Esempio n. 1
0
def get_state(p):
    """
    given the prng p, get the 2 candidate
    current states of p
    """
    out = p.get_num()
    F = p.P.x.field
    C = p.P.curve
    e = F(3) #backdoor!
    prime = p.P.x.p
    val = out*out*out + C.a * out + C.b
    points = [Point(C,F(out),F(y)) for y in tonelli_shanks(val.n,prime)]
    #print("points: ",points)
    states = [(e.n*T).x.n for T in points]
    #as both candidates are additive inverses of
    #one another, they have the same x coordinates
    return states[0] 
Esempio n. 2
0
def get_state(p):
    """
    given the prng p, get the 2 candidate
    current states of p
    """
    out = p.get_num()
    F = p.P.x.field
    C = p.P.curve
    e = F(3)  #backdoor!
    prime = p.P.x.p
    val = out * out * out + C.a * out + C.b
    points = [Point(C, F(out), F(y)) for y in tonelli_shanks(val.n, prime)]
    #print("points: ",points)
    states = [(e.n * T).x.n for T in points]
    #as both candidates are additive inverses of
    #one another, they have the same x coordinates
    return states[0]
Esempio n. 3
0
 def __init__(self, out):
     """
     given the initial output,
     init out guesser so we can guess
     all remaining outputs
     """
     prime=331337
     F = FiniteField(prime,1)
     C = EllipticCurve(a=F(1),b=F(1))
     e = F(3) #backdoor! we'd have to pre-compute this
     val = out*out*out + C.a * out + C.b
     print(time.time(),":","finding points...")
     points = [Point(C,F(out),F(y)) for y in tonelli_shanks(val.n,prime)]
     #print("points: ",points)
     print(time.time(),":","recovering states...")
     states = [(e.n*T).x.n for T in points]
     #as both candidates are additive inverses of
     #one another, they have the same x coordinates
     print(time.time(),":","making prng")
     self.p = prng(seed=states[0])
Esempio n. 4
0
 def __init__(self, out):
     """
     given the initial output,
     init out guesser so we can guess
     all remaining outputs
     """
     prime = 331337
     F = FiniteField(prime, 1)
     C = EllipticCurve(a=F(1), b=F(1))
     e = F(3)  #backdoor! we'd have to pre-compute this
     val = out * out * out + C.a * out + C.b
     print(time.time(), ":", "finding points...")
     points = [Point(C, F(out), F(y)) for y in tonelli_shanks(val.n, prime)]
     #print("points: ",points)
     print(time.time(), ":", "recovering states...")
     states = [(e.n * T).x.n for T in points]
     #as both candidates are additive inverses of
     #one another, they have the same x coordinates
     print(time.time(), ":", "making prng")
     self.p = prng(seed=states[0])