## a-1 mod n

In [1]:
def extended_euclidean(a, n):
    # Initialize values
    r1, r2 = n, a
    t1, t2 = 1, 0  # t now holds the values previously held by s
    s1, s2 = 0, 1  # s now holds the values previously held by t

    # Print the initial header
    print(f"{'t':<5} | {'s':<7} | {'r':<7} | {'q':<7}")
    print(f"{t1:<5} | {s1:<7} | {r1:<7} |")
    print(f"{t2:<5} | {s2:<7} | {r2:<7} |")

    while r2 != 0:
        q = r1 // r2  # Quotient
        r = r1 - q * r2  # Remainder
        r1, r2 = r2, r
        t = t1 - q * t2
        t1, t2 = t2, t
        s = s1 - q * s2
        s1, s2 = s2, s

        if r2 ==0:
            t=""
            s=""
        # Print s, t, r, q in the required format
        print(f"{t:<5} | {s:<7} | {r:<7} | {q:<7}")

    # At the end of the loop, r1 is the gcd and s1 is the modular inverse if r1 == 1
    if r1 == 1:
        return s1 % n  # Ensure the inverse is positive
    else:
        return None  # Inverse doesn't exist if gcd(a, n) != 1

# Test case
a = 35
n = 113
inverse = extended_euclidean(a, n)

if inverse is not None:
    print(f"The modular inverse of {a} mod {n} is: {inverse}")
else:
    print(f"No modular inverse exists for {a} mod {n}")


t     | s       | r       | q      
1     | 0       | 113     |
0     | 1       | 35      |
1     | -3      | 8       | 3      
-4    | 13      | 3       | 4      
9     | -29     | 2       | 2      
-13   | 42      | 1       | 1      
      |         | 0       | 2      
The modular inverse of 35 mod 113 is: 42


## GCD

In [2]:
def gcd(a, b):
    print(f"a:{a},b:{b}")
    while b:
        a, b = b, a % b
        print(f"a:{a},b:{b}")
    return a

## a^b mod n

In [3]:
def square_and_multiply(a, b, n):
    z = 1
    a = a % n
    print(f"{'b':<2} |{'':<35}| {'z':<5}")
    print(f"{'':<2} |{'':<35}| {z:<5}")
    for i in range(b.bit_length() - 1, -1, -1):
        current_bit = (b >> i) & 1
        if current_bit == 0:
            sentence = f"{z}*{z} mod {n}"
            z = (z * z) % n

        else:
            sentence = f"{z}*{z}*{a} mod {n}"
            z = (z* z * a) % n

        print(f"{current_bit:<2} |{sentence:<35}| {z:<5}")
    return z


In [4]:
square_and_multiply(3, 98, 197)

b  |                                   | z    
   |                                   | 1    
1  |1*1*3 mod 197                      | 3    
1  |3*3*3 mod 197                      | 27   
0  |27*27 mod 197                      | 138  
0  |138*138 mod 197                    | 132  
0  |132*132 mod 197                    | 88   
1  |88*88*3 mod 197                    | 183  
0  |183*183 mod 197                    | 196  


196

## RSA

In [5]:
def RSA_Key(p,q,e):
    # Key
    print("KEY:")
    print(f"p = {p}")
    print(f"q = {q}")
    n = p*q
    print(f"n = {n}")
    phi_n = (p-1)*(q-1)
    print(f"phi(n) = {phi_n}")
    print(f"e = {e}")
    print(f"e phi independent ={bool(phi_n%e!=0)}")
    print("\nFind d:")
    d = extended_euclidean(e, phi_n)
    print(f"d = {d}")
    return d

def RSA_Enc(m,e,n):
    # Encryption
    print("\nEncryption:")
    print(f"m = {m}")
    print(f"gcd(m,n)={gcd(m,n)}")
    print("\nFind c:")
    c = square_and_multiply(m, e,n)
    print(f"c = {m}^{e} mod {n}= {c}")
    return c

def RSA_Dec(c,d,n):
    # Decryption
    print("\nDecryption:")
    print(f"c = {c}")
    print("Find m:")
    m = square_and_multiply(c, d,n)
    print(f"m = {c}^{d} mod {n}= {m}")
    return m

In [6]:
p = 317
q = 547
n = p*q
e = 17
d = RSA_Key(p,q,e)
print("")
m = 3175
c = RSA_Enc(m,e,n)
m = RSA_Dec(c,d,n)

print("")
c = 2313
m = RSA_Dec(c,d,n)
c = RSA_Enc(m,e,n)


