Cryptography in Grapa
Overview
Grapa provides comprehensive cryptographic capabilities through OpenSSL integration and custom implementations. All cryptographic functions are designed for production use with industry-standard security.
Security Foundation
- OpenSSL Integration: Core functions use OpenSSL's battle-tested cryptographic primitives
- Industry Standards: Implements NIST-approved algorithms and security practices
- Unlimited Precision: Handles arbitrarily large numbers for cryptographic operations
- Production Ready: Prime generation and primality testing use OpenSSL's
BN_generate_prime_ex()andBN_is_prime_ex()
Prime Number Operations
Generating Prime Numbers
/* Generate a random 256-bit prime */
prime = 256.genprime();
("Generated prime: " + prime.str() + "\n").echo();
/* Generate a safe prime (p-1)/2 is also prime) */
safe_prime = 256.genprime(1);
("Safe prime: " + safe_prime.str() + "\n").echo();
/* Get a predefined prime for testing (specific bit sizes only) */
test_prime = 256.staticprime();
("Test prime: " + test_prime.str() + "\n").echo();
Available staticprime() bit sizes: 2, 3, 4, 256, 512, 768, 1024, 1536, 2048, 3072, 4096
Testing Primality
/* Test if a number is prime */
is_prime = 17.isprime();
("Is 17 prime? " + is_prime.str() + "\n").echo();
/* Test with higher confidence (default is 64) */
is_prime = 17.isprime(100);
("Is 17 prime with confidence 100? " + is_prime.str() + "\n").echo();
/* Test large numbers */
large_number = 123456789012345678901234567890123456789;
is_large_prime = large_number.isprime();
("Is large number prime? " + is_large_prime.str() + "\n").echo();
Modular Arithmetic
Modular Exponentiation
/* Calculate base^exponent mod modulus */
base = 7;
exponent = 13;
modulus = 11;
result = base.modpow(exponent, modulus);
("7^13 mod 11 = " + result.str() + "\n").echo();
/* Large number example */
large_base = 123456789;
large_exponent = 987654321;
large_modulus = 1000000007;
large_result = large_base.modpow(large_exponent, large_modulus);
("Large modpow result: " + large_result.str() + "\n").echo();
Modular Multiplicative Inverse
/* Find modular inverse: (value * inverse) mod modulus = 1 */
value = 3;
modulus = 11;
inverse = value.modinv(modulus);
("Modular inverse of 3 mod 11: " + inverse.str() + "\n").echo();
("Verification: " + ((value * inverse) % modulus).str() + "\n").echo();
/* Large number example */
large_value = 123456789;
large_modulus = 1000000007;
large_inverse = large_value.modinv(large_modulus);
("Large modular inverse: " + large_inverse.str() + "\n").echo();
Greatest Common Divisor
/* Find GCD of two numbers */
a = 48;
b = 18;
gcd_result = a.gcd(b);
("GCD of 48 and 18: " + gcd_result.str() + "\n").echo();
/* Large number example */
large_a = 123456789012345678901234567890;
large_b = 987654321098765432109876543210;
large_gcd = large_a.gcd(large_b);
("Large GCD: " + large_gcd.str() + "\n").echo();
Hash Functions
SHA3 Family
/* SHA3 hash functions */
data = "Hello, Grapa!";
sha3_224 = data.encode("SHA3-224");
sha3_256 = data.encode("SHA3-256");
sha3_384 = data.encode("SHA3-384");
sha3_512 = data.encode("SHA3-512");
("SHA3-224: " + sha3_224.hex() + "\n").echo();
("SHA3-256: " + sha3_256.hex() + "\n").echo();
("SHA3-384: " + sha3_384.hex() + "\n").echo();
("SHA3-512: " + sha3_512.hex() + "\n").echo();
SHAKE Functions
/* SHAKE hash functions */
data = "Hello, Grapa!";
shake128 = data.encode("SHAKE128");
shake256 = data.encode("SHAKE256");
("SHAKE128: " + shake128.hex() + "\n").echo();
