Modified ElGamal Encryption code and README

Author: ashutosh1206

Elgamal-Encryption/Pictures/picture1.gif

@@ -1,94 +1,97 @@
 # ElGamal Encryption
-  
+
 Prerequisites:
 1. Cyclic Groups, Generators
 2. Basic Number Theory (Euler's Theorem, Fermat's Little Theorem)
-  
-  
 
-ElGamal Encryption System is an Asymmetric Key Encryption System based on [Discrete Logarithm Problem](../Discrete-Logarithm-Problem/) (DLP) and Diffie-Hellman Key Exchange. Like every other Public Key encryption, it has a public and a private key, we will see that as we move forward.  
-  
+
+ElGamal Encryption System is an Asymmetric Key Encryption System based on [Discrete Logarithm Problem](../Discrete-Logarithm-Problem/) (DLP) and Diffie-Hellman Key Exchange.   
+
 For illustrative purposes, we will consider `Alice` as the receiver and `Bob` as the sender.  
-  
-There are different steps involved while encrypting/decrypting data with ElGamal, let's list them first and then study each of them in detail:  
-1. **Key Generation**:  Alice generates a pair of public and private keys. Shares the public key.
+
+There are different steps involved while encrypting or decrypting data with ElGamal, let's list them first and then study each of them in detail:  
+1. **Key Generation**:  Alice generates a public and private key and shares the public key.
 2. **Encryption**: Bob uses Alice's public to encrypt message that he wants to send to Alice, and hence generates a pair of ciphertext (c1, c2). Shares the ciphertext pair.  
-3. **Decryption**: Alice then uses his private key to decrypt the ciphertext (c1, c2).
-  
-  
+3. **Decryption**: Alice then uses her private key to decrypt the ciphertext (c1, c2).
+
+
 
 ## Key Generation
-This is the first step in the process of transferring a messages securely, between Alice and Bob. In this step, Alice does the following: 
-1. Selects a Cyclic Group `G` of order `q` and generator `g`
-2. Selects a random number `x` such that `1 <= x <= q-1`
+This is the first step in the process of transferring a messages securely, between Alice and Bob. In this step, Alice does the following:
+1. Selects a Cyclic Group `G` of order `q` and generator `g`. Note that either the cyclic group should be generated over a [safe prime](https://en.wikipedia.org/wiki/Safe_prime) `p`, or the generator `g` should generate prime-order-subgroups; otherwise it is vulnerable to [Small Subgroup Attacks](https://florianjw.de/en/insecure_generators.html).
+2. Generates a random number `x` such that `1 <= x <= q-1` and assigns it as the private key (Note that `q` is the group order).
 3. Calculates ![picture1](Pictures/picture1.gif)
 4. Shares `h`, `g`, `q` as Public Key
 5. `x` is the Private Key which only Alice should know, and that's where the security of the encryption system lies.
-  
+
 
 Here is a python-2.7 implementation of the above step:  
 ```python
-from Crypto.Util.number import *
-import random
-
-def generate_key(size):
-	p = getPrime(size)
-	x = random.randint(2, p-2)
-	g = 2
-	h = pow(g, x, q)
-	return (h, g, q)
+def _generate_key():
+    	# Assigning the largest 1024-bit safe prime as p
+	p = (1 << 1024) - 1093337
+	x = randint(2, p-2)
+	g = 23
+	q = p - 1
+	h = pow(g, x, p)
+	pubkey = PublicKey(h, p, g, q)
+	privkey = PrivateKey(x, p, g, q)
+	return (pubkey, privkey)
 ```
-  
-  
+
 
 ## Encryption
 Bob receives Alice's Public Key and encrypts the message that he wants to send to Alice as follows:  
-1. Selects a random number `y` --> {1, ..., q-1}
-2. Chooses a message `m` such that `1 <= m < q-1`
-2. Diffie Hellman Step: Calculates ![picture2](Pictures/picture2.gif) 
+1. Selects a random number `y` such that `1 <= y <= q-1`. Note that a new value of `y` is chosen for sending every message. Hence, `y` is known as ephemeral key.
+2. Chooses a message `m` such that `1 < m < q-1`
+2. Diffie Hellman Step: Calculates ![picture2](Pictures/picture2.gif)
 3. Diffie Hellman Step, also `s` is known as the shared secret: Calculates ![picture3](Pictures/picture3.gif)
 4. Calculates ![picture4](Pictures/picture4.gif)
-5. Shares (c1, c2) as the ciphertext
-  
+5. Shares (c<sub>1</sub>, c<sub>2</sub>) as the ciphertext
+
 
