In [21]:
import random
k = 4

In [22]:
#-------------------------------------------------------------
# Public parameter generator input = degree k
#-------------------------------------------------------------
def parameter_gen(k):
    flag = True
    while flag :
        N = next_prime(randrange(2**k, 2**(k+1)))
        p = next_prime(randrange(2**k, 2**(k+1)))
        d = randrange(1, N)
        q = next_prime(randrange((6*d + 1)*p, (6*d + 1)*(p*2^5)))
        if gcd(p,q) == 1 :
            if gcd(N,q) == 1 :
                if q > (6*d + 1) * p :
                    flag = False
    return (N,p,q,d)
#-------------------------------------------------------------
t = cputime()
#(N,p,q,d) = parameter_gen(k)
(N,p,q,d) = (7,3,41,2)
ti = cputime(t)
print ("Cpu time = " + str(ti))
print ("(N,p,q,d) = " + str((N,p,q,d)))

Cpu time = 0.000235
(N,p,q,d) = (7, 3, 41, 2)


In [23]:
#-------------------------------------------------------------
# Ring Mapping
#-------------------------------------------------------------
# ZZ[x] --> R=ZZ[x]/(x^N-1)
def map_to_R(a):
    R.<x> = PolynomialRing(ZZ)
    idR=R.ideal(x^N-1)
    QuoR.<x>=R.quotient_ring(idR)
    return QuoR(a)
#-------------------------------------------------------------
# ZZ[x] --> Rp=ZZp[x]/(x^N-1)

def map_to_Rp(a):
    Rp=IntegerModRing(p)
    Rp.<x>=PolynomialRing(Rp)
    idRp=Rp.ideal(x^N-1)
    QuoRp.<x>=Rp.quotient_ring(idRp)
    return QuoRp(a)
#-------------------------------------------------------------
# ZZ[x] --> Rq=ZZq[x]/(x^N-1)

def map_to_Rq(a):
    Rq=IntegerModRing(q)
    Rq.<x>=PolynomialRing(Rq)
    idRq=Rq.ideal(x^N-1)
    QuoRq.<x>=Rq.quotient_ring(idRq)
    return QuoRq(a)
#-------------------------------------------------------------
# Tripolynomial
#-------------------------------------------------------------
def tri_poly(d_1, d_2) :
    s = [1 for j in range(d_1 - 1)]
    s = s + [-1 for j in range(d_2)]
    s = s + [0 for j in range(N - d_2 - d_1)]
    random.shuffle(s)
    s.append(1)
    return map_to_R(s)
#-------------------------------------------------------------
# Fq = f^(-1) in Rq
#-------------------------------------------------------------
def fq_inv(f) :
    return map_to_Rq(f)^(-1)
#-------------------------------------------------------------
# Fp = f^(-1) in Rp
#-------------------------------------------------------------
def fp_inv(f) :
    return map_to_Rp(f)^(-1)
#-------------------------------------------------------------
def find_h(F_q, g) :
    return map_to_Rq(g)*F_q


In [24]:
#-------------------------------------------------------------
# Key generated by Alice
#-------------------------------------------------------------
#(N,p,q,d) = (7,3,41,2)
#-------------------------------------------------------------
t = cputime()
#-------------------------------------------------------------
#f = x^6-x^4+x^3+x^2-1
#g = x^6+x^4-x^2-x
f = tri_poly(d+1, d)
g = tri_poly(d, d)
F_q = fq_inv(f)
F_p = fp_inv(f)
h = find_h(F_q, g)
ti = cputime(t)
print ("Cpu time = " + str(ti))
print ("Alice's private key (f,F_p): ")
show((f,F_p))
print ("Alice's public key (h): ")
show(h)
#latex(f)
#latex(F_p)
#latex(h)

Cpu time = 0.003569
Alice's private key (f,F_p): 


Alice's public key (h): 


In [17]:
#-------------------------------------------------------------
# Encryption Function
# m in R
#-------------------------------------------------------------
def encrypt(m, h, r):
    m=map_to_R(m)
    r=map_to_R(r)
    map_to_Rq((p*r*h)+m)
    return map_to_Rq((p*r*h)+m)


#-------------------------------------------------------------
# Bob encrypt message
#-------------------------------------------------------------
m = random.sample(range(0, p), N)
m = map_to_R(m)
#m=map_to_R(-x^5+x^3+x^2-x+1)
#m = tri_poly(3,2)
#-------------------------------------------------------------
# Ephimeral key
#-------------------------------------------------------------
r = x^6 - x^5 + x-1
#r = tri_poly(d,d)
#-------------------------------------------------------------
t = cputime()
e = encrypt(m, h, r)
ti = cputime(t)
print ("Cpu time = " + str(ti))
print ("Plant text : ")
show(m)
#latex(m)
print ("Cipher text: ")
show(e)
#latex(e)

Cpu time = 0.003454
Plant text : 


Cipher text: 


In [18]:
#-------------------------------------------------------------
# Center lift function
#-------------------------------------------------------------
def center_lift(a, t) :
    lst_a = list(a)
    for i in range(len(lst_a)) :
        if lst_a[i] <= -t/2 :
            lst_a[i] += t
        elif lst_a[i] > t/2 :
            lst_a[i] -= t
    return map_to_R(lst_a)
#-------------------------------------------------------------
# Decrypt recieved cypher text e(x)
#-------------------------------------------------------------

def decrypt(f, F_p, e) :
    f = map_to_R(f)
    a = map_to_Rq(f*e)
    a = map_to_R(a)
    #a = ((f * e) % id) % q
    a = center_lift(a, q)
    mhat = map_to_Rp(F_p*a)
    mhat = map_to_R(mhat)
    mhat = center_lift(mhat, p)
    return mhat
#-------------------------------------------------------------

In [19]:
#--------------------------------------------------------
# Alice decrypt cypher text
#--------------------------------------------------------
mhat_lift = decrypt(f, F_p, e)
print ("Recovery message (for ﬁrst cipher): ")
show(mhat_lift)
#--------------------------------------------------------

Recovery message (for ﬁrst cipher): 


In [20]:
print (mhat_lift == m)

True


In [11]:
#--------------------------------------------------------
# edit by the advisor
#--------------------------------------------------------
#(N,p,q,d) = (7,3,41,2)
(N,p,q,d) = parameter_gen(k)
print ("(N,p,q,d) = " + str((N,p,q,d)))
count = 0
for i in range(1000) :
    #f = x^6-x^4+x^3+x^2-1
    #g = x^6+x^4-x^2-x
    f = tri_poly(d+1, d)
    g = tri_poly(d, d)

    F_q = fq_inv(f)
    F_p = fp_inv(f)
    h = find_h(F_q, g)
    
    m = map_to_R(-x^5 + x^3 + x^2 - x + 1)
    #m = tri_poly(3,2)
    r = tri_poly(d,d)
    #r = x^6 - x^5 + x-1
    
    e = encrypt(m, h, r)
    
    mhat_lift = decrypt(f, F_p, e)
    if mhat_lift != m :
        count += 1
print ("Error = " + str(count))

(N,p,q,d) = (23, 23, 14449, 19)
Error = 0