("SHAKE256: " + shake256.hex() + "\n").echo();
Hash Function Output Sizes
| Function | Output Size |
|---|---|
| SHA3-224 | 28 bytes (224 bits) |
| SHA3-256 | 32 bytes (256 bits) |
| SHA3-384 | 48 bytes (384 bits) |
| SHA3-512 | 64 bytes (512 bits) |
| SHAKE128 | 32 bytes (256 bits) default |
| SHAKE256 | 64 bytes (512 bits) default |
Data Conversion
Format Conversion
/* Convert between formats */
data = "Hello, Grapa!";
raw_bytes = data.raw();
hex_string = data.hex();
binary_string = data.bin();
unsigned_int = data.uint();
("Raw bytes: " + raw_bytes.str() + "\n").echo();
("Hex string: " + hex_string + "\n").echo();
("Binary string: " + binary_string + "\n").echo();
("Unsigned int: " + unsigned_int.str() + "\n").echo();
Case Conversion
/* Convert case for consistent comparison */
data = "Hello, Grapa!";
lowercase = data.lower();
uppercase = data.upper();
("Lowercase: " + lowercase + "\n").echo();
("Uppercase: " + uppercase + "\n").echo();
Practical Examples
RSA Cryptography
/* Generate RSA keys using Grapa's prime functions */
generate_rsa_keys = op(bits) {
/* Generate two large primes */
p = bits.genprime();
q = bits.genprime();
/* Calculate modulus and Euler's totient */
n = p * q;
phi = (p - 1) * (q - 1);
/* Choose public exponent (common choice) */
e = 65537;
/* Calculate private exponent */
d = e.modinv(phi);
/* Return key pair */
{
"public_key": {"n": n, "e": e},
"private_key": {"n": n, "d": d},
"p": p,
"q": q
};
};
/* RSA encryption */
rsa_encrypt = op(message, public_key) {
message.modpow(public_key.get("e"), public_key.get("n"));
};
/* RSA decryption */
rsa_decrypt = op(ciphertext, private_key) {
ciphertext.modpow(private_key.get("d"), private_key.get("n"));
};
/* Example usage */
keys = generate_rsa_keys(512);
message = 12345;
encrypted = rsa_encrypt(message, keys.get("public_key"));
decrypted = rsa_decrypt(encrypted, keys.get("private_key"));
("Original message: " + message.str() + "\n").echo();
("Encrypted: " + encrypted.str() + "\n").echo();
("Decrypted: " + decrypted.str() + "\n").echo();
("Success: " + (message == decrypted).str() + "\n").echo();
Diffie-Hellman Key Exchange
/* Diffie-Hellman key exchange */
diffie_hellman_exchange = op() {
/* Use a known safe prime and generator */
p = 256.staticprime(); /* Large prime */
g = 2; /* Generator */
/* Alice's private key (random) */
alice_private = $random().genbits(256);
alice_public = g.modpow(alice_private, p);
/* Bob's private key (random) */
bob_private = $random().genbits(256);
bob_public = g.modpow(bob_private, p);
/* Shared secret calculation */
shared_secret_alice = bob_public.modpow(alice_private, p);
shared_secret_bob = alice_public.modpow(bob_private, p);
/* Verify both parties get the same secret */
success = shared_secret_alice == shared_secret_bob;
{
"p": p,
"g": g,
"alice_private": alice_private,
"alice_public": alice_public,
"bob_private": bob_private,
"bob_public": bob_public,
"shared_secret": shared_secret_alice,
"success": success
};
};
/* Run the exchange */
result = diffie_hellman_exchange();
("Diffie-Hellman Exchange Result:\n").echo();
("Shared secret: " + result.get("shared_secret").str() + "\n").echo();
("Exchange successful: " + result.get("success").str() + "\n").echo();
Digital Signatures
/* Simple digital signature using hash functions */
create_signature = op(message, private_key) {
/* Hash the message */
message_hash = message.encode("SHA3-256");
/* Sign the hash using private key */
