PyPI - transcrypto - Versions diffs - 1.2.0__py3-none-any.whl → 1.3.0__py3-none-any.whl - Mend

transcrypto 1.2.0py3-none-any.whl → 1.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

transcrypto/base.py +1 -1
transcrypto/dsa.py +91 -48
transcrypto/elgamal.py +14 -13
transcrypto/modmath.py +487 -40
transcrypto/rsa.py +17 -17
transcrypto/sss.py +1 -3
transcrypto/transcrypto.py +42 -27
{transcrypto-1.2.0.dist-info → transcrypto-1.3.0.dist-info}/METADATA +72 -25
transcrypto-1.3.0.dist-info/RECORD +15 -0
transcrypto-1.2.0.dist-info/RECORD +0 -15
{transcrypto-1.2.0.dist-info → transcrypto-1.3.0.dist-info}/WHEEL +0 -0
{transcrypto-1.2.0.dist-info → transcrypto-1.3.0.dist-info}/licenses/LICENSE +0 -0
{transcrypto-1.2.0.dist-info → transcrypto-1.3.0.dist-info}/top_level.txt +0 -0

transcrypto/base.py CHANGED Viewed

@@ -23,7 +23,7 @@ from typing import Any, Callable, final, MutableSequence, Protocol, runtime_chec
 import zstandard
 __author__ = 'balparda@github.com'
-__version__ = '1.2.0'  # 2025-09-05, Fri
+__version__ = '1.3.0'  # 2025-09-07, Sun
 __version_tuple__: tuple[int, ...] = tuple(int(v) for v in __version__.split('.'))
 # MIN_TM = int(  # minimum allowed timestamp