 Here is a python-2.7 implementation of the above step:  
 ```python
-from Crypto.Util.number import *
-import random
-
-def encrypt(message, h, g, q):
-	message = bytes_to_long(message)
-	y = random.randint(2, p-2)
-	c1 = pow(g, y, q)
-	s = pow(h, y, q)
-	c2 = (m*s) % q
+def _encrypt(message, pubkey):
+  	h = pubkey.h
+	p = pubkey.p
+	g = pubkey.g
+	q = pubkey.q
+	m = bytes_to_long(message)
+	# Generating ephemeral key: `y`
+	y = randint(2, p-2)
+	c1 = pow(g, y, p)
+	# Computing the shared secret: `s`
+	s = pow(h, y, p)
+	c2 = (m*s) % p
 	return (c1, c2)
+
 ```
 
-  
-  
 
 ## Decryption
-Alice receives (c1, c2), we can write them as:  
-![picture5](Pictures/picture5.gif)  
-![picture6](Pictures/picture6.gif)  
-Alice then calculates the following to get the shared secret `s`: ![picture7](Pictures/picture7.gif)  
-To get back the message `m` from c<sub>2</sub>, Alice does the following:  
-![picture8](Pictures/picture8.gif)  
-  
+Alice receives (c<sub>1</sub>, c<sub>2</sub>), we can write them as:  
+![picture](Pictures/picture2.gif)  
+![picture](Pictures/picture4.gif)  
+1. Alice then calculates the following to get the shared secret `s`: ![picture7](Pictures/picture5.gif)
+2. To get back the message `m` from c<sub>2</sub>, Alice does the following:  
+![picture8](Pictures/picture6.gif)  
 
-Here is a python-2.7 implementation of the above step:  
-```python 
-from Crypto.Util.number import *
-import random
 