signature = message_hash.modpow(private_key.get("d"), private_key.get("n"));
signature;
};
verify_signature = op(message, signature, public_key) {
/* Hash the message */
message_hash = message.encode("SHA3-256");
/* Verify signature using public key */
recovered_hash = signature.modpow(public_key.get("e"), public_key.get("n"));
/* Compare hashes */
message_hash == recovered_hash;
};
/* Example usage */
keys = generate_rsa_keys(512);
message = "Hello, Grapa!";
signature = create_signature(message, keys.get("private_key"));
is_valid = verify_signature(message, signature, keys.get("public_key"));
("Message: " + message + "\n").echo();
("Signature: " + signature.str() + "\n").echo();
("Signature valid: " + is_valid.str() + "\n").echo();
Data Integrity Verification
/* Hash data for integrity verification */
hash_data = op(data) {
{
"sha3_224": data.encode("SHA3-224").hex(),
"sha3_256": data.encode("SHA3-256").hex(),
"sha3_384": data.encode("SHA3-384").hex(),
"sha3_512": data.encode("SHA3-512").hex(),
"shake128": data.encode("SHAKE128").hex(),
"shake256": data.encode("SHAKE256").hex()
};
};
/* Verify data integrity */
verify_integrity = op(data, expected_hash) {
actual_hash = data.encode("SHA3-256").hex().lower();
expected_hash.lower() == actual_hash;
};
/* Example usage */
data = "Important data that must not be tampered with";
hashes = hash_data(data);
("Data hashes:\n").echo();
("SHA3-256: " + hashes.get("sha3_256") + "\n").echo();
/* Later, verify integrity */
is_intact = verify_integrity(data, hashes.get("sha3_256"));
("Data integrity verified: " + is_intact.str() + "\n").echo();
Password Hashing
/* Simple password hashing with salt */
hash_password = op(password, salt) {
/* Combine password and salt */
combined = password + salt;
/* Hash multiple times for security */
hash1 = combined.encode("SHA3-256");
hash2 = hash1.encode("SHA3-256");
hash3 = hash2.encode("SHA3-256");
hash3.hex();
};
/* Verify password */
verify_password = op(password, salt, stored_hash) {
computed_hash = hash_password(password, salt);
computed_hash.lower() == stored_hash.lower();
};
/* Example usage */
password = "mysecretpassword";
salt = "randomsalt123";
stored_hash = hash_password(password, salt);
("Stored hash: " + stored_hash + "\n").echo();
/* Verify later */
is_correct = verify_password(password, salt, stored_hash);
("Password correct: " + is_correct.str() + "\n").echo();
Security Best Practices
Key Generation
/* Generate secure keys */
generate_secure_keys = op() {
/* Use sufficient key sizes */
p = 1024.genprime(1); /* Safe prime */
q = 1024.genprime(1); /* Safe prime */
/* Verify primality */
p_prime = p.isprime(100);
q_prime = q.isprime(100);
/* Generate fresh random primes */
{
"p": p,
"q": q,
"p_is_prime": p_prime,
"q_is_prime": q_prime,
"key_size_bits": (p.bitCount() + q.bitCount())
};
};
Hash Function Best Practices
/* Secure hash comparison */
secure_hash_compare = op(hash1, hash2) {
/* Use constant-time comparison to prevent timing attacks */
hash1.lower() == hash2.lower();
};
/* Hash with salt for passwords */
secure_password_hash = op(password, salt) {
/* Use multiple rounds */
combined = password + salt;
hash = combined.encode("SHA3-256");
/* Multiple iterations */
hash = hash.encode("SHA3-256");
hash = hash.encode("SHA3-256");
hash.hex();
};
Input Validation
/* Validate cryptographic inputs */
validate_crypto_inputs = op(value, modulus) {
/* Check for valid parameters */
if (value <= 0) {
return "Error: Value must be positive";
}
