Show page

Differences

This shows you the differences between two versions of the page.

--- ac:laboratoare:11 [2025/11/06 10:29]
marios.choudary
+++ ac:laboratoare:11 [2025/11/06 10:36] (current)
marios.choudary
@@ Line 83: / Line 83: @@
 For this you can either modify the work you did above to use a post-quantum key exchange method such as ML-KEM in Python.
+To do this in Python you can use a library such as [[https://pypi.org/project/mlkem/|ml-kem]].
+You can install this as follows:
+<code>
+pip install ml-kem
+</code>
+Below is an example of how to use this library in a simple client-server scenario. Note: this example is provided by Gemini AI, so use it with caution and double-check it:
+<code>
+# Install the library first: pip install ml-kem
+from mlkem.ml_kem import ML_KEM
+from mlkem.parameter_set import ML_KEM_768 # Recommended security level
+import secrets
+# --- Server (Alice) Side ---
+def server_keygen():
+    """Alice generates her ML-KEM key pair."""
+    # Initialize ML-KEM with the desired security level
+    ml_kem = ML_KEM(parameters=ML_KEM_768, randomness=secrets.token_bytes)
+    # Generate the encapsulation key (ek, public) and decapsulation key (dk, private)
+    ek, dk = ml_kem.key_gen()
+    print("Alice: Generated Public Key (ek) and Private Key (dk).")
+    return ek, dk, ml_kem
+def server_decapsulate(dk, c, ml_kem):
+    """Alice decapsulates the ciphertext to get the shared secret."""
+    try:
+        K_prime = ml_kem.decaps(dk, c)
+        print("Alice: Successfully decapsulated the Shared Secret (K').")
+        return K_prime
+    except ValueError as e:
+        print(f"Alice: Decapsulation failed! {e}")
+        return None
+# --- Client (Bob) Side ---
+def client_encapsulate(ek):
+    """Bob encapsulates a shared secret using Alice's public key."""
+    ml_kem = ML_KEM(parameters=ML_KEM_768, randomness=secrets.token_bytes)
+    # Encapsulate to get the shared secret (K) and the ciphertext (c)
+    K, c = ml_kem.encaps(ek)
+    print("Bob: Encapsulated a Shared Secret (K) and created Ciphertext (c).")
+    return K, c
+# --- Communication Flow Simulation ---
+# 1. Server (Alice) Key Generation
+ek_server, dk_server, ml_kem_instance = server_keygen()
+# 2. Public Key Transmission (ek_server is sent to the client)
+print("\n--- Network Transmission: ek sent to Bob ---")
+# 3. Client (Bob) Encapsulation
+K_client, c_client = client_encapsulate(ek_server)
+# 4. Ciphertext Transmission (c_client is sent back to the server)
+print("\n--- Network Transmission: c sent to Alice ---")
+# 5. Server (Alice) Decapsulation
+K_server = server_decapsulate(dk_server, c_client, ml_kem_instance)
+# 6. Verification
+print("\n--- Verification ---")
+if K_client is not None and K_server is not None:
+    if K_client == K_server:
+        print("Success! Alice's and Bob's shared secrets match.")
+        # The shared secret can now be used as an AES key, e.g., K_client
+        # The shared secret is bytes:
+        # print(f"Shared Secret: {K_client.hex()}")
+    else:
+        print("Failure! Shared secrets do not match.")
+else:
+    print("Failure in key exchange process.")
+</code>
 Otherwise, you can start from the Diffie-Hellman key exchange lab we did in OpenSSL/C. You may start from {{:ac:laboratoare:lab_dhe_solved.zip|this}} code, that provides a working solution for the Diffie-Hellman lab in OpenSSL.

Labs

Resources

ac/laboratoare/11.1762417773.txt.gz · Last modified: 2025/11/06 10:29 by marios.choudary

Show page Old revisions

Media Manager Back to top