-def decrypt(c1, c2, g, q, x):
-	s = pow(c1, x, q)
-	m = (c2*inverse(s, q)) % q
+Here is a python-2.7 implementation of the above step:  
+```python
+def _decrypt(ciphertext, privkey):
+	c1, c2 = ciphertext
+	g = privkey.g
+	p = privkey.p
+	x = privkey.x
+	s = pow(c1, x, p)
+	m = (c2*inverse(s, p)) % p
 	return m
 ```
-  
-Check out a trivial implementation/example of ElGamal encryption/decryption [here](example.py)
+
+Check out the full implementation/example of ElGamal encryption/decryption [here](example.py)
 
 ## References
-1. [Wikipedia- ElGamal Encryption](https://en.wikipedia.org/wiki/ElGamal_encryption)
+1. [Wikipedia- ElGamal Encryption](https://en.wikipedia.org/wiki/ElGamal_encryption)
+2. [Small Subgroup Attacks- Florianjw's blog](https://florianjw.de/en/insecure_generators.html)

Elgamal-Encryption/Pictures/picture2.gif

@@ -1,22 +1,139 @@
-from Crypto.Util.number import *
-import random
-
-def generate_key(size):
-	p = getPrime(size)
-	x = random.randint(2, p-2)
-	g = 2
-	h = pow(g, x, q)
-	return (h, g, q)
-
-def encrypt(message, h, g, q):
-	message = bytes_to_long(message)
-	y = random.randint(2, p-2)
-	c1 = pow(g, y, q)
-	s = pow(h, y, q)
-	c2 = (m*s) % q
+#!/usr/bin/env python2.7
+
+from Crypto.Util.number import bytes_to_long, inverse, long_to_bytes
+from Crypto.Random.random import randint
+
+class PublicKey:
+	def __init__(self, h, p, g, q):
+		self.h = h
+		self.p = p
+		self.g = g
+		self.q = q
+
+class PrivateKey:
+	def __init__(self, x, p, g, q):
+		self.x = x
+		self.p = p
+		self.g = g
+		self.q = q
+
+
+def _generate_key():
+	"""
+	Generate private-public key pair.
+	For security reasons, either p should be a safe prime or g should have a
+	prime subgroup order. Otherwise it is vulnerable to Short Subgroup Attack.
+
+	:Parameters: _None_
+
+	:Variables:
+		g : int/long
+			Base point for modular exponentiation.
+		p : int/long
+			Modulus for modular exponentiation. Should be a safe prime.
+		x : int/long
+			Receiver's private key, should be kept secret.
+		h : int/long
+			Receiver's public key
+		q : int/long
+			Order of group generated by p and equals p-1
+
+	:Return: A tuple containing a Public Key object (class `PublicKey`) and
+	a Private Key object (class `PrivateKey`)
+	"""
+	# Assigning the largest 1024-bit safe prime as p
+	p = (1 << 1024) - 1093337
+	x = randint(2, p-2)
+	g = 23
+	q = p - 1
+	h = pow(g, x, p)
+	pubkey = PublicKey(h, p, g, q)
+	privkey = PrivateKey(x, p, g, q)
+	return (pubkey, privkey)
+
+def _encrypt(message, pubkey):
+	"""
+	Encrypt message using ElGamal encryption system
+
+	:Parameters:
+		message : str
+				  plaintext to be encrypted
+		pubkey  : instance of `PublicKey` class
+				  Alice's public key parameters used for encryption
+
+	:Variables:
+		g : int/long
+			Base point for modular exponentiation.
+		p : int/long
+			Modulus for modular exponentiation. Should be a safe prime.
+		h : int/long
+			Receiver's public key
+		q : int/long
+			Order of group generated by p and equals p-1
+		y : int/long
+			Ephemeral key generated by the sender
+		c1, c2: int/long
+			Ciphertext pair
+		s : int/long
+			Shared secret
+
+	:Return:
+		A tuple containing ciphertext pair c1, c2
+	"""
+	h = pubkey.h
+	p = pubkey.p
+	g = pubkey.g
+	q = pubkey.q
+	m = bytes_to_long(message)
+	# Generating ephemeral key: `y`
+	y = randint(2, p-2)
+	c1 = pow(g, y, p)
+	# Computing the shared secret: `s`
+	s = pow(h, y, p)
+	c2 = (m*s) % p
 	return (c1, c2)
 
-def decrypt(c1, c2, g, q, x):
-	s = pow(c1, x, q)
-	m = (c2*inverse(s, q)) % q
-	return m
+def _decrypt(ciphertext, privkey):
+	"""
+	Decrypt ciphertext using ElGamal Encryption System
+
+	:Parameters:
+		ciphertext : int/long tuple
+			Ciphertext of ElGamal encrypted plaintext
+		privkey : instance of `PrivateKey` class
+		 	Receiver's private key used for decryption
+
+	:Variables:
+		g : int/long
+			Base point for modular exponentiation.
+		p : int/long
+			Modulus for modular exponentiation. Should be a safe prime.
+		q : int/long
+			Order of group generated by p and equals p-1
+		c1, c2: int/long
+			Ciphertext pair
+		x : int/long
+			Receiver's private key, should be kept secret.
+		s : int/long
+			Shared secret
+
+	"""
+	c1, c2 = ciphertext
+	g = privkey.g
+	p = privkey.p
+	x = privkey.x
+	s = pow(c1, x, p)
+	m = (c2*inverse(s, p)) % p
+	return m
+
+def test():
+	pubkey, privkey = _generate_key()
+	print "h: ", pubkey.h
+	print "p: ", pubkey.p
+	print "g: ", pubkey.g
+	print "q: ", pubkey.q
+	print "x: ", privkey.x
+	print "\n"
+	ct = _encrypt("test string", pubkey)
+	print long_to_bytes(_decrypt(ct, privkey))
+test()