In [1]:
import numpy as np
import math


# Division

## GCD

$a = b * q + r; \ 0 \leq r < b  $  
Propriety: $\gcd(a, b) = \gcd(b, r)$

In [1]:
def gcd(a, b):
    if b == 0:
        return a
    else:
        return gcd(b, a%b)


In [2]:
p = 1223
q = 1987
gcd(p, q)

1

In [3]:
gcd(16534528044, 8332745927)

43

In [17]:
def egcd(a, b):
    if a == 0:
        return (b, 0, 1)
    else:
        gcd, x, y = egcd(b%a, a) #compute gcd first
        return (gcd, y - b//a *x , x)
    

In [5]:
egcd(16534528044, 8332745927)

(43, 81440996, -161602003)

In [30]:
egcd(527, 1258)

(17, -31, 13)

In [31]:
egcd(15, 0)

(15, 1, 0)

## relatively prime nr

$ a, b \in \mathbb{Z} -> gcd(a, b) = 1 => a, b = coprime  $

$ a \cdot u + b \cdot v = gcd(a, b)  => u \cdot \frac{a}{gcd(a, b)} + v \cdot \frac{b}{gcd(a, b)} = 1   $  
where  $\frac{a}{gcd(a, b)}\ and\ \frac{b}{gcd(a, b)} $ are coprime 


# Modular arithmetic 

1. If $ a_1 ≡ a_2 (mod\ m)$ and $b_1 ≡ b_2 (mod\ m), $then
$ a_1 ± b_1 ≡ a_2 ± b_2 (mod\ m)\\
a_1 · b_1 ≡ a_2 · b_2 (mod\ m) $  
2. Let  $a$ be an integer. Then $a · b ≡ 1 (mod\ m)$ for some integer $b <=> \gcd(a, m) = 1 $

**Def:** We write $ \mathbb{Z} / m \mathbb{Z}=\{0,1,2, \ldots, m-1\} $  the ring of integers modulo m 

**Def**  
$a$ has an inverse modulo $m$ if and only if $\operatorname{gcd}(a, m)=1 .$ Numbers that have inverses are called units. We denote the set of all units by  
$
(\mathbb{Z} / m \mathbb{Z})^{*}=\{a \in \mathbb{Z} / m \mathbb{Z}: \operatorname{gcd}(a, m)=1\}
=\{a \in \mathbb{Z} / m \mathbb{Z}: a \text { has an inverse modulo } m\}
$   
The set $(\mathbb{Z} / m \mathbb{Z})^{*}$ is called the group of units modulo m  

In many of the cryptosystems that we will study, it is important to know
how many elements are in the unit group modulo m.

The extended Euclidean algorithm gives us an efficient computational method for computing $a^{-1}$ mod $p .$  
We simply solve the equation $a u+p v=1 \quad$  
in integers $u$ and $v$
and then $u=a^{-1}$ mod $p .$

**Prop**  
Let $p$ be a prime. Then every nonzero elementain $\mathbb{Z}/p\mathbb{Z}$ has a multiplicative inverse, that is, there is a number $b$ satisfying $ab≡1(modp)$.

In [38]:
def modinv(x, p):
    gcd, u, v = egcd(x, p)
    return u%p

In [51]:
def modinv_long(a, b, c, p): #doesnt work
    ''' solves (x*a + b) mod p = c'''
    _, temp, _ = egcd((c-b), p)
    temp = temp%p
    gcd, u, v = egcd(a*temp, p)
    return u%p



# Prime numbers

**Fundamental Theorem of Arithmetic**

If $a >= 2$ then a can be factored as a product of prime numbers   
$ a=p_{1}^{e_{1}} \cdot p_{2}^{e_{2}} \cdot p_{3}^{e_{3}} \cdots p_{r}^{e_{r}} $  

The factorization is **unique**

# Finite fields

**Def**  
* A field is the general name for a (commutative) ring in which every nonzero
element has a multiplicative inverse.