transcrypto/dsa.py CHANGED Viewed

@@ -12,11 +12,16 @@ In the future we will design a proper DSA+Hash implementation.
 from __future__ import annotations
+import concurrent.futures
 import dataclasses
 import logging
+import multiprocessing
+import os
 # import pdb
 from typing import Self
+import gmpy2  # type:ignore
 from . import base, modmath
 __author__ = 'balparda@github.com'
@@ -24,14 +29,14 @@ __version__: str = base.__version__  # version comes from base!
 __version_tuple__: tuple[int, ...] = base.__version_tuple__
-_PRIME_MULTIPLE_SEARCH = 4096  # how many multiples of q to try before restarting
 _MAX_KEY_GENERATION_FAILURES = 15
 # fixed prefixes: do NOT ever change! will break all encryption and signature schemes
 _DSA_SIGNATURE_HASH_PREFIX = b'transcrypto.DSA.Signature.1.0\x00'
-def NBitRandomDSAPrimes(p_bits: int, q_bits: int, /) -> tuple[int, int, int]:
+def NBitRandomDSAPrimes(
+    p_bits: int, q_bits: int, /, *, serial: bool = True) -> tuple[int, int, int]:
   """Generates 2 random DSA primes p & q with `x_bits` size and (p-1)%q==0.
   Uses an aggressive small-prime wheel sieve:
@@ -41,10 +46,15 @@ def NBitRandomDSAPrimes(p_bits: int, q_bits: int, /) -> tuple[int, int, int]:
     m_forbidden ≡ -q⁻¹ (mod r) (because (m·q + 1) % r == 0 ⇔ m ≡ -q⁻¹ (mod r))
   • When we iterate m, we skip values that hit any forbidden residue class.
+  Method will decide if executes on one thread or many.
   Args:
     p_bits (int): Number of guaranteed bits in `p` prime representation,
         p_bits ≥ q_bits + 11
     q_bits (int): Number of guaranteed bits in `q` prime representation, ≥ 11
+    serial (bool, optional): True (default) will force one thread; False will allow parallelism;
+       we have temporarily disabled parallelism with a default of True because it is not making
+       things faster...
   Returns:
     random primes tuple (p, q, m), with p-1 a random multiple m of q, such
@@ -59,14 +69,59 @@ def NBitRandomDSAPrimes(p_bits: int, q_bits: int, /) -> tuple[int, int, int]:
   if p_bits < q_bits + 11:
     raise base.InputError(f'invalid p_bits length: {p_bits=}')
   # make q
-  q: int = modmath.NBitRandomPrime(q_bits)
+  q: int = modmath.NBitRandomPrimes(q_bits).pop()
+  # get number of CPUs and decide if we do parallel or not
+  n_workers: int = min(4, os.cpu_count() or 1)
+  pr: int | None = None
+  m: int | None = None
+  if serial or n_workers <= 1 or p_bits < 200:
+    # do one worker
+    while pr is None or m is None or pr.bit_length() != p_bits:
+      pr, m = _PrimePSearchShard(q, p_bits)
+    return (pr, q, m)
+  # parallel: keep a small pool of bounded shards; stop on first hit
+  multiprocessing.set_start_method('fork', force=True)
+  with concurrent.futures.ProcessPoolExecutor(max_workers=n_workers) as pool:
+    workers: set[concurrent.futures.Future[tuple[int | None, int | None]]] = {
+        pool.submit(_PrimePSearchShard, q, p_bits) for _ in range(n_workers)}
+    while workers:
+      done: set[concurrent.futures.Future[tuple[int | None, int | None]]] = concurrent.futures.wait(
+          workers, return_when=concurrent.futures.FIRST_COMPLETED)[0]
+      for worker in done:
+        workers.remove(worker)
+        pr, m = worker.result()
+        if pr is not None and m is not None and pr.bit_length() == p_bits:
+          return (pr, q, m)
+        # no hit in that shard: keep the pool full with a fresh shard
+        workers.add(pool.submit(_PrimePSearchShard, q, p_bits))  # pragma: no cover
+  # can never reach this point, but leave this here; remove line from coverage
+  raise base.Error(f'could not find prime with {p_bits=}/{q_bits=} bits')  # pragma: no cover
+def _PrimePSearchShard(q: int, p_bits: int) -> tuple[int | None, int | None]:
+  """Search for a `p_bits` random prime, starting from a random point, for ~6× expected prime gap.
+  Args:
+    q (int): Prime `q` for DSA
+    p_bits (int): Number of guaranteed bits in prime `p` representation
+  Returns:
+    tuple[int | None, int | None]: either the prime `p` and multiple `m` or None if no prime found
+  """
+  q_bits: int = q.bit_length()
+  shard_len: int = max(2000, 6 * int(0.693 * p_bits))  # ~6× expected prime gap ~2^k (≈ 0.693*k)
+  # find range of multiples to use
+  min_p: int = 2 ** (p_bits - 1)
+  max_p: int = 2 ** p_bits - 1
+  min_m: int = min_p // q + 2
+  max_m: int = max_p // q - 2
+  assert max_m - min_m > 1000  # make sure we'll have options!
   # make list of small primes to use for sieving
   approx_q_root: int = 1 << (q_bits // 2)
-  forbidden: dict[int, int] = {}  # (modulus: forbidden residue)
-  for r in modmath.PrimeGenerator(3):
-    forbidden[r] = (-modmath.ModInv(q % r, r)) % r
-    if r > 100000 or r > approx_q_root:
-      break
+  pr: int
+  forbidden: dict[int, int] = {  # (modulus: forbidden residue)
+      pr: ((-modmath.ModInv(q % pr, pr)) % pr)
+      for pr in modmath.FIRST_5K_PRIMES_SORTED[1:min(5000, approx_q_root)]}  # skip pr==2
   def _PassesSieve(m: int) -> bool:
