There is no required VM for this project. All that is required is a Python development environment. Make certain that you are using Python 3. To check your version of Python, open a command prompt and run the command:
python –version (You may need to use the python3 command instead.)
For the established algorithms that you may find it necessary to use, you are allowed to reference and implement pseudocode with citation (a comment in your code will suffice). What is Pseudocode? https://en.wikipedia.org/wiki/Pseudocode
UNDER NO CIRCUMSTANCES should you copy/paste code into the project. Doing so is an honor code violation (not to mention a real world security concern) and will result in a zero (refer to the syllabus for more information).
You will complete the provided Python file project_cryptography.py and submit it to the autograder in Gradescope.
https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/RSA_Cryptography/ 1/2 3/23/25, 7:50 AM Cryptography | CS 6035
For each task we have provided prompts for further discussions. There will be threads created in Ed where students can discuss these topics. Participation is optional and will not be graded.
Good luck!
TABLE OF CONTENTS
Disclaimer: You are responsible for the information on this website. The content is subject to change at any time. © 2024 Georgia Institute of Technology. All rights reserved.
https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/RSA_Cryptography/ 2/2
Projects / Cryptography / Introduction
Project Files
You can download project files in Canvas/Assignments/Cryptography.
Important Notes:
Provided Code:
All necessary starter code and unit tests for each task is located in the corresponding folder in the provided zip file.
Python Packages:
pip install pycryptodome
Unit Tests:
For each task you are also given a unit test file (it starts with test_)to help you develop and test your code. We encourage you to read up on Python unit tests, but in general, the syntax should resemble either: python -m unittest test_task_rsa_encrypt_message
or:
https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/RSA-Cryptography/Intro 1/2 3/23/25, 7:47 AM Introduction | CS 6035
python test_task_rsa_encrypt_message.py
However, keep in mind that passing the unit test(s) does NOT guarantee that your code will pass the autograder!
https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/RSA-Cryptography/Intro 2/2
3/23/25, 7:48 AM Task 2: RSA Warmup | CS 6035
Projects / Cryptography / Task 2: RSA Warmup
Now that we’ve reviewed a symmetric key cryptographic algorithm, we can move on to the world of asymmetric key cryptography. RSA is perhaps the best known example of asymmetric cryptography.
In RSA, the public key is a pair of integers (N, e), and the private key is an integer d.
To encrypt integer m with public key (N, e), we use the formula:
To decrypt cipher integer c with private key d, we use the formula
In this task you will write the code to perform the encryption and decryption steps for the RSA cryptographic algorithm. Finally, you will write the code necessary to calculate the private key d when given the factors of the public key N (i.e. p and q).
def rsa_decrypt_cipher(n: int, d: int, c: int) -> int: # TODO: Write the necessary code to get the message (m) from the cipher (c) m = 0 return m
def rsa_encrypt_message(m: int, e: int, n: int) -> int: # TODO: Write the necessary code to get the cipher (c) from the message (m) c = 0 return c
def rsa_calculate_private_key(e: int, p: int, q: int) -> int: # TODO: Write the necessary code to get the private key d from # the public exponent e and the factors p and q d = 0 return d
https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/RSA_Cryptography/RSA_warmup.html 1/2 3/23/25, 7:48 AM Task 2: RSA Warmup | CS 6035
You will write your code in the specified function stub(s) found in the provided project_cryptography.py file. When ready, submit this file to the Project Cryptography autograder in Gradescope.
Did you try to decrypt a cipher by using a line of Python code something like this: m = c ** d % n?
Did it work? (Hint: It did not.) Why not? After all, the math is correct.
3/23/25, 7:49 AM Task 3: Factor 64-bit Key | CS 6035
Projects / Cryptography / Task 3: Factor 64-bit Key
Modern day RSA keys are sufficiently large that it is impossible for attackers to traverse the entire key space with limited resources. But in this task, you’re given a unique set of RSA public keys with a relatively small key size (64 bits).
