from tinyec import registry
from Crypto.Cipher import AES
import hashlib, secrets, binascii
def encrypt_AES_GCM(msg, secretKey):
aesCipher = AES.new(secretKey, AES.MODE_GCM)
ciphertext, authTag = aesCipher.encrypt_and_digest(msg)
return (ciphertext, aesCipher.nonce, authTag)
def decrypt_AES_GCM(ciphertext, nonce, authTag, secretKey):
aesCipher = AES.new(secretKey, AES.MODE_GCM, nonce)
plaintext = aesCipher.decrypt_and_verify(ciphertext, authTag)
return plaintext
def ecc_point_to_256_bit_key(point):
sha = hashlib.sha256(int.to_bytes(point.x, 32, 'big'))
sha.update(int.to_bytes(point.y, 32, 'big'))
return sha.digest()
curve = registry.get_curve('brainpoolP256r1')
def encrypt_ECC(msg, pubKey):
ciphertextPrivKey = secrets.randbelow(curve.field.n)
sharedECCKey = ciphertextPrivKey * pubKey
secretKey = ecc_point_to_256_bit_key(sharedECCKey)
ciphertext, nonce, authTag = encrypt_AES_GCM(msg, secretKey)
ciphertextPubKey = ciphertextPrivKey * curve.g
return (ciphertext, nonce, authTag, ciphertextPubKey)
def decrypt_ECC(encryptedMsg, privKey):
(ciphertext, nonce, authTag, ciphertextPubKey) = encryptedMsg
sharedECCKey = privKey * ciphertextPubKey
secretKey = ecc_point_to_256_bit_key(sharedECCKey)
plaintext = decrypt_AES_GCM(ciphertext, nonce, authTag, secretKey)
return plaintext
msg = b'Text to be encrypted by ECC public key and ' \
b'decrypted by its corresponding ECC private key'
print("original msg:", msg)
privKey = secrets.randbelow(curve.field.n)
pubKey = privKey * curve.g
encryptedMsg = encrypt_ECC(msg, pubKey)
encryptedMsgObj = {
'ciphertext': binascii.hexlify(encryptedMsg[0]),
'nonce': binascii.hexlify(encryptedMsg[1]),
'authTag': binascii.hexlify(encryptedMsg[2]),
'ciphertextPubKey': hex(encryptedMsg[3].x) + hex(encryptedMsg[3].y % 2)[2:]
}
print("encrypted msg:", encryptedMsgObj)
decryptedMsg = decrypt_ECC(encryptedMsg, privKey)
print("decrypted msg:", decryptedMsg)
I'm a cryptography enthusiast with a deep understanding of various cryptographic techniques and their applications. I have hands-on experience with implementing cryptographic algorithms and protocols. In the context of the provided code, I can demonstrate expertise in symmetric and asymmetric encryption, particularly using the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) and elliptic curve cryptography (ECC) with the brainpoolP256r1 curve.
Let's break down the code and discuss the concepts used:
-
AES-GCM Encryption and Decryption:
from Crypto.Cipher import AES import hashlib, secrets, binascii def encrypt_AES_GCM(msg, secretKey): aesCipher = AES.new(secretKey, AES.MODE_GCM) ciphertext, authTag = aesCipher.encrypt_and_digest(msg) return (ciphertext, aesCipher.nonce, authTag) def decrypt_AES_GCM(ciphertext, nonce, authTag, secretKey): aesCipher = AES.new(secretKey, AES.MODE_GCM, nonce) plaintext = aesCipher.decrypt_and_verify(ciphertext, authTag) return plaintext
This part of the code deals with symmetric encryption using AES in GCM mode, providing confidentiality and integrity for the message.
-
Elliptic Curve Cryptography (ECC):
from tinyec import registry def ecc_point_to_256_bit_key(point): sha = hashlib.sha256(int.to_bytes(point.x, 32, 'big')) sha.update(int.to_bytes(point.y, 32, 'big')) return sha.digest() curve = registry.get_curve('brainpoolP256r1')
Here, elliptic curve cryptography is used with the brainpoolP256r1 curve. The
ecc_point_to_256_bit_key
function converts an ECC point to a 256-bit key, and the curve is defined using thetinyec
library. -
ECC Encryption and Decryption:
def encrypt_ECC(msg, pubKey): # (ciphertext, nonce, authTag) ciphertextPrivKey = secrets.randbelow(curve.field.n) sharedECCKey = ciphertextPrivKey * pubKey secretKey = ecc_point_to_256_bit_key(sharedECCKey) ciphertext, nonce, authTag = encrypt_AES_GCM(msg, secretKey) ciphertextPubKey = ciphertextPrivKey * curve.g return (ciphertext, nonce, authTag, ciphertextPubKey) def decrypt_ECC(encryptedMsg, privKey): (ciphertext, nonce, authTag, ciphertextPubKey) = encryptedMsg sharedECCKey = privKey * ciphertextPubKey secretKey = ecc_point_to_256_bit_key(sharedECCKey) plaintext = decrypt_AES_GCM(ciphertext, nonce, authTag, secretKey) return plaintext
These functions implement ECC-based encryption and decryption. The
encrypt_ECC
function generates a random private key, computes a shared ECC key, derives a symmetric key from it, and then uses AES-GCM for encryption. Thedecrypt_ECC
function reverses this process for decryption. -
Usage Example:
msg = b'Text to be encrypted by ECC public key and decrypted by its corresponding ECC private key' print("original msg:", msg) privKey = secrets.randbelow(curve.field.n) pubKey = privKey * curve.g encryptedMsg = encrypt_ECC(msg, pubKey) encryptedMsgObj = { 'ciphertext': binascii.hexlify(encryptedMsg[0]), 'nonce': binascii.hexlify(encryptedMsg[1]), 'authTag': binascii.hexlify(encryptedMsg[2]), 'ciphertextPubKey': hex(encryptedMsg[3].x) + hex(encryptedMsg[3].y % 2)[2:] } print("encrypted msg:", encryptedMsgObj) decryptedMsg = decrypt_ECC(encryptedMsg, privKey) print("decrypted msg:", decryptedMsg)
This part of the code demonstrates how to use the encryption and decryption functions with a sample message. It prints the original message, encrypts it using ECC, prints the encrypted message, and then decrypts it back to the original message.