KEY:
p = 317
q = 547
n = 173399
phi(n) = 172536
e = 17
e phi independent =True

Find d:
t     | s       | r       | q      
1     | 0       | 172536  |
0     | 1       | 17      |
1     | -10149  | 3       | 10149  
-5    | 50746   | 2       | 5      
6     | -60895  | 1       | 1      
      |         | 0       | 2      
d = 111641


Encryption:
m = 3175
a:3175,b:173399
a:173399,b:3175
a:3175,b:1949
a:1949,b:1226
a:1226,b:723
a:723,b:503
a:503,b:220
a:220,b:63
a:63,b:31
a:31,b:1
a:1,b:0
gcd(m,n)=1

Find c:
b  |                                   | z    
   |                                   | 1    
1  |1*1*3175 mod 173399                | 3175 
0  |3175*3175 mod 173399               | 23483
0  |23483*23483 mod 173399             | 42469
0  |42469*42469 mod 173399             | 92962
1  |92962*92962*3175 mod 173399        | 81306
c = 3175^17 mod 173399= 81306

Decryption:
c = 81306
Find m:
b  |                                   | z    
   |                                   | 1    
1  

## RSA Factorization

In [7]:
def findRS(e, d):
    tmp = e*d - 1
    s = 0
    while tmp%2==0:
        tmp //= 2
        s += 1
    return tmp, s

In [8]:
def RSA_Fact(w,e,d,n):
    print("Initial parameters:")
    print(f"w = {w}")
    print(f"e = {e}")
    print(f"d = {d}")
    print(f"n = {n}")
    print("=================================\n")

    if gcd(w,n)!=1:
        print(f"p = {w}")
        print(f"q = {n//w}")
        return w, n//w

    # Find r,s where ed-1 = w^{r2^s}
    print("Find r,s:")
    r,s = findRS(e,d)
    print(f"r = {r}")
    print(f"s = {s}\n")
    print("=================================\n")

    # find v
    print("Find v:")
    last_v = square_and_multiply(w, r, n)
    print(f"v0 = {last_v}")
    print("---------------------------------\n")
    for i in range(1, s+1,1):
        v = square_and_multiply(w, r*2**i, n)
        print(f"v{i} = {v}")
        print("---------------------------------\n")
        if(last_v!=1 and last_v!=n-1 and v==1):
            print("=================================\n")
            print("Find p,q:")
            print(f"v{i} = 1, v{i-1}!= 1")
            p = gcd(last_v-1, n)
            q = n//p
            print(f"p = {p}")
            print(f"q = {q}")
            return p,q
        last_v = v


In [9]:
270451*270451//421301 

173613

In [10]:
w = 2
e = 65537
d = 153473
n = 421301
p,q =RSA_Fact(w,e,d,n)

Initial parameters:
w = 2
e = 65537
d = 153473
n = 421301

a:2,b:421301
a:421301,b:2
a:2,b:1
a:1,b:0
Find r,s:
r = 78579375
s = 7


Find v:
b  |                                   | z    
   |                                   | 1    
1  |1*1*2 mod 421301                   | 2    
0  |2*2 mod 421301                     | 4    
0  |4*4 mod 421301                     | 16   
1  |16*16*2 mod 421301                 | 512  
0  |512*512 mod 421301                 | 262144
1  |262144*262144*2 mod 421301         | 34747
0  |34747*34747 mod 421301             | 326644
1  |326644*326644*2 mod 421301         | 278564
1  |278564*278564*2 mod 421301         | 312220
1  |312220*312220*2 mod 421301         | 142137
1  |142137*142137*2 mod 421301         | 138531
0  |138531*138531 mod 421301           | 156110
0  |156110*156110 mod 421301           | 175755
0  |175755*175755 mod 421301           | 30705
0  |30705*30705 mod 421301             | 346688
0  |346688*346688 mod 421301           | 28355
1  |2

##  ElGamal

In [11]:
def ElGamal_Key(p,g,x):
    # Initial variable
    print(f"Initial variable")
    print(f"p = {p}")
    print(f"g = {g}")
    print(f"x = {x}")

    # Find y
    print(f"\nFind y:")
    y = square_and_multiply(g, x, p)
    print(f"y = {y}")
    return y

def ElGamal_Enc(m,g,k,p,y):
    # Initial variable
    print(f"\nEncryption\nInitial variable")
    print(f"m = {m}")
    print(f"g = {g}")
    print(f"k = {k}")
    print(f"p = {p}")
    print(f"y = {y}")

    # Find a,b
    print(f"\nFind a,b:")
    a = square_and_multiply(g, k, p)
    print(f"a = {a}\n")
    b = (m*square_and_multiply(y, k, p))%p
    print(f"b = {b}\n")
    print(f"(a,b) = ({a},{b})")
    return a,b

def ElGamal_Dec(a,b,x,p):
    print(f"\nDecryption\nInitial variable")
    print(f"a = {a}")
    print(f"b = {b}")
    print(f"x = {x}")
    print(f"p = {p}")