Your goal is to get the factors (p and q) of each key. You can use whatever methodology you want. Your only deliverable is a formatted json file containing p and q. To get your unique set of keys, you must update the task.py file located in the task folder with your 9-digit GT ID, and then run it. Find the section below in the provided task_factor_64_bit_key.py file:
############################################## # Change this to your 9-digit Georgia Tech ID!
STUDENT_ID = ‘123456789’
##############################################
Running the command “python task_factor_64_bit_key.py” should output your assigned keys. Once you’ve calculated your p and q values, enter them into the function stub for this task. NOTE: It doesn’t matter which value you specify as p and which value you specify as q.
def rsa_factor_64_bit_key() -> typing.Dict[str, typing.Dict[str, int]]:
return { ‘test_1’: {
‘p’: 0,
‘q’: 1
},
‘test_2’: {
‘p’: 0,
‘q’: 1
},
‘test_3’: {
‘p’: 0,
‘q’: 1
},
https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/RSA_Cryptography/RSA_factor_64_bit_key.html 1/2 3/23/25, 7:49 AM Task 3: Factor 64-bit Key | CS 6035
‘test_4’: {
‘p’: 0,
‘q’: 1
},
‘test_5’: {
‘p’: 0,
‘q’: 1
}
}
You will write your code in the specified function stub(s) found in the provided project_cryptography.py file. When ready, submit this file to the Project Cryptography autograder in Gradescope.
If 64-bit keys aren’t safe, then what size is appropriate? Is there a trade-off between size and performance?
Task 4: Weak Key Attack | CS 6035
Projects / Cryptography / Task 4: Weak Key Attack
Read the paper “Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices”, which can be found at: https://factorable.net/weakkeys12.extended.pdf. The essay is essential to understanding this task. Do not skip it, do not skim it, read the whole of it.
You are given a unique RSA public key, but the RNG (random number generator) used in the key generation suffers from a vulnerability described in the paper above. In addition, you are given a list of public keys that were generated by the same RNG on the same system. Your goal is to write the code to get the unique private key (d) from your given public key (N, e) using only this provided information.
def rsa_weak_key_attack(given_public_key_N: int, given_public_key_e: int, public_key_list: typing.List[int # TODO: Write the necessary code to retrieve the private key d from the given public # key (N, e) using only the list of public keys generated using the same flawed RNG d = 0 return d
You will write your code in the specified function stub(s) found in the provided project_cryptography.py file. When ready, submit this file to the Project Cryptography autograder in Gradescope.
Have you ever heard the saying, “Never roll your own crypto?” What are some ways (besides this particular attack – we don’t want you to give too much away) that doing so can cause unintended problems? Can you point to any specific examples or known exploits?
Task 5: Broadcast Attack | CS 6035
Projects / Cryptography / Task 5: Broadcast Attack
A message was encrypted with three different 1,024-bit RSA public keys N_1, N_2, and N_3, resulting in three different ciphers c_1, c_2, and c_3. All of them have the same public exponent e = 3.
You are given the three pairs of public keys and associated ciphers. Your job is to write the code to recover the original message.
def rsa_broadcast_attack(N_1: int, c_1: int, N_2: int, c_2: int, N_3: int, c_3: int) -> int: # TODO: Write the necessary code to retrieve the decrypted message
# (m) using three different ciphers (c_1, c_2, and c_3) created # using three different public key N’s (N_1, N_2, and N_3)
m = 0
return m
You will write your code in the specified function stub(s) found in the provided project_cryptography.py file. When ready, submit this file to the Project Cryptography autograder in Gradescope.
In addition to the low public exponent being used, this attack is possible because a textbook implementation of RSA is being used. In the real world, there are common mitigating tactics used.
What are some examples? Why else are they important?
Task 6: Parity Attack | CS 6035
Projects / Cryptography / Task 6: Parity Attack
By now you have seen that RSA treats messages and ciphers as ordinary integers. This means that you can perform arbitrary math with them. And in certain situations a resourceful hacker can use this to his or her advantage. This task demonstrates one of those situations.
