# Cryptography - How to exchange messages secrtly even if everyone is listening?

State of the art ciphers use keys to encrypt and decrypt messages. The key is a number which is agreed upon before the parties exchange their messages. Only knowledge of the chosen key allows to decrypt the encrypted messages. Therefore, it is crucial that the key is kept secret at all moments. This begs the question: **how can two parties agree on a secret key when they must fear that all their communication is intercepted?**

## 1. Diffie-Hellman key exchange

We assume that two parties, Alice and Bob, want to find a common key.

First, Alice and Bob choose two keys. This may happen publicly, since those keys are distinct from the key that is generated in the end.

In [8]:
public1 = 2 # base
public2 = 11 # modulus

Now, Alice and Bob, choose one private key each.

In [None]:
### Exercise 1 ###
# Define Alice's and Bob's private key to be any number between 0 and 10 of your choice.
alicePrivate = 
bobPrivate = 

Those keys are to be kept secret at all time: only Alice knows her key, and only Bob knows his key.
So, Alice and Bob encrpyt their respective keys, before they sent it to each other.

In [None]:
def encryptKey(privateKey, publicKey1, publicKey2):
    ### Exercise 2 ###
    # Define the function that encrypts the private key and returns it.


In [None]:
### Exercise 3 ###
# Apply the function encryptKey() to define Alice's and Bob's encrypted keys, and print the result.

Finally, the common key is defined to be:

In [None]:
commonKey = public1 ** (alicePrivate * bobPrivate) % public2
print(commonKey)

But Alice and Bob don't know each other's private key, only its encrypted version. However, this is enough to compute the common key.

In [None]:
def computeCommonKey(privateKey, encryptedKey, publicKey2):
    ### Exercise 5 ###
    # Define the function that computes the common key
    # using only the parameters declared in the header of this function.

In [None]:
### Exercise 6 ###
# Compute the common key using only the information that is available to Alice
# (that means not using bobPrivate).
# Repeat the same from Bob's perspective.
# Print the results and compare them. Do they end up with the same common keys?

## 2. Attacks on the Diffie-Hellman key exchange

Without knowledge of either Alice's or Bob's private key an attacker cannot compute the common key. However, an attacker could try to find Alice's (or Bob's) private key using brute force, that means by trying every possibity.

In [None]:
def decrpytKey(encryptedKey, publicKey1, publicKey2):
    ### Exercise 7 ###
    # Define a function that goes through all possible private keys systematically
    # to find the one that matches the encrypted key.

In [None]:
### Exercise 8 ###
# Apply the above function to find Alice's private key.
# How hard was it to find Alice's private key using only public information?

In our example, it took very little effort to find Alice's and Bob's private key using only public information. This is, because our public keys are small. In practice, ``public2`` should be at least 2048 bit long!

## 3. How to choose good public keys (mathematical digression)

Before we redefine ``public1`` and ``public2``, there is one more thing to consider. Imagine for a second we had chosen ``public1 = 1``. In this case, the common key generated would be
```
commonKey = public1 ** (alicePrivate * bobPrivate) % public2 = 1
```
no matter what Alice's and Bob's private key are, making it easy for an attacker to find the common key. In our example, ``public1`` and ``public2`` are chosen such that (depending on Alice's and Bob's private key) the common key can attain any value from ``1`` to ``public2 - 1``.

In [None]:
### Exercise 9 ###
# Output all values the common key can attain, and thereby support the above claim.

In [None]:
### Exercise 10 ###
# Go through Exercise 9 again, but this time with different choices for public1.
# Find at least one choice for public1 that cannot generate all numbers from 1 to public2 - 1.

Mathematicians say that ``public1`` is a primitive root modulo ``public2``, if the expression
```
public1 ** i % public2
```
attains all values from ``1`` to ``public2 - 1`` as ``i`` ranges through all integers. A fancy mathematical theorem guarantess that such primitive roots exist provided that ``public2`` is a prime number.
What we should take away from this mathematical digression are two things.