    # Find m
    print(f"\nFind m:")
    ax = square_and_multiply(a, x, p)
    print(f"{a}^{x} mod {p} = {ax}\n")
    m = (b*extended_euclidean(ax, p))%p
    print(f"m = {m}")
    return m





In [12]:
import math
p = 113
g = 17
x = 25
y = ElGamal_Key(p,g,x)

m = 23
k = 22
a,b =ElGamal_Enc(m,g,k,p,y)
m = ElGamal_Dec(a,b,x,p)



Initial variable
p = 113
g = 17
x = 25

Find y:
b  |                                   | z    
   |                                   | 1    
1  |1*1*17 mod 113                     | 17   
1  |17*17*17 mod 113                   | 54   
0  |54*54 mod 113                      | 91   
0  |91*91 mod 113                      | 32   
1  |32*32*17 mod 113                   | 6    
y = 6

Encryption
Initial variable
m = 23
g = 17
k = 22
p = 113
y = 6

Find a,b:
b  |                                   | z    
   |                                   | 1    
1  |1*1*17 mod 113                     | 17   
0  |17*17 mod 113                      | 63   
1  |63*63*17 mod 113                   | 12   
1  |12*12*17 mod 113                   | 75   
0  |75*75 mod 113                      | 88   
a = 88

b  |                                   | z    
   |                                   | 1    
1  |1*1*6 mod 113                      | 6    
0  |6*6 mod 113                        | 36   
1  |36*36*6 mod 1

## Shank DL algo

In [13]:
def Shank(p,g,y):
    # Initial parameter
    print("Initial value:")
    print(f"p = {p}")
    print(f"g = {g}")
    print(f"y = {y}")

    # Find m
    m = int((p-1)**0.5 +1)
    print(f"m = {m}")

    # Calculate L1, L2:
    print("Calculate L1,L2:")
    L1=[]
    L2=[]
    for i in range (0,m):
        print(f"\ni = j = {i}")
        Zj = square_and_multiply(g, i*m, p)
        L1.append(Zj)
        Zi = square_and_multiply(g, i, p)
        Zi = (y*extended_euclidean(Zi, p))%p
        L2.append(Zi)
    print(f"L1:{L1}")
    print(f"L2:{L2}")
    print("=========================================")
    print("\nFind Z:")
    for j,z in enumerate(L1):
        if z in L2:
            i = L2.index(z)
            print(f"(z, j, i) = ({z}, {j}, {i})")
            x = (m*j+i)%(p-1)
            print(x)
            return x

In [14]:

extended_euclidean(7**25, 113)

t     | s       | r       | q      
1     | 0       | 113     |
0     | 1       | 1341068619663964900807 |
1     | 0       | 113     | 0      
-11867863890831547794 | 1       | 85      | 11867863890831547794
11867863890831547795 | -1      | 28      | 1      
-47471455563326191179 | 4       | 1       | 3      
      |         | 0       | 28     


4

In [15]:
4*35 %113

27

In [16]:
a = 7
b = 35
m = ElGamal_Dec(a,b,x,p)
k = Shank(p,g,a)
a,b =ElGamal_Enc(m,g,k,p,y)


Decryption
Initial variable
a = 7
b = 35
x = 25
p = 113

Find m:
b  |                                   | z    
   |                                   | 1    
1  |1*1*7 mod 113                      | 7    
1  |7*7*7 mod 113                      | 4    
0  |4*4 mod 113                        | 16   
0  |16*16 mod 113                      | 30   
1  |30*30*7 mod 113                    | 85   
7^25 mod 113 = 85

t     | s       | r       | q      
1     | 0       | 113     |
0     | 1       | 85      |
1     | -1      | 28      | 1      
-3    | 4       | 1       | 3      
      |         | 0       | 28     
m = 27
Initial value:
p = 113
g = 17
y = 7
m = 11
Calculate L1,L2:

i = j = 0
b  |                                   | z    
   |                                   | 1    
b  |                                   | z    
   |                                   | 1    
t     | s       | r       | q      
1     | 0       | 113     |
0     | 1       | 1       |
      |         | 0       | 

