## Public Key Cryptography

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. 

Alice and Bob (https://en.wikipedia.org/wiki/Alice_and_Bob) wish to communicate to each other. If public key cryptography is used, 
- Alice makes her public key public (!)
- Bob uses the public key to encrypt a message, and makes it public
- Alice uses her private key to decrypt the message

## Introduction to Modular Arithmetic

Modular arithmetic is fundamental to many cryptosystems. 

The basics:
- $a \equiv b \mod{m}$ means $b$ is the remainder when $a$ is divided by $m$. *Technically*, this is not mathematically accurate, but it will be sufficient for our usage.

In code `b = a % m`.

Operations modulo $m$ work as you would expect:
- $a + b \equiv (a \mod{m} + b \mod{m}) \mod{m}$
- $a - b \equiv (a \mod{m} - b \mod{m}) \mod{m}$
- $a \times b \equiv (a \mod{m} \times b \mod{m}) \mod{m}$

However, it is important to note 
- $a^b \equiv ((a \mod{m})^{b \mod{m}}) \mod{m}$ is **NOT** true.

For the first flag, compute `386835537790220127577936902499527543250851211202555995233338 * 50313503711156766604016662939583610038741952181171204555810 + 596808484299118329258465340092273674337121048021617761640165` mod `904721580253114663450019911682764736055857248609678362865691`, and run the code below.


In [None]:
result = (386835537790220127577936902499527543250851211202555995233338 * 50313503711156766604016662939583610038741952181171204555810 + 596808484299118329258465340092273674337121048021617761640165) % 904721580253114663450019911682764736055857248609678362865691  #add your result here
print(bytes.fromhex(hex(result)[2:]))
#deadbeef{m0d_1s_s0_cO0l!}

b'deadbeef{m0d_1s_s0_cO0l!}'


## Exponentiation

It turns out that exponentiation modulo a number $m$ produces very interesting results. Let $m=5$.
- $2^0 \equiv 1 \mod 5$
- $2^1 \equiv 2 \mod 5$
- $2^2 \equiv 4 \mod 5$
- $2^3 \equiv 3 \mod 5$
- $2^4 \equiv 1 \mod 5$
- $2^5 \equiv 2 \mod 5$
- $2^6 \equiv 4 \mod 5$
- $2^7 \equiv 3 \mod 5$

Notice that this sequence starts to repeat itself!

In particular, $2^x$ and $2^{x+4}$ are the same $\mod 5$, so the sequence repeats every $4$ terms.

Let us call this number ($4$), the period. It turns out that for a number $N=pq$ where $p,q$ are primes, the period is always $(p-1)(q-1)$.

In RSA, Alice provides a public key $(N,e)$, with $N=pq$. The key is that the prime factorisation of $N$ is unknown to everyone other than Alice.

If Bob's message is $m$ (an integer), he will encrypt it by computing $c=m^e \mod N$.

For the second flag, suppose you are Bob and you want to send message `m=41868352775628354742824974459715440283038119398063855198135`. The public key is `N=858172205630122221439397047161706501373758221857650379330999`, `e=65537`.

Put the result of your encryption in the next block of code, and run it to get the flag.


In [None]:
N = 858172205630122221439397047161706501373758221857650379330999
e = 65537
m = 41868352775628354742824974459715440283038119398063855198135
res = pow(m, e, N) #Enter your result here
print(bytes.fromhex(hex(res)[2:]))
# deadbeef{rSA_p4rT_0N3}

b'deadbeef{rSA_p4rT_0N3}'


## Decrypting RSA 
Suppose you are Alice, and you have obtained the encrypted message $c=m^e \mod N$. 

To decrypt, we find a value $d$ such that $ed \equiv 1 \mod (p-1)(q-1)$

Then, $c^d= m^{ed} \equiv m \mod N$ since the period is $(p-1)(q-1)$.

To compute this $d$, we can run `d=pow(e, -1, (p-1)*(q-1))`.

Bob has encrypted the last flag, using the same values of $N$ and $e$ provided above. Furthermore, you now know that `p = 915958709767114696439882175749` and `q = 936911452971843162639608282251`. You are given the encrypted message, `c = 174406255398503528821188596175716754755036768200544549094082`.

In [None]:
N = 858172205630122221439397047161706501373758221857650379330999
e = 65537
p = 915958709767114696439882175749
q = 936911452971843162639608282251
c = 774571685908445184649950285391008291752868215357341293858375
m = 69420 #enter your value of m here
d = pow(e, -1, (p - 1) * (q - 1))
m = pow(c, d, N)
print(bytes.fromhex(hex(m)[2:]))
#deadbeef{rS4_4aRT_d0S}

b'deadbeef{rS4_4aRT_d0S}'
