# Yanal Yahya, software engineering, 197 group

# HA 3

### Problem 1 (1 point)

Diffie–Hellman key exchange protocol is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key. 

1) Implement function to generate common secret key within multiplicative group of given Finite field with known generator. 

*Note. You can assume that all the numbers are small, for example, less than 1000.*

In [35]:
def generateSecretKey(g, A, B, p):
    b = -1
    for k in range(1000):
        if(g**k % p == B):
            b = k
            break
    if b == -1:
        return 'not found'
    return (A**b) % p
    

2) Test your solution in GF(17) with generator g=11. Bobs' open key B=11, Alice private key is a=7

In [36]:
p = 17
g = 11
B = 11
a = 7
A = (g**a) % p
generateSecretKey(g, A, B, p)

3

### checking

In [37]:
B**a % p

3

### Problem 2 (3 points)

El Gamal protocol is widely used in cryptography. In this task we will ask you to implement your own El-Gamal encryption scheme on Python.

1) Implement function for generating keys. The function must generate big random prime number (problem of generating big prime numbers was discussed within the lectures). (1 point)

*Note. You can assume that all the numbers are small, for example, less than $2^{32}$. But you **must** use a primality test as a part of the function to get a full score.*

In [2]:
from random import randrange, getrandbits
import math
def is_prime(n):
    for i in range(2,int(math.sqrt(n))+1):
        if (n%i) == 0:
            return False
    return True

def generate_prime_candidate(length):
    """
        Args:
            length -- int -- the length of the number to generate, in bits
        return a integer
    """
    # generate random bits
    p = getrandbits(length)
    # apply a mask to set MSB and LSB to 1
    p |= (1 << length - 1) | 1
    return p
def generate_prime_number(length=16):
    """ Generate a prime
        Args:
            length -- int -- length of the prime to generate, in          bits
        return a prime
    """
    p = 4
    # keep generating while the primality test fail
    while not is_prime(p):
        p = generate_prime_candidate(length)
    return p
print(generate_prime_number())

65119


2) Implement functions that realize the encryption and decryption in El Gamal protocol. (1 points)

In [12]:
# Modular exponentiation
import random

# Asymmetric encryption
def encrypt(M, p, y, g):
    k = random.randint(2, p - 1)
    a = pow(g, k, p)
    b = (y**k * M) % p

    return a, b
 
def decrypt(a, b, p, x):       
    return pow(b * pow(a, -x, p), 1, p)

### testing the functions

In [13]:
M = 376
print("Original Message :", M)

p = generate_prime_number()
x = random.randint(2, 2**16)
g = random.randint(2, x)

y = pow(g, x, p)


a, b = encrypt(M, p, y, g)
dr_M = decrypt(a, b, p, x)
print("Decrypted Message :", dr_M);

Original Message : 376
Decrypted Message : 376


3) Calculate Hash of your name by SHA-1 and test El Gamal encryption/decryption functions on its 16-bit prefix. (1 points)

In [15]:
import hashlib
hash_object = hashlib.sha1(b'Yanal Yahya')
pbHash = hash_object.hexdigest()
pbHash

'ff783a55dfb3a0ebf1b633a87b0e6972e9309d98'

In [16]:
M = pbHash
print("Original Message :", M)

p = generate_prime_number()
x = random.randint(2, 2**16)
g = random.randint(2, x)

y = pow(g, x, p)

encrList = []
dr_M = ''
for ch in M:
    a, b = encrypt(ord(ch), p, y, g)
    encrList.append([a, b])
for enCh in encrList:
    dr_M += chr(decrypt(enCh[0], enCh[1], p, x))
print("Decrypted Message :", dr_M);

Original Message : ff783a55dfb3a0ebf1b633a87b0e6972e9309d98
Decrypted Message : ff783a55dfb3a0ebf1b633a87b0e6972e9309d98


### Problem 3 (4 points)

Elliptic curves due to their efficient hardware realization widely used in modern secure communication channels. The main thing that lies inside their cryptographic hardness is that we can break them only by greed search over all group points. In this task, we will ask you to write Python function that returns all group elements of a certain elliptic curve over a finite field 