## RSA signature

In [17]:
def findFact(n):
    print("Find p,g:")
    for i in range(2,int(n**0.5+1)):
        if n%i==0:
            print(f"p = {i}")
            print(f"q = {n//i}\n")
            return i, n//i

    print("n is prime")
    return 1,n

In [18]:
def RSA_Sign_Key(p,q,e):
    # Key
    print("Initial:")
    print(f"p = {p}")
    print(f"q = {q}")
    n = p*q
    print(f"n = {n}")
    phi_n = (p-1)*(q-1)
    print(f"phi(n) = {phi_n}")
    print(f"e = {e}")
    print(f"e phi independent ={bool(phi_n%e!=0)}")
    print("\nFind d:")
    d = extended_euclidean(e, phi_n)
    print(f"d = {d}\n")
    return d

def RSA_Sign_Key_Inv(p,q,d):
    # Key
    print("KEY:")
    print(f"p = {p}")
    print(f"q = {q}")
    n = p*q
    print(f"n = {n}")
    phi_n = (p-1)*(q-1)
    print(f"phi(n) = {phi_n}")
    print(f"d = {d}")
    print(f"d phi independent ={bool(phi_n%d!=0)}")
    print("\nFind e:")
    e = extended_euclidean(d, phi_n)
    print(f"e = {e}\n")
    return e

def RSA_Sign(hm,d,n):
    # Encryption
    print("\nSigning:")
    print(f"h(m) = {hm}")
    print("\nFind σ:")
    sigma = square_and_multiply(hm,d,n)
    print(f"σ = {hm}^{d} mod {n}= {sigma}\n")
    return sigma

def RSA_Very(sigma,e,n,hm):
    # Decryption
    print("\nVerifying:")
    print(f"σ = {sigma}")
    print("Find h(m)':")
    hm_ = square_and_multiply(sigma,e,n)
    print(f"h(m)' = {sigma}^{e} mod {n}= {hm_}")
    if(hm==hm_):
      print("True")
    else:
      print("False")

In [19]:
hm = 23
d = 247
n = 323
sigma = RSA_Sign(hm,d,n)

p, q = findFact(n)
e = RSA_Sign_Key_Inv(p,q,d)
RSA_Very(sigma,e,n,hm)


Signing:
h(m) = 23

Find σ:
b  |                                   | z    
   |                                   | 1    
1  |1*1*23 mod 323                     | 23   
1  |23*23*23 mod 323                   | 216  
1  |216*216*23 mod 323                 | 82   
1  |82*82*23 mod 323                   | 258  
0  |258*258 mod 323                    | 26   
1  |26*26*23 mod 323                   | 44   
1  |44*44*23 mod 323                   | 277  
1  |277*277*23 mod 323                 | 218  
σ = 23^247 mod 323= 218

Find p,g:
p = 17
q = 19

KEY:
p = 17
q = 19
n = 323
phi(n) = 288
d = 247
d phi independent =True

Find e:
t     | s       | r       | q      
1     | 0       | 288     |
0     | 1       | 247     |
1     | -1      | 41      | 1      
-6    | 7       | 1       | 6      
      |         | 0       | 41     
e = 7


Verifying:
σ = 218
Find h(m)':
b  |                                   | z    
   |                                   | 1    
1  |1*1*218 mod 323                  

## ElGamal Signature

In [20]:
def ElGamal_Sign_Key(p,g,x):
    # Initial variable
    print(f"Initial variable")
    print(f"p = {p}")
    print(f"g = {g}")
    print(f"x = {x}")

    # Find y
    print(f"\nFind y:")
    y = square_and_multiply(g, x, p)
    print(f"y = {y}")
    return y

def ElGamal_Sign(hm,g,k,p,y,x):
    # Initial variable
    print(f"\nSign\nInitial variable")
    print(f"h(m) = {hm}")
    print(f"g = {g}")
    print(f"k = {k}")
    print(f"p = {p}")
    print(f"y = {y}")
    print(f"x = {x}")

    # Find r,s
    print(f"\nFind r,s:")
    r = square_and_multiply(g, k, p)
    print(f"r = {r}\n")
    s = extended_euclidean(k, p-1)
    print(f"k-1 mod p = {k}-1 mod{p-1} = {s}")
    s = ((hm-r*x)*s)%(p-1)
    print(f"s = {s}\n")
    print(f"(r,s) = ({r},{s})")
    return r,s

def ElGamal_Very(r,s,hm,g,y,p):
    print(f"\nVerify\nInitial variable")
    print(f"r = {r}")
    print(f"s = {s}")
    print(f"g = {g}")
    print(f"p = {p}")
    print(f"y = {y}")
    print(f"x = {x}")