(1) ``public2`` should be chosen to be a large prime number, and

(2) ``public1`` should be chosen to be a primitive root modulo ``public2``.

## 4. Longer keys

In this section we will go over section 1 again, but with longer keys to ensure the security of the key exchange.
The main goal of this subsection is to find at which key length the brute force attack form exercise 7 because unfeasable.

In [None]:
### Exercise 11 ###
# Download the Library.py file from the github page: https://github.com/tillrampe/Cryptography
# Then import it to this Jupyter Notebook.
# Note that the Library.py must be in the same directory as your Notebook file.

In [None]:
### Exercise 12 ###
# Use the functions provided by Library.py to find a large prime number p and a primitve root modulo p.

In [None]:
# Exercise 13 ###
# Go over section 1 and 2 again and perform the Diffie-Hellman key exchange as well as the attack on it,
# but this time use the prime number and the primitive root you've found in exercise 12 as your public keys.
# (If you were unable to do exercise 12, you may use numbers from the below table instead.)

# prime p | primitive root modulo p
# -------------------------------------
# 34807   | 3
# 454711  | 3
# 126493  | 5
# 661889  | 3
# 6100189 | 2

In the previous exercise you might have run into problems, because Python has troubles dealing with numbers that large.
In the following exercise we want to resolve these issues. One of the commands that causes toubles is the following:
```
publicKey1 ** privateKey % publicKey2
```
When executing this command Python first calculates ``x = publicKey1 ** privateKey`` and then ``x % publicKey2``.
The problem lies in the fact that ``x`` easily grows beyond the available memory, even if, in the end, we are only interested in ``x % publicKey2``. The solution is to apply the ``%`` as we exponentiate.
To be even more efficient we can apply a method called **exponentiation by squaring**.


In [None]:
# Exercise 14 #
# Go over section 1 and 2 again. Use the function exponentiationBySquaring() from Lirary.py wherever possible. 

## 5. Key exchange between three and more parties

So far, we have only looked at scenarios where two parties (Alice and Bob) want to establish a common key.
With a slight adaptation of the Diffie-Hellman key exchange
it is possible to also establish a common key between more parties.

Let's assume Alice, Bob and Clara want to establish a common key.
Just like before we need two public keys, as well as a private key for each of the three parties.

In [10]:
public1 = 2
public2 = 11
alicePrivate = 7
bobPrivate = 3
claraPrivate = 10

The common key will be as follows:

In [11]:
commonKey = public1 ** (alicePrivate  * bobPrivate * claraPrivate) % public2

Alice, Bob and Clara each encrypt their private key using the above encryptKey() function
and share the encrypted version publicly with each other.

In [None]:
aliceEncrypted = encryptKey(alicePrivate, public1, public2)
bobEncrypted = encryptKey(bobPrivate, public1, public2)
claraEncrypted = encryptKey(claraPrivate, public1, public2)

In the two party key exchange, Alice and Bob were able to compute the common key
with just the information shared so far.
In the three party key exchange, one more intermediate step is necessary.
Alice has to combine ``bobEncrypted`` with her private key to define a variable ``aliceBobEncrypted``.
Then she shares ``aliceBobEncrypted`` publicly with everyone.
Simalrly, Bob defines a variable ``bobClaraEncrypted``, and Clara defines a variable ``claraAliceEncrypted``.

In [None]:
# Exercise 15 (hard) #
# Can you guess how the variable aliceBobEncrypted has to be defined?
# Define aliceBobEncrypted using only the information that is available to Alice.
# Do the same for bobClaraEncrypted and claraAliceEncrypted
# Hint: Use the colour analogy and exploit the mathematical laws of exponentiation.

aliceBobEncrypted = 
bobClaraEncrypted = 
claraAliceEncrypted = 

In [13]:
# Exercise 16 #
# Calculate the common key using only the information that is available to Alice.
# In fact, you only need the variables public1, public2, alicePrivate, and bobClaraEncrypted.
# Do the same thing for Bob and Clara. Do they all agree on the same common key as they should? 