In this lab we'll do some cool exercises using public key encryption methods for key exchange and data encryption.

As we discussed in class, Diffie and Hellman proposed the first public key exchange mechanism such that two parties, that did not share any previous secret could establish a common secret. This allows the parties to have a shared key that only they know (except if there is an active man in the middle attack, which is usually solved by using TLS/certificates, but we shall not focus on that here).

Download the lab code from here. After unzipping, you'll find the source code for a client (dhe.c) and a server (dhe_server.c), along with a Makefile and fixed Diffie-Hellman p and g params in the files dhparam.pem.

The client and server have a similar structure. Each of them should build a public key, then send it to the other party, receive the public key from the other party and finally compute the secret key. Your task is to complete the missing parts. For this, consult the openssl documentation here. Since they are similar, focus only on one of them and then do similarly on the other one.

The makefile should help you build both. Just type 'make all'. After completing the necessary todo's in the file, you can start the server by typing 'make start_server' and the client with 'make start_client'.

If all goes well, you should see the same secret key on both client and server.

Before starting this task, check that you have openSSL installed (in this lab we'll use openSSL 1.1.0):

#openssl version

Also, make sure that you have “libssl-dev” installed (ask your lab supervisor to help you if this is missing, e.g. if you cannot find header files during compilation).

linux$ ./config --prefix=/home/student/local --openssldir=/home/student/local/openssl
linux$ make
linux$ make test
linux$ make install

#gcc -L/usr/local/lib dhe.c -o dhe -lcrypto

Do not be scared by the fancy name! Post Quantum Cryptography has nothing “Quantum” in it (beside the name). In the following lines we will briefly introduce you to this new concept.

In modern public key cryptography the security of algorithms relies on hard to solve mathematical problems. The motivation behind it is that if you want to build an encryption scheme you have to prove somehow that the scheme is secure. What better way to satisfy this than building it in such a way that breaking its security relies on solving hard mathematical problems? Humanity has failed collectively to solve them and one would consider these failed attempts as attempts to break the security of the scheme!

In a breakthrough paper (https://arxiv.org/pdf/quant-ph/9508027.pdf), Peter Shor an American mathematician invented in 1994 an algorithm that can perform integer factorization in polynomial-time. Additionally it can also be used for computing the discrete logarithm problem. In simple words, this algorithm breaks public key algorithms used in the present! The catch (and this is why life is still beautiful and we can safely secure our data) is that this algorithm, in order to be efficient, needs to run on an efficient enough Quantum Computer. But are Quantum Computers feasible in practice? If so, what can we do?

Having this in mind we can finally define what is a “Post Quantum Algorithm”:

As a response to the threat of practical Quantum Computers, NIST started a “competition” in 2016(https://csrc.nist.gov/CSRC/media/Presentations/Let-s-Get-Ready-to-Rumble-The-NIST-PQC-Competiti/images-media/PQCrypto-April2018_Moody.pdf): a call for proposals from researchers for new algorithms that are considered secure even against quantum computers in order to provide the standard of future public key algorithms! At this time, the competition is in the final round and NIST is planning to release the initial standard for quantum-resistant cryptography in 2022/2024!

Probably one of the most promising out of these possible “directions” is lattice-based cryptography and this is why on the next lines we will focus on lattice-based cryptography!

While it is not necessary for the task that you will have to solve today to know in depth the mathematics behind lattices it is polite to know what is one.

In this exercise we will implement using python a very simple public key encryption scheme based on the most used hard problem in the design of lattice-based schemes (from the 3 lattice-based finalists, 2 are using variants of this problem). The problem is called Learning with Errors. While this implementation is oversimplified it should give you a feeling of how a basic public key scheme works for lattice-based algorithms with the underlying security based on this paradigm. Before going in the exercise let's quickly see the “hardness” of Learning with Errors. Suppose you have a matrix A. You multiply it with a vector s and obtain the result vector B. Given A and B, can you find s? Here A, B - public keys and s -secret key. This is quite simple to solve using Gaussian Elimination algorithm! So, what next? The thing is that if you add a small error after the multiplication of A with s (meaning adding randomly 1 or 2 or 3 to the elements of the resulted vector) finding s having just A and B becomes quite a difficult problem! This is the “hardness” of the Learning with Errors problem. Now let's construct our toy public scheme starting from this hard problem. First things first, we have to select some parameters: the modulus q (ALL OPERATIONS ARE UNDER MODULO q), the secret number s (secret key known by Alice) and n (the length of the vectors in the algorithm). Let's see how can Bob send a bit to Alice! This can be further extended to multiple bits.

In practice the secret “s” is in fact a vector but just for simplicity we use it here as a scalar . If you are curious about an actual implementation of a LWE based algorithm you can check Kyber https://eprint.iacr.org/2017/634.pdf which is one of the finalists in the NIST standardization competition.

• Generate a vector A = [a0, a1, …, an-1] where ai is a random element modulo q.
• Generate a vector e = [e0, e1, …, en-1] of small errors where ei is a random number between [1, 4]
• Compute vector B = [b0, b1, …, bn-1] where bi = ai * s + ei.
• Give A and B to Bob!

Bob Encrypt step:

• Bob samples randomly some values from A and B. (should sample at least floor(n/4) values)
• Compute u = sum of samples taken from A.
• Compute v = sum of samples taken from B.
• Compute v = v + floor(q/2) * (bit that you want to send)
• Give Alice the cipher (u, v)

Alice Decrypt step:

• Alice computes (v - s * u) mod q.
• If this value is bigger than floor(q/2) it means that Bob sent a 1 otherwise Bob sent a 0.

You will also find more details for this implementation in your skeleton code.

You have to implement the 3 main steps (Generate, Encrypt and Decrypt) for this toy LWE scheme. The scheme as you will implement in the code will work on 4bit numbers. You will find more details for your task in the skeleton code. ex2a_skeleton.txt

Easy right? I have encrypted 5 numbers and stored the ciphers in this file. Can you decrypt them with the function you implemented before?

ex2b.txt

Just for fun: Do these numbers have a meaning? Maybe they form a word?

In this exercise we will get a taste of one of the most exciting future application of post quantum algorithms, Homomorphic Encryption. You will have to perform the bitwise addition of two numbers (basically xor-ing two numbers). The catch? You can perform this operation on the cipher text and then decrypt!

To do that just take two 4bit numbers that you want to xor, for example 10 and 5 and encrypt them. Before decrypting you just have to take the obtained ciphers(two (u, v) pairs) and just add them (i.e. (u1 + u2, v1 + v2)). For convenience, you can use if you want the functions provided in the file below.

xor_then_decrypt_bit.txt

Test it on some examples to see if is working properly!

If you want to fully experience this new “power” of homomorphic encryption you can play with this nice application of searching in an encrypted database without decrypting. Just follow the explained steps from the link. Try searching for Romania! https://github.com/IBM/fhe-toolkit-linux/blob/master/GettingStarted.md