    # Verify
    print(f"\nFind yrrs:")
    yr = square_and_multiply(y, r, p)
    rs = square_and_multiply(r, s, p)
    yrrs = (yr*rs)%p
    print(f"yrrs mod p = {y}^{r}*{r}^{s} mod {p} = {yrrs}")
    print(f"\nFind g^h(m):")
    print(f"h(m) = {hm}")
    g_hm = square_and_multiply(g, hm, p)
    print(f"gh(m) mod p = {g}^{hm} mod {p} = {g_hm}\n")
    if(yrrs == g_hm):
      print("True")
    else:
      print("False")





In [21]:
p = 103
g = 11
x = 37
y = ElGamal_Sign_Key(p,g,x)

hm = 23
k = 7
r,s = ElGamal_Sign(hm,g,k,p,y,x)

ElGamal_Very(r,s,hm,g,y,p)

Initial variable
p = 103
g = 11
x = 37

Find y:
b  |                                   | z    
   |                                   | 1    
1  |1*1*11 mod 103                     | 11   
0  |11*11 mod 103                      | 18   
0  |18*18 mod 103                      | 15   
1  |15*15*11 mod 103                   | 3    
0  |3*3 mod 103                        | 9    
1  |9*9*11 mod 103                     | 67   
y = 67

Sign
Initial variable
h(m) = 23
g = 11
k = 7
p = 103
y = 67
x = 37

Find r,s:
b  |                                   | z    
   |                                   | 1    
1  |1*1*11 mod 103                     | 11   
1  |11*11*11 mod 103                   | 95   
1  |95*95*11 mod 103                   | 86   
r = 86

t     | s       | r       | q      
1     | 0       | 102     |
0     | 1       | 7       |
1     | -14     | 4       | 14     
-1    | 15      | 3       | 1      
2     | -29     | 1       | 1      
      |         | 0       | 3      
k-1 mod p =

## DSA Signature

In [22]:
def DSA_Sign_Key(p,q,g,x):
    # Initial variable
    print(f"Initial variable")
    print(f"p = {p}")
    print(f"q = {q}")
    print(f"g = {g}")
    print(f"x = {x}")

    # Find y
    print(f"\nFind y:")
    y = square_and_multiply(g, x, p)
    print(f"y = {y}")
    return y

def DSA_Sign(hm,g,k,p,q,y,x):
    # Initial variable
    print(f"\nSign\nInitial variable")
    print(f"h(m) = {hm}")
    print(f"g = {g}")
    print(f"k = {k}")
    print(f"p = {p}")
    print(f"q = {q}")
    print(f"y = {y}")
    print(f"x = {x}")

    # Find r,s
    print(f"\nFind r,s:")
    r = square_and_multiply(g, k, p)%q
    print(f"r = {r}\n")
    s = extended_euclidean(k, q)
    print(f"k-1 mod q = {k}-1 mod{q} = {s}")
    s = ((hm+r*x)*s)%q
    print(f"s = {s}\n")
    print(f"(r,s) = ({r},{s})")
    return r,s

def DSA_Very(hm,r,s,p,q,g,y):
    print(f"\nVerify\nInitial variable")
    print(f"r = {r}")
    print(f"s = {s}")
    print(f"g = {g}")
    print(f"p = {p}")
    print(f"q = {q}")
    print(f"y = {y}")

    # Verify
    print(f"\nFind w:")
    w = extended_euclidean(s,q)
    print(f"w = {s}-1 mod {q} = {w}")
    print(f"\nFind u1,u2:")
    u1 = (hm*w)%q
    u2 = (r*w)%q
    print(f"(u1,u2) = ({u1},{u2})")
    gu1 = square_and_multiply(g, u1, p)
    yu2 = square_and_multiply(y, u2, p)
    v = (gu1*yu2)%p%q
    print(f"v = gu1yu2 mod p mod q = {gu1}*{yu2} mod {p} mod {q} = {v}")
    if(v==r):
      print("True")
    else:
      print("False")





In [23]:
p = 103
q = 17
k = 3
g = 72
x = 7
y = DSA_Sign_Key(p,q,g,x)

hm = 23
r,s = DSA_Sign(hm,g,k,p,q,y,x)

DSA_Very(hm,r,s,p,q,g,y)

Initial variable
p = 103
q = 17
g = 72
x = 7

Find y:
b  |                                   | z    
   |                                   | 1    
1  |1*1*72 mod 103                     | 72   
1  |72*72*72 mod 103                   | 79   
1  |79*79*72 mod 103                   | 66   
y = 66

Sign
Initial variable
h(m) = 23
g = 72
k = 3
p = 103
q = 17
y = 66
x = 7

Find r,s:
b  |                                   | z    
   |                                   | 1    
1  |1*1*72 mod 103                     | 72   
1  |72*72*72 mod 103                   | 79   
r = 11

t     | s       | r       | q      
1     | 0       | 17      |
0     | 1       | 3       |
1     | -5      | 2       | 5      
-1    | 6       | 1       | 1      
      |         | 0       | 2      
k-1 mod q = 3-1 mod17 = 6
s = 5

