def test_smart_attack(self):
curve = EllipticCurve(GF(23304725718649417969),
[8820341459377516260, 5880227639585010840])
gen = curve.gen(0)
n = int(gen.order())
l = randint(1, n - 1)
l_ = self.smart_attack.attack(gen, l * gen)
self.assertIsInstance(l_, int)
self.assertEqual(l, l_)
def test_ecdsa_nonce_reuse(self):
p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
a = 115792089210356248762697446949407573530086143415290314195533631308867097853948
b = 41058363725152142129326129780047268409114441015993725554835256314039467401291
p_256 = EllipticCurve(GF(p), [a, b])
gen = p_256.gen(0)
n = int(gen.order())
d = randint(1, n - 1)
l = randint(1, n - 1)
r = int((l * gen).xy()[0])
m1 = getrandbits(n.bit_length())
s1 = pow(l, -1, n) * (m1 + r * d) % n
m2 = getrandbits(n.bit_length())
s2 = pow(l, -1, n) * (m2 + r * d) % n
for l_, d_ in self.ecdsa_nonce_reuse.attack(n, m1, r, s1, m2, r, s2):
self.assertIsInstance(l_, int)
self.assertIsInstance(d_, int)
if l_ == l and d_ == d:
break
else:
self.fail()