if (modulus <= 1) {
return "Error: Modulus must be greater than 1";
}
if (value >= modulus) {
return "Error: Value must be less than modulus";
}
"Valid";
};
/* Safe modular inverse */
safe_modinv = op(value, modulus) {
validation = validate_crypto_inputs(value, modulus);
if (validation != "Valid") {
return validation;
}
/* Check if inverse exists */
gcd_result = value.gcd(modulus);
if (gcd_result != 1) {
return "Error: Modular inverse does not exist";
}
value.modinv(modulus);
};
Performance Considerations
Large Number Operations
/* Benchmark prime generation */
benchmark_prime_gen = op(bits) {
start_time = $time();
prime = bits.genprime();
end_time = $time();
{
"bits": bits,
"prime": prime,
"time_seconds": end_time - start_time
};
};
/* Test different bit sizes */
sizes = [128, 256, 512, 1024];
sizes.range().each(op(i) {
result = benchmark_prime_gen(sizes.get(i));
("Bits: " + result.get("bits").str() + " Time: " + result.get("time_seconds").str() + " seconds\n").echo();
});
Memory Usage
/* Monitor memory usage for large operations */
large_operation = op() {
/* Large prime generation */
large_prime = 2048.genprime();
/* Large modular exponentiation */
base = 123456789;
exponent = large_prime - 1;
modulus = large_prime;
result = base.modpow(exponent, modulus);
"Large operation completed";
};
Error Handling
Common Errors and Solutions
/* Handle common cryptographic errors */
safe_crypto_operation = op(operation, params) {
try {
/* Attempt the operation */
if (operation == "modinv") {
params.get("value").modinv(params.get("modulus"));
} else if (operation == "modpow") {
params.get("base").modpow(params.get("exponent"), params.get("modulus"));
} else if (operation == "genprime") {
params.get("bits").genprime();
} else {
"Error: Unknown operation";
}
} catch (error) {
"Error: " + error;
}
};
/* Example usage */
result1 = safe_crypto_operation("modinv", {"value": 3, "modulus": 11});
result2 = safe_crypto_operation("modinv", {"value": 3, "modulus": 0}); /* Invalid */
("Valid operation: " + result1 + "\n").echo();
("Invalid operation: " + result2 + "\n").echo();
OpenSSL Integration
Benefits
- Industry Standard: Uses OpenSSL's
BN_generate_prime_ex()andBN_is_prime_ex() - Security Audited: OpenSSL is extensively tested and audited
- High Performance: Optimized C implementations
- Regular Updates: Security patches and improvements
Functions Using OpenSSL
| Grapa Function | OpenSSL Function | Purpose |
|---|---|---|
genprime() | BN_generate_prime_ex() | Generate random primes |
isprime() | BN_is_prime_ex() | Test primality |
| All modular arithmetic | OpenSSL BIGNUM | Large number operations |
References
- OpenSSL Documentation
- NIST Cryptographic Standards
- RFC 8017 - RSA Cryptography
- SHA3 Standard
- Diffie-Hellman Key Exchange
Examples Summary
This documentation provides comprehensive examples for:
- Prime Number Operations: Generation and testing
- Modular Arithmetic: Exponentiation, inverse, GCD
- Hash Functions: SHA3 and SHAKE families
- RSA Cryptography: Key generation, encryption, decryption
- Diffie-Hellman: Key exchange protocol
- Digital Signatures: Message signing and verification
- Data Integrity: Hash-based verification
- Password Security: Hashing with salt
- Security Best Practices: Input validation, secure comparisons
- Performance: Benchmarking and optimization
- Error Handling: Robust error management
All examples are production-ready and use industry-standard cryptographic practices with OpenSSL integration.