(r,s) = (11,5)

Verify
Initial variable
r = 11
s = 5
g = 72
p = 103
q = 17
y = 66

Find w:
t     | s       | r       | q      
1     | 0       | 17      |
0     | 1       | 5       |
1     |

## NTRU

In [24]:
from sympy import symbols, Poly, GF
from sympy.polys.polytools import invert
def GF_inv(F,N,p):
    print(p)
    x = symbols('x')
    f = Poly.from_list(F.tolist(), x)
    modulus = Poly(x**N -1, x)
    fp = invert(f, modulus, domain=GF(p))
    fp_coe = np.array(fp.all_coeffs(), dtype=int)%p
    return  fp_coe

In [25]:
def GF_add(F,G,N,p):
    lenF = len(F)
    lenG = len(G)
    H = np.zeros(N)
    for i in range(N):
        if(i<lenF):
            H[i]+=F[i]
        if(i<lenG):
            H[i]+=G[i]
    H = H%p
    H = H.astype(int)
    return H

In [26]:
def GF_mult(F,G,N,p):
    lenF = len(F)
    lenG = len(G)
    H = np.zeros(N)
    for i in range(lenF):
        for j in range(lenG):
            H[(i+j)%N]+=F[i]*G[j]
    H = H%p
    H = H.astype(int)
    return H

In [27]:
def NTRU_Key(N,p,q,f,g,fp,fq):
    f_asc = f
    f_dec = f_asc[::-1]
    fp_asc = fp
    fp_dec = fp_asc[::-1]
    fq_asc = fq
    fq_dec = fq_asc[::-1]
    g_asc= g
    g_dec= g_asc[::-1]
    h_asc = GF_mult(g_asc,fq_asc,N,q)
    h_dec= h_asc[::-1]
    
    print("\nKey Generation:")
    print("f :", f_dec)
    print("fp:", fp_dec)
    print("fq:", fq_dec)
    print("fp*f mod p = ",GF_mult(f_asc,fp_asc,N,p))
    print("fq*f mod q = ",GF_mult(f_asc,fq_asc,N,q))
    print("g :", g_dec)
    print("h :", h_dec)
    return f_dec, f_asc, fp_dec, fp_asc, fq_dec, fq_asc, g_dec,g_asc,h_dec,h_asc

In [28]:
def NTRU_Enc(m,r,p,h_asc,N,q):
    print("\nEncryption:")
    m_dec = m    
    m_asc= m_dec[::-1]
    r_dec = r
    r_asc= r_dec[::-1]
    print("m :", m_dec)
    print("r :", r_dec)
    
    c1_asc = GF_mult(r_asc,h_asc,N,q)
    c1_dec = c1_asc[::-1]
    print("c1 :", c1_dec)
    c2_asc = p*c1_asc
    c2_dec = c2_asc[::-1]
    print("c2 :", c2_dec)
    c_asc = GF_add(c2_asc,m_asc,N,q)%q
    c_dec = c_asc[::-1]
    print("c :", c_dec)
    return m_asc,m_dec,r_asc,r_dec,c_asc,c_dec

In [29]:
def center(a_asc,q):
    for i in range(len(a_asc)):
        if(a_asc[i]>q*0.5):
            a_asc[i] = a_asc[i]-q
    return a_asc

In [30]:
def regular(m,p):
    for i in range(len(m)):
        if(m[i]==p-1):
            m[i] = -1
    return m

In [31]:
def NTRU_Dec(f_asc,c_asc,N,q):
    print('\nDecryption:')
    a_asc = GF_mult(f_asc,c_asc,N,q)
    a_dec = a_asc[::-1]
    print(f"a = {a_dec}")
    
    aa_asc = center(a_asc,q)
    aa_dec = aa_asc[::-1]
    print(f"a' = {aa_dec}")
    
    m_asc = GF_mult(fp_asc,aa_asc,N,p)
    m_dec = m_asc[::-1]
    print(f"m' = {m_dec}")
    print(f"m'(reg) = {regular(m_dec,p)}")
    return a_asc,a_dec,aa_asc,aa_dec,m_asc,m_dec

In [32]:
import numpy as np
# public parameters
N = 11
p = 3
q = 61
print("Public Parameters")
print(f"N = {N}")
print(f"p = {p}")
print(f"q = {q}")

