def log(p, q):
assert curve.is_on_curve(p)
assert curve.is_on_curve(q)
sqrt_n = int(math.sqrt(curve.n)) + 1
# Compute the baby steps and store them in the 'precomputed' hash table.
r = None
precomputed = {None: 0}
for a in range(1, sqrt_n):
r = curve.add(r, p)
precomputed[r] = a
# Now compute the giant steps and check the hash table for any
# matching point.
r = q
s = curve.mult(sqrt_n, curve.neg(p))
for b in range(sqrt_n):
try:
a = precomputed[r]
except KeyError:
pass
else:
steps = sqrt_n + b
logarithm = a + sqrt_n * b
return logarithm, steps
r = curve.add(r, s)
raise AssertionError('logarithm not found')
def log(p, q):
assert curve.is_on_curve(p)
assert curve.is_on_curve(q)
sqrt_n = int(math.sqrt(curve.n)) + 1
# Compute the baby steps and store them in the 'precomputed' hash table.
r = None
precomputed = {None: 0}
for a in range(1, sqrt_n):
r = curve.add(r, p)
precomputed[r] = a
# Now compute the giant steps and check the hash table for any
# matching point.
r = q
s = curve.mult(sqrt_n, curve.neg(p))
for b in range(sqrt_n):
try:
a = precomputed[r]
except KeyError:
pass
else:
steps = sqrt_n + b
logarithm = a + sqrt_n * b
return logarithm, steps
r = curve.add(r, s)
raise AssertionError('logarithm not found')
def __init__(self, point1, point2):
self.point1 = point1
self.point2 = point2
self.add_a1 = random.randrange(1, curve.n)
self.add_b1 = random.randrange(1, curve.n)
self.add_x1 = curve.add(
curve.mult(self.add_a1, point1),
curve.mult(self.add_b1, point2),
)
self.add_a2 = random.randrange(1, curve.n)
self.add_b2 = random.randrange(1, curve.n)
self.add_x2 = curve.add(
curve.mult(self.add_a2, point1),
curve.mult(self.add_b2, point2),
)
def __init__(self, point1, point2):
self.point1 = point1
self.point2 = point2
self.add_a1 = random.randrange(1, curve.n)
self.add_b1 = random.randrange(1, curve.n)
self.add_x1 = curve.add(
curve.mult(self.add_a1, point1),
curve.mult(self.add_b1, point2),
)
self.add_a2 = random.randrange(1, curve.n)
self.add_b2 = random.randrange(1, curve.n)
self.add_x2 = curve.add(
curve.mult(self.add_a2, point1),
curve.mult(self.add_b2, point2),
)
def compute_one(func, x):
p = curve.g
q = curve.mult(x, p)
try:
y, steps = func(p, q)
except Exception as exc:
return x, str(exc)
return x, y, steps
def compute_one(func, x):
p = curve.g
q = curve.mult(x, p)
try:
y, steps = func(p, q)
except Exception as exc:
return x, str(exc)
return x, y, steps
def log(p, q):
assert curve.is_on_curve(p)
assert curve.is_on_curve(q)
start = random.randrange(curve.n)
r = curve.mult(start, p)
for x in range(curve.n):
if q == r:
logarithm = (start + x) % curve.n
steps = x + 1
return logarithm, steps
r = curve.add(r, p)
raise AssertionError('logarithm not found')
def main():
x = random.randrange(curve.n)
p = curve.g
q = curve.mult(x, p)
print('Curve: {}'.format(curve))
print('Curve order: {}'.format(curve.n))
print('p = (0x{:x}, 0x{:x})'.format(*p))
print('q = (0x{:x}, 0x{:x})'.format(*q))
print(x, '* p = q')
y, steps = log(p, q)
print('log(p, q) =', y)
print('Took', steps, 'steps')
assert x == y
def main():
x = random.randrange(1, curve.n)
p = curve.g
q = curve.mult(x, p)
ans = '椭圆曲线: {}'.format(curve) + '\n'
ans += '曲线的阶: {}'.format(curve.n) + '\n'
ans += 'p = (0x{:x}, 0x{:x})'.format(*p) + '\n'
ans += 'q = (0x{:x}, 0x{:x})'.format(*q) + '\n'
ans += str(x) + '* p = q' + '\n'
y, steps = log(p, q)
ans += 'log(p, q) =' + str(y) + '\n'
ans += '一共尝试了 ' + str(steps) + ' 次' + '\n'
return ans
assert x == y
# if __name__ == '__main__':
# main()
from pwn import *
import pollardsrho
from common import inverse_mod, tinycurve as curve
r = remote('crypto.chal.csaw.io', 1000)
r.recvuntil('a = ')
a = int(r.recvline().strip('\r\n'))
r.recvuntil('b = ')
b = int(r.recvline().strip('\r\n'))
r.recvuntil('p = ')
p = int(r.recvline().strip('\r\n'))
r.recvuntil('n = ')
n = int(r.recvline().strip('\r\n'))
r.recvuntil('Public key: (')
q = r.recvuntil(')').strip(')').replace(' ', '').split(',')
q[0] = int(q[0])
q[1] = int(q[1])
print 'Public key:', q
for i in range(1, 7919):
coba = curve.mult(i, curve.g)
if coba[0] == q[0] and coba[1] == q[1]:
print 'Secret', i
break
print r.interactive()