In [1]:
from sage.all import *
import hashlib
import binascii
import string

# Padding 1024

In [2]:
def hex2int(hex_num):
    int_num = int(hex_num,16) # use int base 16 to get the hex in int
    return int_num

In [3]:
def int2hex(int_num):
    hex_res = hex(int_num)
    hex_res = hex_res[2:] # remove 0x
    if hex_res[-1] == 'L': # if the hex is really long remove L at the end
        hex_res = hex_res[:-1]
    hex_res = ("0" * (256 - len(hex_res))) + hex_res # pad with zeros
    return hex_res

In [4]:
def binary2hex(binary):
    hex_int = int(binary,2) # change binary to int
    hex_res = int2hex(hex_int) # change int to hex
    return hex_res

In [5]:
def hex2binary(Hex):
    binary =   "{0:8b}".format(int(Hex,16)) # get binary
    binary = ("0" * (1024 - len(binary))) + binary # pad with zeros
    return binary

In [6]:
prime_num =   "000000000000000000000000000000000000000000000000000000000000" \
            + "000000000000000000000000000000000000000000000000000000000000" \
            + "000000000000000000000000000000000000000000000000000000000000" \
            + "00000000000001b45fa868e31d1a6d780829268ecd350e6d9280746ae6bd57155ce99dc3732b"

In [7]:
generator  = "0000000000000000000000000000000000000000000000000000000000" \
                + "00000000000000000000000000000000000000000000000000000000" \
                + "00000000000000000000000000000000000000000000000000000000" \
                + "000000000000000000000000a3a3df27552ae9e90d030f6e758cf3e56916f02ba8168700a802d79b294b30"

In [8]:
prime_int,generator_int = hex2int(prime_num),hex2int(generator)

In [9]:
# compute the factor of the order of group Zp (order of p-1 and denote it as q)
# then take long factor and check that g^q modp = 1 mod p
# then this is the order of the group
factor(prime_int-1)

2 * 385502763231634118407816499780237158656437141097147737203794676128738818453

In [10]:
order = 385502763231634118407816499780237158656437141097147737203794676128738818453

In [11]:
power_mod(generator_int,order,prime_int)

1L

In [12]:
int2hex(order) # change the order from int to hex

'00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000da2fd434718e8d36bc04149347669a8736c9403a35735eab8aae74cee1b995'

# CA-Vernam Cipher

In [13]:
cipher_text = "03617c16f06dfcaac578749e25a4231ed5bf0d20834a6cd0ebc3fbe6115eb3119b1b" + \
              "aa6fc0b343b62313b2dad312623ee9b49aa750d9167f4dcdb7d6d141a9615b8cbc7c" + \
              "0263b04319c93e921d77e07a6d0aaa4a97466e74caa867fcb32dd93aebc0221047cc" + \
              "fea07abadd35433b53b8a8f2328d225242c2f0f9d7ffae799c5b38419238df5059f7" + \
              "b440225bde988529529aa55b1a05b499466425544fa40f571d96ca44db8364542279" + \
            "15902586b6cd8590dcb8f544aa59b1f8f53b72e20377bbf1498a4f"

In [14]:
def ca_vernam(k_start,m_start,cipher_msg):
    
    """
    a function to restore the encryption scheme described
    """
    
    ki,mi = k_start,m_start # strings storing the constructed message and key
    printable = list(string.printable) # list of printable characters
    t = gcd(len(cipher_msg),len(hashlib.sha256().digest()))
    
    
    for i in range(1,len(cipher_msg)):
        
        encrypt = ""
        
        encrypt +=str(ki)+str(mi) # concatenate k then m (both are ascii strings)
    
        encrypt_hash = hashlib.sha256(encrypt).digest()[t-1] # apply hasing and get t bytes in our case 1 byte
        
        curr_m = chr(ord(encrypt_hash) ^ ord(cipher_msg[i])) # xor cipher character and current key 
        
        if curr_m not in printable: # check if resulting message character is in printable
            break
        else:
            ki+= (chr(ord(encrypt_hash))) # store key result in ki
            mi+=curr_m # store result of message
        
    
    if len(mi) == len(cipher_msg):
        print(mi)

In [15]:
cipher_byte = binascii.unhexlify(cipher_text) # change the cipher into bytes
possible_message_char = string.printable
iterator = 0

for i in possible_message_char:
    
    # guess the first character of the encrypted message from the printable set of characters in integer
    m0_guess_hex = ord(i) 
    # convert the first character of the ciphered text into integer
    c0_int = ord(cipher_byte[0]) 
    k0_guess = chr(m0_guess_hex ^ c0_int) # xor both integers and convert to byte
    ca_vernam(k0_guess,i,cipher_byte)
    

This is the secret message that you suppose to recover. Since you are reading this text, you have very high probability to get 1 point from this question. Anyway, your secret word is prefabricates.