# key generate
f = np.array([1, 1, 1, 0, 1, 0, -1, 0, -1, 0, -1])
g = np.array([1, 0, 1, 0, 1, 0, -1, 0, -1, -1, 0])
#https://asecuritysite.com/lattice/ntru_key
fp = np.array([0, 1, 2, 2, 2, 1, 0, 1, 0, 1, 0])
fq = np.array([31, 32, 60, 24, 21, 47, 53, 40, 26, 49, 45])
f_dec, f_asc, fp_dec, fp_asc, fq_dec, fq_asc, g_dec,g_asc,h_dec,h_asc = NTRU_Key(N,p,q,f,g,fp,fq)

# Encryption
m = np.array([0,0,0,1,0,0,-1,1,0,1,1])
r = np.array([0,-1,0,1,0,0,1,-1,0,0,1])
m_asc,m_dec,r_asc,r_dec,c_asc,c_dec = NTRU_Enc(m,r,p,h_asc,N,q)

# Decryption
a_asc,a_dec,aa_asc,aa_dec,m_asc,m_dec = NTRU_Dec(f_asc,c_asc,N,q)

Public Parameters
N = 11
p = 3
q = 61

Key Generation:
f : [-1  0 -1  0 -1  0  1  0  1  1  1]
fp: [0 1 0 1 0 1 2 2 2 1 0]
fq: [45 49 26 40 53 47 21 24 60 32 31]
fp*f mod p =  [1 0 0 0 0 0 0 0 0 0 0]
fq*f mod q =  [1 0 0 0 0 0 0 0 0 0 0]
g : [ 0 -1 -1  0 -1  0  1  0  1  0  1]
h : [11 49 25 46 28 53 31 36 32  5 50]

Encryption:
m : [ 0  0  0  1  0  0 -1  1  0  1  1]
r : [ 0 -1  0  1  0  0  1 -1  0  0  1]
c1 : [24 56 58 52 10 29 12 51  6 59  9]
c2 : [ 72 168 174 156  30  87  36 153  18 177  27]
c : [11 46 52 35 30 26 35 32 18 56 28]

Decryption:
a = [58 60 60  4  0 56  6  0 55  3  6]
a' = [-3 -1 -1  4  0 -5  6  0 -6  3  6]
m' = [0 0 0 1 0 0 2 1 0 1 1]
m'(reg) = [ 0  0  0  1  0  0 -1  1  0  1  1]


In [33]:
import numpy as np
# public parameters
N = 11
p = 3
q = 32
print("Public Parameters")
print(f"N = {N}")
print(f"p = {p}")
print(f"q = {q}")

# key generate
f = np.array([-1, 1, 1, 0, -1, 0, 1, 0, 0, 1, -1])
g = np.array([-1, 1, 1, 1, 0, 0, 0, 0, -1, 0, -1])
#https://asecuritysite.com/lattice/ntru_key
fp = np.array([1, 2, 0, 2, 2, 1, 0, 2, 1, 2, 0])
fq = np.array([5, 9, 6, 16, 4, 15, 16, 22, 20, 18, 30])
f_dec, f_asc, fp_dec, fp_asc, fq_dec, fq_asc, g_dec,g_asc,h_dec,h_asc = NTRU_Key(N,p,q,f,g,fp,fq)

# Encryption
m = np.array([0,0,0,0,1,1,0,1,0,0,1])
r = np.array([0,0,0,1,0,0,0,0,1,1,1])
m_asc,m_dec,r_asc,r_dec,c_asc,c_dec = NTRU_Enc(m,r,p,h_asc,N,q)

# Decryption
a_asc,a_dec,aa_asc,aa_dec,m_asc,m_dec = NTRU_Dec(f_asc,c_asc,N,q)

Public Parameters
N = 11
p = 3
q = 32

Key Generation:
f : [-1  1  0  0  1  0 -1  0  1  1 -1]
fp: [0 2 1 2 0 1 2 2 0 2 1]
fq: [30 18 20 22 16 15  4 16  6  9  5]
fp*f mod p =  [1 0 0 0 0 0 0 0 0 0 0]
fq*f mod q =  [1 0 0 0 0 0 0 0 0 0 0]
g : [-1  0 -1  0  0  0  0  1  1  1 -1]
h : [19  1 10 27 11  7 22 16  7  2  6]

Encryption:
m : [0 0 0 0 1 1 0 1 0 0 1]
r : [0 0 0 1 0 0 0 0 1 1 1]
c1 : [14 13 18 19 27 14 23 20 26  2 16]
c2 : [42 39 54 57 81 42 69 60 78  6 48]
c : [10  7 22 25 18 11  5 29 14  6 17]

