In [8]:
from Crypto.Util.number import getPrime, inverse, bytes_to_long, long_to_bytes, GCD
import random

# Prerequisites

1. Modular exponentiation
- https://crypto.stanford.edu/pbc/notes/numbertheory/exp.html
- https://en.wikipedia.org/wiki/Modular_exponentiation
- https://www.geeksforgeeks.org/modular-exponentiation-power-in-modular-arithmetic/
2. Modular multiplicative inverse
- https://en.wikipedia.org/wiki/Modular_multiplicative_inverse
- What is a trapdoor?
- https://en.wikipedia.org/wiki/Trapdoor_function
3. **Discrete logarithm problem**
        

# Theory

- he diffictulty of Diffie-Hellman Key exchange is based on the difficulty of the **Discrete logarithm problem** => Check the mathematics/discrete_logarithm_problem to see its weaknesses
- Choosing the right group is important because poorly chosen groups can be leveraged to solve the DLP
- DH is vulnerable to man-in-the-middle attacks unless provided authentification
- Using the same parameters (Ex: secret keys)  multiple times might lead to some vulnerabilities


## Algorithm

* Parameter creation:  
Choose large prime $p$
Choose $g$ with large prime order

* Private computations:  
$\underbrace{A \equiv g^{a}(\bmod p)}_{\text {Alice computes this }} \quad \text { and } \quad \underbrace{B \equiv g^{b}(\bmod p)}_{\text {Bob computes this }}$

* Exchange:
Exchange A and B

* Shared secret:
Compute the number $B^{a}(\bmod$
$p) . \quad$ Compute the number $A^{b}(\bmod p)$  

*Proof*  
The shared secret value is $B^{a} \equiv\left(g^{b}\right)^{a} \equiv g^{a b} \equiv\left(g^{a}\right)^{b} \equiv A^{b}(\bmod p)$


# Code

In [11]:
p = getPrime(512)

while True:
    g = random.randint(p//4, p//2)
    if(GCD(p, g)==1):
        break
#or
g = 2
print(p, g)

6983829715836505258653159102845425517180005183345631953545092735477838850088153260364181690372091058664973334321308519477924987198026471437169954163575973 2


In [12]:
p, g

(6983829715836505258653159102845425517180005183345631953545092735477838850088153260364181690372091058664973334321308519477924987198026471437169954163575973,
 2)

In [16]:
#Private computations
a = bytes_to_long(b'very_secret_key')
b = bytes_to_long(b'another_mega_secrey_key')
A = pow(g, a, p)
B = pow(g, b, p)
print(A, B)

2415181613099282926046937753738486888035826909601477335062323592625469084101250914741841203908590354843268963525530551838880874031718626701832390408389520 1677863428253636031889079332482631314411680163221843120546762067863019986882126008879395742191158388450183688957792913377479416238959865392424917366050619


In [17]:
#Secret key
A_1 = pow(B, a, p)
B_1 = pow(A, b, p)

print(A_1 == B_1)

True


# Resources
* Computerphile video: https://www.youtube.com/watch?v=NmM9HA2MQGI&ab_channel=Computerphile
* https://www.youtube.com/watch?v=Yjrfm_oRO0w&t=182s&ab_channel=Computerphile