# Play fair cipher

In [16]:
K3=" ieyf" + "zkdrb" + "tcwup" + "sagxv" + "ohnml"
c3="gdz mofieddwiszsygszcnkaoi afohmsedemtanzs zubfgdeszcoyiwdukfuc hmet cnhpcyta enisftzmxdxhzoehwiz editghzsurzs zwdukfuszrfzsniykioghzegaetyixkyiaeafenzsnieziwurtc hoedificoscifmtitghytg i mzzsnieziwurtc hoea hyhvzys zsniftdyafmtozygydakg oz mtyihgfzohlyikxewhletmzzgfokcyikvacnh gisewesxhpciehec vhmfifmtiogkfsydfiohteublzvkfh cfis iogsyikvacnh gisewesxhpcisoz mxuyzghznoytnbrozrpszmhtecoyiublzvkfh cficoscfzhacin ozghzexgyxszxkyi mxuyzghznoytnbroz az ed"

In [17]:
def convert_into_matrix(key):
    
    """
    store the key in a matrix
    """
    
    matrix = [['' for x in range(5)] for y in range(5)] 
    for i in range(0,len(key),5):
        index = i
        for j in range(1,len(matrix)+1): 
            matrix[int(index/5)][j-1] = key[index + j -1]   
    return matrix
    

key_matrix = convert_into_matrix(K3)

In [18]:
def search_matrix(matrix,letter):
    
    """
    a method to find the column and row of the current character
    """
    
    row=col=-1
    for i in range(0,len(matrix)):
        for j in range(0,len(matrix)):
            if matrix[i][j] == letter:
                row = i
                col = j
                break
    return row,col
    

In [19]:
def decipher(matrix,cipher):
    
    deciphered_text = ""
    indices = [i for i in range(0,len(cipher),2)]
    # create a list having each pair of characters together
    coupled_letters = list(map(lambda x : (cipher[x],cipher[x+1]),indices)) 
    
    for chars in coupled_letters:
    
        row_first,col_first = search_matrix(matrix,chars[0]) # search for the first character in matrix
        row_second,col_second = search_matrix(matrix,chars[1]) # search for the second character in matrix
    
        if col_first == col_second: # check if the columns of each two
        
            # if the letter is in first row go to the last row in matrix
            # else move one row up
            # the decryption is inverse of the encryption which goes one row down
            
            if row_first == 0: 
                deciphered_text+= matrix[4][col_first]
            else:
                deciphered_text+=matrix[row_first-1][col_first] 
                
            if row_second == 0:
                deciphered_text+= matrix[4][col_second]
            else:
                deciphered_text+=matrix[row_second-1][col_second]
        
        elif row_first == row_second:
            
            # if the letter is in first row go to the last row in matrix
            # else move one column to the left
            # the decryption is inverse of the encryption which goes one column to the right
            
            if  col_first == 0:
                deciphered_text+= matrix[row_first][4]
            else:
                deciphered_text+=matrix[row_first][col_first-1]
                
            if  col_second == 0:
                deciphered_text+= matrix[row_second][4]
            else:
                deciphered_text+=matrix[row_second][col_second-1]
            
        else:
            
            # if they don't have equal rows or columns then we draw a box
            # the inverse is just going to the opposing edge in the box
            
            deciphered_text+= matrix[row_first][col_second]
            deciphered_text+= matrix[row_second][col_first] 
    
    print(deciphered_text)

In [20]:
decipher(key_matrix,c3)

we only need a text which is long enough to prevent the decryption without using a program since one can try to decrypt by their hand as we are giving the decryption key that you can use for the decryption similar to the previous exercises you have some random words like backhoes and gamut initially you had very low probability to have backhoes and gamut as your random words but now the probability that backhoes and gamut are your random words is one


