_signature`            |
| **Tampering Detection**  | Signature invalid if message modified             | Tampered file test            |
| **Non-Repudiation**     | Only private key holder can sign and deny later   | Bob's forgery rejected        |
| **Serialization**       | Convert keys to/from PEM format                    | `serialize_key`               |

---

## Why PSS and SHA256?

- **PSS Padding:** Provides probabilistic padding making the signature scheme secure against chosen-message attacks.
- **SHA256 Hashing:** Ensures a fixed-length, collision-resistant hash is used internally for signing.

---

## Security Notes

- Private keys **must remain secret**; leakage allows forging.
- Public keys must be **authentically obtained** to trust verification.
- RSA keys less than 2048 bits are vulnerable to attacks; 2048+ bits recommended.
- Never reuse nonce values in other signature schemes to maintain security (PSS manages padding safely here).

# Timestamped Blockchain

In [None]:
import time
import random

class Block:
    def __init__(self, block_id, data, prev_hash):
        self.block_id = block_id              
        self.timestamp = time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime())  
        self.data = data
        self.prev_hash = prev_hash
        self.nonce = random.randint(1000, 9999) 
        self.hash = self.calculate_hash()
    
    def calculate_hash(self):
        block_string = f"{self.block_id}{self.timestamp}{self.data}{self.prev_hash}{self.nonce}"
        return hashlib.sha256(block_string.encode()).hexdigest()

    def show(self):
        print(f"Block ID:       {self.block_id}")
        print(f"Timestamp:      {self.timestamp}")
        print(f"Data:           {self.data}")
        print(f"Nonce:          {self.nonce}")
        print(f"Prev Hash:      {self.prev_hash}")
        print(f"Own Hash:       {self.hash}")
        print("-"*70)

# --- Creating the blockchain with delays ---
blockchain = []
num_blocks = 5
prev_hash = "0"  

for i in range(num_blocks):
    dummy_data = f"Block-{i+1} test data"
    block = Block(block_id=i+1, data=dummy_data, prev_hash=prev_hash)
    blockchain.append(block)
    prev_hash = block.hash   
    block.show()
    time.sleep(random.uniform(0.5, 1.5))  


Block ID:       1
Timestamp:      2025-07-19 10:25:09
Data:           Block-1 test data
Nonce:          1372
Prev Hash:      0
Own Hash:       1a4e0c438c4b46897976ba3abeaa89060a4c86b14b6acccc3bd142794cfba7fc
----------------------------------------------------------------------
Block ID:       2
Timestamp:      2025-07-19 10:25:10
Data:           Block-2 test data
Nonce:          6548
Prev Hash:      1a4e0c438c4b46897976ba3abeaa89060a4c86b14b6acccc3bd142794cfba7fc
Own Hash:       f6f98b3be50d1611f591b11fdddada18b0a2e62fae7eb01c77a325a09f3f3e6c
----------------------------------------------------------------------
Block ID:       3
Timestamp:      2025-07-19 10:25:11
Data:           Block-3 test data
Nonce:          4167
Prev Hash:      f6f98b3be50d1611f591b11fdddada18b0a2e62fae7eb01c77a325a09f3f3e6c
Own Hash:       cda8e66f49e407b98056193498f9837a6302c16c1b5ae0d98fd07d4401ab1c94
----------------------------------------------------------------------
Block ID:       4
Timestamp:      202