In [1]:
import random

In [2]:
# base generator
g = 17

# prime modulus - trust me this is prime
p = 158 * ( pow(2, 800) + 25 ) + 1

print(f"modulo p is {len(bin(p)[2:])} bit prime")

modulo p is 808 bit prime


# Generating private key

Alice and Bob should pick a large integers

In [3]:
# Alice's private key
a = random.getrandbits(1024)

# Bob's private key
b = random.getrandbits(1024)

# Public key calculations

Alice and Bob will calculate the base generator g to the power of his/her private keys as public keys

ga = g^a mod p

gb = g^b mod p

In [4]:
# Alice's public key
ga = pow(g, a, p)

# Bob's public key
gb = pow(g, b, p)

# Discrete Logarithm Problem (DLP)

finding a and b is hard from following statements

In [5]:
print(f"{g}^a mod ({p}) = {ga}")

17^a mod (1053546280395016975304616582933958731948871814925913489342608734258717883575185867300386287737705577937382925873762451990450430661350859682697410256268271147283034897563214300237166369174066615907176472549470083113107138189921280884003892629359) = 747785701628792619141494733099883997402440017550396596501902641177059363448034041847575629651375188448103810968283936147003482179597832436163668159153964920136015642485406169833729385976341334925745787000260401348113384797074295950768197191221


In [6]:
print(f"{g}^b mod ({p}) = {gb}")

17^b mod (1053546280395016975304616582933958731948871814925913489342608734258717883575185867300386287737705577937382925873762451990450430661350859682697410256268271147283034897563214300237166369174066615907176472549470083113107138189921280884003892629359) = 48487462340241998087532319913114401225660684051572743474017758865006301096857773499110330715617369711069732760660503203206044140254902442486407724893120314716448132129445409513103534061958956113842141015440614826865378419078326210550129301951


In [7]:
# attacking DLP requires to run the following block! Do not run it :)
if False:
    i = 0
    while True:
        i += 1
        if pow(g, i, p) == ga:
            print(f"a is {i}")
            break

# Key Exchange

If Alice calculates Bob's public key to the power of her private key

And Bob calculates Alice's public key to the power of his private key

They must have same value according to the power rule of exponent

Alice calculates: 

sa = gb^a = (g^b)^a

Bob calculates:

sb = ga^b = (g^a)^b

sa = sb = (g^a)^b = (g^b)^a

In [8]:
# Alice's shared key
sa = pow(gb, a, p)

In [9]:
# Bob's shared key
sb = pow(ga, b, p)

In [10]:
assert sa == sb

In [11]:
# Alice does not know Bob's private key and Bob does not know Alice's private key
# So they cannot calculate the following calculation directly
# But this must be equal to the shared key they calculated
g_to_a_times_b = pow(g, a*b, p)

In [12]:
assert g_to_a_times_b == sa
assert g_to_a_times_b == sb

In [13]:
g_to_a_times_b

608770443832067032292705258925633483227747446787390132830668338173924569195879616518416022109888921926554844392480408190744652240451198659885901444853629319672986324232434242234619478882073841347562874512069521372860381044943824563840007063188

# Man in the middle attack

Carol knows ga and gb whereas ga = g^a and gb = g^b. 

If she multiplies the public values, then she will have g^a * g^b = g^(a+b)

according to the product rule of exponents. This is not equal to the shared key g^(a*b)!

In [14]:
g_to_a_plus_b = ( ga * gb ) % p

In [15]:
g_to_a_plus_b

970953115769429172791475548124609116663733104396607452897472548579322711387887140172539818920432040505805953444931387865187384887618025043732784859187288979137296298644305208234996062823477865253691565238807686650189858908407417320676903303268

In [16]:
# this must be different than the shared key
assert g_to_a_plus_b != g_to_a_times_b

In [17]:
assert g_to_a_plus_b == pow(g, a+b, p)