# The password-based key exchange

In [21]:
k4 = "002036e08f8d97419348aff3f0063a17a176947ec5e918fbe5c71ae8a103adaef138248a0d17cae7dbdfaeac50c1f7371b95ff387b039bdf72ceefbe11afe842f02ec8b6a94caa660c186262af8c5f9c6db995364f6832009b88b04504b0fd46c257d8dbbcd743fc40cc3a7cc158a0c89a2d9de4914bf007b5b81c493aeef735"
p4 = "00406dc11f1b2e8326915fe7e00c742f42ed28fd8bd231f7cb8e35d142075b5de27049141a2f95cfb7bf5d58a183ee6e372bfe70f60737bee59ddf7c235fd085e05d916d529954cc1830c4c55f18bf38db732a6c9ed064013711608a0961fa8d84afb1b779ae87f8819874f982b14191345b3bc92297e00f6b70389275ddee6b"
g4 = "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004"

In [22]:
# change key from int to hex
k4_int = hex2int(k4)
p4_int = hex2int(p4)
g4_int = hex2int(g4)

In [23]:
F = factor(k4_int) # we know k is not prime thus we try to get it's factors

In [24]:
print(F)

5887327 * 15009527909646127735779833383753163657191072195018350153153683877283378077882093352712387307992839052567008356935167230896458753759144551601560441652124546747284304144348462496799573082639707155688103866509348050181652494139022369435775070088297754768164063034545762604975031632833141269783559112683


In [25]:
# first factor of k
r = 15009527909646127735779833383753163657191072195018350153153683877283378077882093352712387307992839052567008356935167230896458753759144551601560441652124546747284304144348462496799573082639707155688103866509348050181652494139022369435775070088297754768164063034545762604975031632833141269783559112683

In [26]:
# second factor of k
q = 5887327

In [27]:
# send a fake message which bypasses the tests on the user side, hence we chose g^r mod p
server_msg = power_mod(g4_int,r,p4_int)

In [28]:
# change message to hex
server_msg_hex = int2hex(server_msg)

In [29]:
server_msg_hex

'000cab2bd1d320cf3621a1dedc7bfc03a0589d3c1e4416c3b1597aa405d217522c0348e06aa9cc0576f3c8e9b5c9823b1890f702a88c7e7ba57f55a25aa2c454c117df770824ff6223ad999f5a755dd6fe79e77d9527ea2cd601ce3f481f6cefca9da4359dc7e4d2a48586e86d62527735ce1b641a0ea32e9fd8d9135e043d2e'

In [30]:
# the result taken from the oracle which we interacted with
result = "0032ed6333574604e6267a841648b93b3abb533fc1e7161a4b45e78fdf4ff98bd679d1f4ccdbfa724a8a87efbee643399052091a47697a20c19d7bc2ec69411e747c7d6fb4d33f8188b8a4670e96bcc2180f1057978d6cd1feafba0e25399a2fdb61d9f78649275d400492f8087032bd96fd5cd643ba60a46e5069cd7f2a36e600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030fa5d91f75ee35f8b51a8eb59d8bfeae5207b44cd5ff18b07044ad700a4f79c"

In [31]:
y_hex = result[0:256] # y is the first 256 characters
ack_hex = result[256:] # ack is the second 256 characters

In [32]:
x_ascii = binascii.unhexlify(server_msg_hex) # change the server message(X) into hex
y_ascii = binascii.unhexlify(y_hex) # change the received Y into hex

In [33]:
temp = power_mod(g4_int,r,p4_int) # compute g^r mod p

In [34]:
for possible_y in range(1,q): # since the message we sent is of order q we brute force all the values to guess y
    
    possible_key = power_mod(temp,possible_y,p4_int) # compute temp^y mod p
    possible_key_ascii = binascii.unhexlify(int2hex(possible_key)) # convert the guessed key into ascii
    ack_guess = x_ascii + y_ascii + possible_key_ascii # concatenate ascii values
    hashed_ack =  hashlib.sha256(ack_guess).hexdigest() # apply hashing
    hashed_ack_bin = hex2binary(hashed_ack) # change hashing into binaary
    zeros = "0" * 768
    padded_hash_ack = zeros + hashed_ack_bin
    ack_hex_guess = binary2hex(padded_hash_ack) # change the padded 0^768||ACK(Xbin||Ybin||Kbin) into hex

    if ack_hex_guess == ack_hex: # compare with received ack
        guessed_y = possible_y
        break
    else:
        if possible_y % 100000 == 0:
            print("Current iteration = {}".format(possible_y))