     for r, f in forbidden.items():
@@ -74,35 +129,23 @@ def NBitRandomDSAPrimes(p_bits: int, q_bits: int, /) -> tuple[int, int, int]:
         return False
     return True
-  # find range of multiples to use
-  min_p, max_p = 2 ** (p_bits - 1), 2 ** p_bits - 1
-  min_m, max_m = min_p // q + 2, max_p // q - 2
-  assert max_m - min_m > 1000  # make sure we'll have options!
-  # start searching from a random multiple
-  failures: int = 0
-  window: int = max(_PRIME_MULTIPLE_SEARCH, 2 * p_bits)
-  while True:
-    # try searching starting here
-    m: int = base.RandInt(min_m, max_m)
-    if m % 2:
-      m += 1  # make even
-    for _ in range(window):
-      p: int = q * m + 1
-      if p >= max_p:
-        break
-      # first do a quick sieve test
-      if not _PassesSieve(m):
-        m += 2
-        continue
-      # passed sieve, do full test
-      if modmath.IsPrime(p):
-        return (p, q, m)  # found a suitable prime set!
-      m += 2  # next multiple
-    # after _PRIME_MULTIPLE_SEARCH we declare this range failed
-    failures += 1
-    if failures >= _MAX_KEY_GENERATION_FAILURES:
-      raise base.CryptoError(f'failed primes generation {failures} times')
-    logging.warning(f'failed primes search: {failures}')
+  # try searching starting here
+  m: int = base.RandInt(min_m, max_m)
+  if m % 2:
+    m += 1  # make even
+  count: int = 0
+  pr = 0
+  while count < shard_len:
+    pr = q * m + 1
+    if pr > max_p:
+      break
+    # first do a quick sieve test
+    if _PassesSieve(m):
+      if modmath.IsPrime(pr):  # passed sieve, do full test
+        return (pr, m)  # found a suitable prime set!
+    count += 1
+    m += 2  # next even number
+  return (None, None)
 @dataclasses.dataclass(kw_only=True, slots=True, frozen=True, repr=False)
@@ -203,7 +246,7 @@ class DSASharedPublicKey(base.CryptoKey):
     g: int = 0
     while g < 2:
       h: int = base.RandBits(p_bits - 1)
-      g = modmath.ModExp(h, m, p)
+      g = int(gmpy2.powmod(h, m, p))  # type:ignore  # pylint:disable=no-member
     return cls(prime_modulus=p, prime_seed=q, group_base=g)
@@ -278,10 +321,10 @@ class DSAPublicKey(DSASharedPublicKey, base.Verifier):
       raise base.InputError(f'invalid signature: {signature=}')
     # verify
     inv: int = modmath.ModInv(signature[1], self.prime_seed)
-    a: int = modmath.ModExp(
-        self.group_base, (message * inv) % self.prime_seed, self.prime_modulus)
-    b: int = modmath.ModExp(
-        self.individual_base, (signature[0] * inv) % self.prime_seed, self.prime_modulus)
+    a: int = int(gmpy2.powmod(  # type:ignore  # pylint:disable=no-member
+        self.group_base, (message * inv) % self.prime_seed, self.prime_modulus))
+    b: int = int(gmpy2.powmod(  # type:ignore  # pylint:disable=no-member
+        self.individual_base, (signature[0] * inv) % self.prime_seed, self.prime_modulus))
     return ((a * b) % self.prime_modulus) % self.prime_seed == signature[0]
   def Verify(
@@ -353,8 +396,7 @@ class DSAPrivateKey(DSAPublicKey, base.Signer):  # pylint: disable=too-many-ance
     if (not 2 < self.decrypt_exp < self.prime_seed or
         self.decrypt_exp in (self.group_base, self.individual_base)):
       raise base.InputError(f'invalid decrypt_exp: {self}')
-    if modmath.ModExp(
-        self.group_base, self.decrypt_exp, self.prime_modulus) != self.individual_base:
+    if gmpy2.powmod(self.group_base, self.decrypt_exp, self.prime_modulus) != self.individual_base:  # type:ignore  # pylint:disable=no-member
       raise base.CryptoError(f'inconsistent g**d % p == i: {self}')
   def __str__(self) -> str:
@@ -387,10 +429,11 @@ class DSAPrivateKey(DSAPublicKey, base.Signer):  # pylint: disable=too-many-ance
     if not 0 < message < self.prime_seed:
       raise base.InputError(f'invalid message: {message=}')
     # sign
-    a, b = 0, 0
+    a: int = 0
+    b: int = 0
     while a < 2 or b < 2:
       ephemeral_key, ephemeral_inv = self._MakeEphemeralKey()
-      a = modmath.ModExp(self.group_base, ephemeral_key, self.prime_modulus) % self.prime_seed
+      a = int(gmpy2.powmod(self.group_base, ephemeral_key, self.prime_modulus) % self.prime_seed)  # type:ignore  # pylint:disable=no-member
       b = (ephemeral_inv * ((message + a * self.decrypt_exp) % self.prime_seed)) % self.prime_seed
     return (a, b)
@@ -460,8 +503,8 @@ class DSAPrivateKey(DSAPublicKey, base.Signer):  # pylint: disable=too-many-ance
             prime_modulus=shared_key.prime_modulus,
             prime_seed=shared_key.prime_seed,
             group_base=shared_key.group_base,
-            individual_base=modmath.ModExp(
-                shared_key.group_base, decrypt_exp, shared_key.prime_modulus),
+            individual_base=int(gmpy2.powmod(  # type:ignore  # pylint:disable=no-member
+                shared_key.group_base, decrypt_exp, shared_key.prime_modulus)),
             decrypt_exp=decrypt_exp)
       except base.InputError as err:
         failures += 1

