コード例 #1
0
ファイル: attack_3.py プロジェクト: jamella/dual_ec_demo
def get_state(p):
    """
    given the prng p, get the 2 candidate
    current states of p
    """
    out = p.get_num()
    F = p.P.x.field
    C = p.P.curve
    e = F(3) #backdoor!
    prime = p.P.x.p
    val = out*out*out + C.a * out + C.b
    points = [Point(C,F(out),F(y)) for y in tonelli_shanks(val.n,prime)]
    #print("points: ",points)
    states = [(e.n*T).x.n for T in points]
    #as both candidates are additive inverses of
    #one another, they have the same x coordinates
    return states[0] 
コード例 #2
0
ファイル: attack_3.py プロジェクト: jamella/dual_ec_demo
 def __init__(self, out):
     """
     given the initial output,
     init out guesser so we can guess
     all remaining outputs
     """
     prime=331337
     F = FiniteField(prime,1)
     C = EllipticCurve(a=F(1),b=F(1))
     e = F(3) #backdoor! we'd have to pre-compute this
     val = out*out*out + C.a * out + C.b
     print(time.time(),":","finding points...")
     points = [Point(C,F(out),F(y)) for y in tonelli_shanks(val.n,prime)]
     #print("points: ",points)
     print(time.time(),":","recovering states...")
     states = [(e.n*T).x.n for T in points]
     #as both candidates are additive inverses of
     #one another, they have the same x coordinates
     print(time.time(),":","making prng")
     self.p = prng(seed=states[0])