Current iteration = 100000
Current iteration = 200000
Current iteration = 300000
Current iteration = 400000
Current iteration = 500000
Current iteration = 600000
Current iteration = 700000
Current iteration = 800000
Current iteration = 900000
Current iteration = 1000000
Current iteration = 1100000
Current iteration = 1200000
Current iteration = 1300000
Current iteration = 1400000
Current iteration = 1500000
Current iteration = 1600000
Current iteration = 1700000
Current iteration = 1800000
Current iteration = 1900000
Current iteration = 2000000
Current iteration = 2100000


In [35]:
guessed_y = 2179318
Y_int = hex2int(y_hex)
possible_key = power_mod(temp,guessed_y,p4_int)

In [36]:
subpower = power_mod(Y_int,r,p4_int)
for possible_pwd in range(1,100000):
    
    inverse_pwd = inverse_mod(possible_pwd,q) # compute modulo inverse of possible pwd
    guess_key = power_mod(subpower,inverse_pwd,p4_int) # try to guess the key by computing Y^(r*pwd-1)
    if possible_key == guess_key: # if our guessed key is equal to the actual key
        print("Password found = {}".format(possible_pwd))
        break

Password found = 78654


In [37]:
pwd = 78654
int2hex(pwd)

'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001333e'

# Badly Used ELGamal Cryptosystem

In [38]:
# ssh2 parameters
p = (2**1024)-(2**960)-1+(2**64)*floor(((2**894)*pi)+129093)
q = Integer((p-1)/2)
g = 2

In [39]:
def load_ciphers():
    
    """
    a function that reads the ciphers and idx list and parses them
    """
    
    cipher_file = read_data('./Asst1/281141/281141-parameters.txt',str)
    ciphers_text = cipher_file[14].split('=')[1:][0]
    idx = cipher_file[15].split('=')[1][1:-1].split(',')
    idx  = [ int(x) for x in idx]
    cipher_list = ciphers_text.strip('[]').split(',')
    return cipher_list,idx

In [40]:
cipher_list,idx = load_ciphers() # load text results

In [41]:
belong_to_zq =[] # a list to check if the cipher belongs to Zq or not
for i in range(0,len(cipher_list),2): # iterate in two since elgamal ciphers consists of u,v pairs

    u = Integer( cipher_list[i].strip().replace('(',''))
    v = Integer(cipher_list[i+1].strip().replace(')',''))
    check_in_zq = power_mod(v,q,p) # check if message belongs to message space so in g with order q
    if check_in_zq == Integer(1): # if equal to one then it is otherwise not
        belong_to_zq.append(1)
    else:
        belong_to_zq.append(0)

In [42]:
# get results for ciphers belonging to idx
for ids in idx:
    print(belong_to_zq[ids])

0
0
1
0
1


In [43]:
# we know that the encoding 0 is equal to space , so we try to group the characters into
# substrings which represent a pattern of the corresponding to that word
word_pattern = [] 
temp_pattern = ""
itr = 0
for i in range(0,len(cipher_list),2):
    v = cipher_list[i+1].strip().replace(')','')
    if v != '0':
        temp_pattern+= str(belong_to_zq[itr])
    else:
        word_pattern.append(temp_pattern)
        temp_pattern = ""
    itr+=1
word_pattern.append(temp_pattern)

In [44]:
valid_letters = []
# in this function we check which letters belong to the message space
for i in range(1,27):
    
    eq = power_mod(i,q,p)
    if eq == Integer(1):
        valid_letters.append(chr(i+96))

In [45]:
word_dictionary = read_data('./Asst1/dictionary.txt',str) # load dictionary

In [46]:
for pattern in word_pattern: # iterate over patterns
    for word in word_dictionary: # iterate over dictionary
        if len(word) == len(pattern):
                
                pattern_in_binary = ""
                # change the word into a patter of belongs and doesnt belong to the message space
                for char in word:
                    if char in valid_letters:
                        pattern_in_binary+="1"
                    else:
                        pattern_in_binary+="0"
                
                if pattern_in_binary == pattern: # compare patterns if equal we found the encrypted message
                    print(word)

your
secret
message
is
emanated