* The field $\mathbb{Z} / p \mathbb{Z}$ of integers modulo $p$ has only finitely many elements. It is
a finite field and is often denoted by $\mathbb{F}_{p} .$ Thus $\mathbb{F}_{p}$ and $\mathbb{Z} / p \mathbb{Z}$ are really just two different notations for the same object

**Theorem**(Fermat's Little Theorem).  
Let $p$ be a prime number and let a be any integer. Then
$
a^{p-1} \equiv\left\{\begin{array}{lll}
1 & (\bmod p) & \text {if } p \nmid a \\
0 & (\bmod p) & \text {if } p \mid a
\end{array}\right.
$

In [9]:
#example
p = 15485863 
a = 2
pow(2, p-1, p)

1

* computing inverse modulo p:  
$a^{-1} \equiv a^{p-2} \quad(\bmod p)$

**Theorem**  (Primitive Root Theorem).  
Let $p$ be a prime number. Then there exists an element $g \in \mathbb{F}_{p}^{*}$ whose powers give every element of $\mathbb{F}_{p}^{*},$ i.e.
$
\mathbb{F}_{p}^{*}=\left\{1, g, g^{2}, g^{3}, \ldots, g^{p-2}\right\}
$  
* Elements with this property are called primitive roots of $\mathbb{F}_{p}$ or generators of $\mathbb{F}_{p}^{*} .$ They are the elements of $\mathbb{F}_{p}^{*}$ having order $p-1$

# Symmetric and Asymmetric ciphers

$
\text{encrypton} \ e: \mathcal{K} \times \mathcal{M} \rightarrow \mathcal{C}
$  
$
\text{decrypton} \ d: \mathcal{K} \times \mathcal{C} \rightarrow \mathcal{M} 
$  
$
d(k, e(k, m))=m \quad \text { for all } k \in \mathcal{K} \text { and all } m \in \mathcal{M}
$  


**Symmetric cyphers**  

* Multiplication  
$
e_{k}(m) \equiv k \cdot m \quad(\bmod p)
$  
$
d_{k}(c) \equiv k^{\prime} \cdot c \quad(\bmod p)
$  
    The cypher is vulnerable to known $(m, c)$ pair.  
    Mathematically, this may be rephrased by saying that given any ciphertext $c \in \mathcal{C}$ and any plaintext $m \in \mathcal{M},$ there exists a key $k$ such that $e_{k}(m)=c .$ Specifically this is true for the key
$
k \equiv m^{-1} \cdot c \quad(\bmod p)
$


* Addition  
$
e_{k}(m) \equiv m+k \quad(\bmod p) \quad \text { and } \quad d_{k}(c) \equiv c-k \quad(\bmod p)
$  


* XOR cipher  
$
e_{k}(m)=k \oplus m \quad \text { and } \quad d_{k}(c)=k \oplus c
$  
Weakness: k must be used only once  
$
c \oplus c^{\prime}=(k \oplus m) \oplus\left(k \oplus m^{\prime}\right)=m \oplus m^{\prime}
$

**Asymmetric ciphers**

 $k=\left(k_{\text {priv }}, k_{\text {pub }}\right)$  
 $d_{k_{\text {piv }}}\left(e_{k_{\text {pub }}}(m)\right)=m \quad$ for all $m \in \mathcal{M}$

# Bonus algorithms

In [31]:
## another extended euclidean algo

In [32]:
def xgcd2(a, b):
    u = 1
    g = a 
    x = 0
    y = b
    if b == 0:
        return (a, 1, 0)
    while True:
        if(y == 0):
            v = (g-a*u)/b
            #this if is if we want u positive
            if (u < 0):
                u = u+b/g 
                v = v-a/g
            return (g, u, v)
        
        q = g // y #quotient
        r = g % y  #remainder
        s = u - q * x
        u = x
        g = y
        x = s
        y = r

In [29]:
xgcd2(527, 1258), egcd(527, 1258)

((17, 43.0, -18.0), (17, -31, 13))

In [30]:
xgcd2(10, 0),  egcd(10, 0)

((10, 1, 0), (10, 1, 0))