transcrypto/elgamal.py CHANGED Viewed

@@ -23,6 +23,8 @@ import logging
 # import pdb
 from typing import Self
+import gmpy2  # type:ignore
 from . import base, modmath, aes
 __author__ = 'balparda@github.com'
@@ -122,7 +124,7 @@ class ElGamalSharedPublicKey(base.CryptoKey):
     if bit_length < 11:
       raise base.InputError(f'invalid bit length: {bit_length=}')
     # generate random prime and number, create object (should never fail)
-    p: int = modmath.NBitRandomPrime(bit_length)
+    p: int = modmath.NBitRandomPrimes(bit_length).pop()
     g: int = 0
     while not 2 < g < p - 1:
       g = base.RandBits(bit_length)
@@ -203,8 +205,8 @@ class ElGamalPublicKey(ElGamalSharedPublicKey, base.Encryptor, base.Verifier):
     b: int = 0
     while a < 2 or b < 2:
       ephemeral_key: int = self._MakeEphemeralKey()[0]
-      a = modmath.ModExp(self.group_base, ephemeral_key, self.prime_modulus)
-      s: int = modmath.ModExp(self.individual_base, ephemeral_key, self.prime_modulus)
+      a = int(gmpy2.powmod(self.group_base, ephemeral_key, self.prime_modulus))            # type:ignore  # pylint:disable=no-member
+      s: int = int(gmpy2.powmod(self.individual_base, ephemeral_key, self.prime_modulus))  # type:ignore  # pylint:disable=no-member
       b = (message * s) % self.prime_modulus
     return (a, b)
@@ -278,9 +280,9 @@ class ElGamalPublicKey(ElGamalSharedPublicKey, base.Encryptor, base.Verifier):
         not 2 <= signature[1] < self.prime_modulus - 1):
       raise base.InputError(f'invalid signature: {signature=}')
     # verify
-    a: int = modmath.ModExp(self.group_base, message, self.prime_modulus)
-    b: int = modmath.ModExp(signature[0], signature[1], self.prime_modulus)
-    c: int = modmath.ModExp(self.individual_base, signature[0], self.prime_modulus)
+    a: int = int(gmpy2.powmod(self.group_base, message, self.prime_modulus))            # type:ignore  # pylint:disable=no-member
+    b: int = int(gmpy2.powmod(signature[0], signature[1], self.prime_modulus))          # type:ignore  # pylint:disable=no-member
+    c: int = int(gmpy2.powmod(self.individual_base, signature[0], self.prime_modulus))  # type:ignore  # pylint:disable=no-member
     return a == (b * c) % self.prime_modulus
   def Verify(
@@ -351,8 +353,7 @@ class ElGamalPrivateKey(ElGamalPublicKey, base.Decryptor, base.Signer):  # pylin
     if (not 2 < self.decrypt_exp < self.prime_modulus - 1 or
         self.decrypt_exp in (self.group_base, self.individual_base)):
       raise base.InputError(f'invalid decrypt_exp: {self}')
-    if modmath.ModExp(
-        self.group_base, self.decrypt_exp, self.prime_modulus) != self.individual_base:
+    if gmpy2.powmod(self.group_base, self.decrypt_exp, self.prime_modulus) != self.individual_base:  # type:ignore  # pylint:disable=no-member
       raise base.CryptoError(f'inconsistent g**e % p == i: {self}')
   def __str__(self) -> str:
@@ -385,8 +386,8 @@ class ElGamalPrivateKey(ElGamalPublicKey, base.Decryptor, base.Signer):  # pylin
         not 2 <= ciphertext[1] < self.prime_modulus):
       raise base.InputError(f'invalid message: {ciphertext=}')
     # decrypt
-    csi: int = modmath.ModExp(
-        ciphertext[0], self.prime_modulus - 1 - self.decrypt_exp, self.prime_modulus)
+    csi: int = int(
+        gmpy2.powmod(ciphertext[0], self.prime_modulus - 1 - self.decrypt_exp, self.prime_modulus))  # type:ignore  # pylint:disable=no-member
     return (ciphertext[1] * csi) % self.prime_modulus
   def Decrypt(self, ciphertext: bytes, /, *, associated_data: bytes | None = None) -> bytes:
@@ -450,7 +451,7 @@ class ElGamalPrivateKey(ElGamalPublicKey, base.Decryptor, base.Signer):  # pylin
     p_1: int = self.prime_modulus - 1
     while a < 2 or b < 2:
       ephemeral_key, ephemeral_inv = self._MakeEphemeralKey()
-      a = modmath.ModExp(self.group_base, ephemeral_key, self.prime_modulus)
+      a = int(gmpy2.powmod(self.group_base, ephemeral_key, self.prime_modulus))  # type:ignore  # pylint:disable=no-member
       b = (ephemeral_inv * ((message - a * self.decrypt_exp) % p_1)) % p_1
     return (a, b)
@@ -519,8 +520,8 @@ class ElGamalPrivateKey(ElGamalPublicKey, base.Decryptor, base.Signer):  # pylin
         return cls(
             prime_modulus=shared_key.prime_modulus,
             group_base=shared_key.group_base,
-            individual_base=modmath.ModExp(
-                shared_key.group_base, decrypt_exp, shared_key.prime_modulus),
+            individual_base=int(gmpy2.powmod(  # type:ignore  # pylint:disable=no-member
+                shared_key.group_base, decrypt_exp, shared_key.prime_modulus)),
             decrypt_exp=decrypt_exp)
       except base.InputError as err:
         failures += 1

transcrypto 1.2.0__py3-none-any.whl → 1.3.0__py3-none-any.whl

transcrypto 1.2.0py3-none-any.whl → 1.3.0py3-none-any.whl