1) Write a python function that list all points of elliptic curve $y^2=x^3+7$ over $F_{127}$ (1 point)

*Note. $127 = 2^7-1$ is the fourth Mersenne prime.*

In [17]:
pointsOnCurve = []
for x in range(127):
    for y in range(127):
        if(y**2 % 127 == (x**3 + 7) % 127):
            pointsOnCurve.append([x,y])

pointsOnCurve.append('точка бесконечность')
len(pointsOnCurve),pointsOnCurve

(127,
 [[1, 32],
  [1, 95],
  [2, 53],
  [2, 74],
  [3, 62],
  [3, 65],
  [4, 43],
  [4, 84],
  [8, 30],
  [8, 97],
  [11, 24],
  [11, 103],
  [12, 46],
  [12, 81],
  [14, 46],
  [14, 81],
  [17, 27],
  [17, 100],
  [18, 39],
  [18, 88],
  [19, 32],
  [19, 95],
  [21, 39],
  [21, 88],
  [24, 49],
  [24, 78],
  [25, 30],
  [25, 97],
  [28, 49],
  [28, 78],
  [32, 3],
  [32, 124],
  [34, 24],
  [34, 103],
  [38, 53],
  [38, 74],
  [39, 12],
  [39, 115],
  [41, 27],
  [41, 100],
  [45, 33],
  [45, 94],
  [46, 51],
  [46, 76],
  [47, 43],
  [47, 84],
  [51, 18],
  [51, 109],
  [52, 36],
  [52, 91],
  [57, 62],
  [57, 65],
  [58, 38],
  [58, 89],
  [60, 19],
  [60, 108],
  [67, 62],
  [67, 65],
  [69, 27],
  [69, 100],
  [70, 19],
  [70, 108],
  [71, 63],
  [71, 64],
  [72, 16],
  [72, 111],
  [75, 49],
  [75, 78],
  [76, 43],
  [76, 84],
  [78, 50],
  [78, 77],
  [79, 63],
  [79, 64],
  [80, 18],
  [80, 109],
  [82, 24],
  [82, 103],
  [84, 16],
  [84, 111],
  [85, 50],
  [85, 77],
  [86, 

2) Compare the number of points with Hasse’s estimate $|N-(q+1)|\leq 2{\sqrt  {q}}$. (1 point)

In [18]:
pointsNum = len(pointsOnCurve)
q = 127
abs(pointsNum -(q + 1)) <= 2*((q)**(1/2))

True

3) Prove that the point
$A = (19, 32)$ belongs to the elliptic curve and construct a sequence of $B_n = nA, n = 1, ..., 100$. (2 points)

### Proving that the point  𝐴=(19,32)  belongs to the elliptic curve

In [19]:
32**2 % 127 == (19**3 + 7) % 127

True

### $B_n:$

In [20]:
res = [19, 32]
A = [19, 32]
for n in range(1, 100):
    if(res[0] == A[0] and res[1] == A[1]):
        s = (3*(res[0]**2) * pow(2*res[1], -1, 127)) % 127
        res[0] = pow(s**2 - 2 * res[0], 1, 127)
        res[1] = pow(-res[1] + s*(A[0] - res[0]), 1, 127)
    elif(res[0] == A[0]):
        res[0] = 0
        res[1] = 0
    else:
        m = pow((A[1] - res[1]) * pow(A[0] - res[0], -1, 127), 1, 127)
        res[0] = pow(m**2 - A[0] - res[0], 1, 127)
        res[1] = pow(-A[1] - m*(A[0] - res[0]), 1, 127)
res
    

[87, 63]

### Problem 4 (2 points)

Let $p = 601$, $q = 7$, $e = 1463$ be the setup of the RSA algorithm. Compute $d$, sign the plane message $m = 58$ and check the signature.

In [21]:
import math as mth

In [22]:
p = 601
q = 7
e = 1463
m = 58
n = p*q
lamda = mth.lcm(p - 1, q - 1)

In [23]:
d = pow(e, -1, lamda)
d

527

### signing the plane message 𝑚=58

In [24]:
sigma = pow(m, d, n)
sigma

1348

### checking the signature

In [25]:
pow(sigma, e, n) == m

True