Along with an encrypted message (c), you are given a special function that you can call – a parity oracle. This function will accept any integer value that you send to it and decrypt it with the private key corresponding to the public key that was used to encrypt the given cipher (c). The return value of the function will indicate whether this decrypted value is even (true) or odd (false). Armed with this function and a little modular arithmetic, it is possible to crack the encrypted message. Your goal is to write the code necessary to decrypt the original message (m) from the given cipher (c).
def rsa_parity_oracle_attack(c: int, N: int, e: int, oracle: Callable[[int], bool]) -> str: # TODO: Write the necessary code to get the plaintext message
# from the cipher (c) using the public key (N, e) and an oracle # function – oracle(chosen_c) that will give you the parity
# of the decrypted value of a chosen cipher #(chosen_c) value using the hidden private key (d)
m = 42
# Transform the integer value of the message into a human readable form message = bytes.fromhex(hex(int(m_int)).rstrip(‘L’)[2:]).decode(‘utf-8’)
return message
You will write your code in the specified function stub(s) found in the provided project_cryptography.py file. When ready, submit this file to the Project Cryptography autograder in Gradescope.
https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/RSA_Cryptography/RSA_parity_oracle_attack.html 1/2 3/23/25, 7:49 AM Task 6: Parity Attack | CS 6035
This task is a simplified example, but can you see how some potentially useful information may be inadvertently leaked by something (i.e. a protocol)? Can you find any examples?
Projects / Cryptography / Task 7: Padding Attack
The Advanced Encryption Standard (AES) is a set of standards for encryption set by the U.S. National Institute of Standards and Technology. One of these standards is the Cipher Block Chaining (CBC).
CBC uses a fixed length set of bits known as a block, a unique binary sequence known as an Initialization Vector (IV), and a key. The encryption is accomplished in the following sequence.
The chaining part comes into play when encrypting multiple blocks. When working on the next block you follow similar steps with one main difference.
The formula is as follows:
Decryption works in reverse.
The formula is as follows:
For this task we will be working with an attack known as the padding oracle attack. The padding oracle works under the idea that the server is leaking information about the padding. With this information it is possible to both decrypt and encrypt messages.
For this one section of the assignment you will be asked to use a library outside of the standard. In this task you will use the pycryptodome library. This can be manually downloaded from this link https://github.com/Legrandin/pycryptodome. Alternatively it can be downloaded through pip with the following command: pip install pycryptodome
This task will be the only outside library used.
The first 2 steps of this extra credit will be using a simplified version of padding. In a real world application blocks will be in bits and will typically use x00 or something similar depending on what standard is being used.
Step 1 of this task is to write a function that can encrypt a short message. You may use pycryptodome’s built in encrypt function, however you must build the padding yourself.
def cbc_encrypt_128(key: bytes, IV: bytes, m: str) -> str: # TODO: Write the necessary code to encrypt the message
# (m) using the provided key and IV # the necessary block length is 128 bits
# pad with the byte ‘x00’ # Do Not modify code above this line # Code Below Here c = 0 return b64encode(c).decode(“utf-8”)
Step 2 of this task is to write a function that can decrypt a short message. You may use pycryptodome’s built in decrypt function.
def cbc_decrypt_128(key: bytes, IV: bytes, c: bytes) -> str: # TODO: Write the necessary code to decrypt the cipher
# (c) using the provided key and IV # Do Not modify code above this line # Code Below Here m = 0 return m
Step 3 of this task is to write one of the core functions of an oracle which will test if the padding follows pkcs guidelines. This check is often the information that the oracle can leak. For this task you must assume that there will always be at least 1 byte of padding, but there does not always have to be a message attached.
def check_padding(padding) -> bool: # TODO: Write the necessary code to check # if the padding matches PKCS standards is_pkcs_padded = “This variable should be a bool value”
return is_pkcs_padded
These steps can all be tested using the test_task_cbc_ python files. You can do so with the following commands:
python test_task_cbc_decrypt.py python test_task_cbc_encrypt.py python test_task_cbc_pkcs.py
https://en.wikipedia.org/wiki/Padding_oracle_attack https://www.pycryptodome.org/
You will write your code in the specified function stub(s) found in the provided project_cryptography.py file. When ready, submit this file to the Project Cryptography autograder in Gradescope.
Reviews
There are no reviews yet.