Decryption:
a = [27  1  1 30 30  2  3  9  3  0 26]
a' = [-5  1  1 -2 -2  2  3  9  3  0 -6]
m' = [0 0 0 0 1 1 0 1 0 0 1]
m'(reg) = [0 0 0 0 1 1 0 1 0 0 1]


## McEliece

In [74]:
# Hamming Code
import numpy as np

G = np.array([
    [1, 0, 0, 0, 1, 1, 0],
    [0, 1, 0, 0, 1, 0, 1],
    [0, 0, 1, 0, 0, 1, 1],
    [0, 0, 0, 1, 1, 1, 1]
])
print(f"G:\n{G}")

G:
[[1 0 0 0 1 1 0]
 [0 1 0 0 1 0 1]
 [0 0 1 0 0 1 1]
 [0 0 0 1 1 1 1]]


In [75]:
S = np.array([
    [1, 0, 1, 0],
    [0, 1, 1, 0],
    [1, 1, 0, 1],
    [1, 0, 0, 0]
])
print(f"S:\n{S}")
det_S = np.linalg.det(S)
print(f"\ndet(S):{det_S}")

S:
[[1 0 1 0]
 [0 1 1 0]
 [1 1 0 1]
 [1 0 0 0]]

det(S):1.0


In [76]:
P = np.array([
    [0,1,0,0,0,0,0],
    [0,0,0,0,0,1,0],
    [0,0,0,1,0,0,0],
    [1,0,0,0,0,0,0],
    [0,0,1,0,0,0,0],
    [0,0,0,0,0,0,1],
    [0,0,0,0,1,0,0],
])
print(f"P:\n{P}")
det_P = np.linalg.det(P)
print(f"\ndet(P):{det_P}")

P:
[[0 1 0 0 0 0 0]
 [0 0 0 0 0 1 0]
 [0 0 0 1 0 0 0]
 [1 0 0 0 0 0 0]
 [0 0 1 0 0 0 0]
 [0 0 0 0 0 0 1]
 [0 0 0 0 1 0 0]]

det(P):1.0


In [77]:
SG = np.mod(np.dot(S, G),2)
print(f"SG:\n{SG}")

SG:
[[1 0 1 0 1 0 1]
 [0 1 1 0 1 1 0]
 [1 1 0 1 1 0 0]
 [1 0 0 0 1 1 0]]


In [78]:
G_hat = np.mod(np.dot(SG, P), 2)
print(f"G^:\n{G_hat}")

G^:
[[0 1 1 1 1 0 0]
 [0 0 1 1 0 1 1]
 [1 1 1 0 0 1 0]
 [0 1 1 0 0 0 1]]


In [79]:
m = np.array([0, 1, 1, 0])
print(f"m:\n{m}")

m:
[0 1 1 0]


In [80]:
c_prime = np.mod(np.dot(m, G_hat), 2)
print(f"c':\n{c_prime}")

c':
[1 1 0 1 0 0 1]


In [81]:
z = np.array([0,0,0,1,0,0,0])
print(f"z:\n{z}")

z:
[0 0 0 1 0 0 0]


In [82]:
c = np.mod(np.add(c_prime,z), 2)
print(f"c:\n{c}")

c:
[1 1 0 0 0 0 1]


In [83]:
P_inv = np.linalg.inv(P)  
P_inv = np.mod(P_inv, 2)  
P_inv = np.round(P_inv).astype(int)  
print(f"P-1:\n{P_inv}")

P-1:
[[0 0 0 1 0 0 0]
 [1 0 0 0 0 0 0]
 [0 0 0 0 1 0 0]
 [0 0 1 0 0 0 0]
 [0 0 0 0 0 0 1]
 [0 1 0 0 0 0 0]
 [0 0 0 0 0 1 0]]


In [84]:
c_hat = np.mod(np.dot(c, P_inv), 2)
print(f"c^:\n{c_hat}")

c^:
[1 0 0 1 0 1 0]


In [85]:
m_hat = np.array([1,0,1,1])
print(f"m^:\n{m_hat}")

m^:
[1 0 1 1]


In [86]:
S_inv = np.linalg.inv(S)  
S_inv = np.mod(S_inv, 2)  
S_inv = np.round(S_inv).astype(int)  
print(f"S-1:\n{S_inv}")

S-1:
[[0 0 0 1]
 [1 1 0 1]
 [1 0 0 1]
 [1 1 1 0]]


In [87]:
np.mod(np.dot(m_hat,S_inv), 2)

array([0, 1, 1, 0], dtype=int32)

In [88]:
np.mod(np.dot(S,S_inv), 2)

array([[1, 0, 0, 0],
       [0, 1, 0, 0],
       [0, 0, 1, 0],
       [0, 0, 0, 1]], dtype=int32)