def get_state(p): """ given the prng p, get the 2 candidate current states of p """ out = p.get_num() F = p.P.x.field C = p.P.curve e = F(3) #backdoor! prime = p.P.x.p val = out*out*out + C.a * out + C.b points = [Point(C,F(out),F(y)) for y in tonelli_shanks(val.n,prime)] #print("points: ",points) states = [(e.n*T).x.n for T in points] #as both candidates are additive inverses of #one another, they have the same x coordinates return states[0]
def get_state(p): """ given the prng p, get the 2 candidate current states of p """ out = p.get_num() F = p.P.x.field C = p.P.curve e = F(3) #backdoor! prime = p.P.x.p val = out * out * out + C.a * out + C.b points = [Point(C, F(out), F(y)) for y in tonelli_shanks(val.n, prime)] #print("points: ",points) states = [(e.n * T).x.n for T in points] #as both candidates are additive inverses of #one another, they have the same x coordinates return states[0]
def __init__(self, out): """ given the initial output, init out guesser so we can guess all remaining outputs """ prime=331337 F = FiniteField(prime,1) C = EllipticCurve(a=F(1),b=F(1)) e = F(3) #backdoor! we'd have to pre-compute this val = out*out*out + C.a * out + C.b print(time.time(),":","finding points...") points = [Point(C,F(out),F(y)) for y in tonelli_shanks(val.n,prime)] #print("points: ",points) print(time.time(),":","recovering states...") states = [(e.n*T).x.n for T in points] #as both candidates are additive inverses of #one another, they have the same x coordinates print(time.time(),":","making prng") self.p = prng(seed=states[0])
def __init__(self, out): """ given the initial output, init out guesser so we can guess all remaining outputs """ prime = 331337 F = FiniteField(prime, 1) C = EllipticCurve(a=F(1), b=F(1)) e = F(3) #backdoor! we'd have to pre-compute this val = out * out * out + C.a * out + C.b print(time.time(), ":", "finding points...") points = [Point(C, F(out), F(y)) for y in tonelli_shanks(val.n, prime)] #print("points: ",points) print(time.time(), ":", "recovering states...") states = [(e.n * T).x.n for T in points] #as both candidates are additive inverses of #one another, they have the same x coordinates print(time.time(), ":", "making prng") self.p = prng(seed=states[0])