def getflag(self):
print(
"gonna have to see some credentials, you know at least two admins gotta sign off on this stuff:"
)
(s0, p0) = self.getsignature(
"first signature, please\n",
"and who is this from (the public key, if you please)?\n",
)
(s1, p1) = self.getsignature(
"OK, and the second?\n", "who gave you this one (again, by public key)?\n"
)
assert s0 != s1
p2 = G2Elem.from_bytes(
b64decode(
str(
raw_input(
"who didn't sign? We need their public key to run everything\n"
)
)
),
self.params[0],
)
if verify(
self.params,
aggregate_vk(self.params, [p0, p1, p2], threshold=True),
aggregate_sigma(self.params, [s0, s1], threshold=True),
"this stuff",
):
with open("flag.txt") as f:
print(f.read())
else:
print("lol nice try")
def getsignature(self, ask, who):
ask_s = b64decode(str(raw_input(ask)))
s = G1Elem.from_bytes(ask_s, self.params[0])
ask_p = b64decode(str(raw_input(who)))
p = G2Elem.from_bytes(ask_p, self.params[0])
assert p in self.vks
return (s, p)
def getflag(self):
print('gonna have to see some credentials, you know at least two admins gotta sign off on this stuff:')
(s0, p0) = self.getsignature('first signature, please\n', 'and who is this from (the public key, if you please)?\n')
(s1, p1) = self.getsignature('OK, and the second?\n', 'who gave you this one (again, by public key)?\n')
p2 = G2Elem.from_bytes(b64decode(str(raw_input('who didn\'t sign? We need their public key to run everything\n'))), self.params[0])
assert(s0 != s1 and p0 != p1 and p1 != p2 and p2 != p0)
if verify(self.params, aggregate_vk(self.params, [p0,p1,p2], threshold=True), aggregate_sigma(self.params, [s0, s1], threshold=True), 'this stuff'):
with open('flag.txt') as f: print(f.read())
else:
print('lol nice try')
def key(x):
return G2Elem.from_bytes(b64decode(x), G)
ask_s = b64decode(str(raw_input(ask)))
s = G1Elem.from_bytes(ask_s, self.params[0])
ask_p = b64decode(str(raw_input(who)))
p = G2Elem.from_bytes(ask_p, self.params[0])
assert p in self.vks
return (s, p)
def pretty_point(x):
return b64encode(x.export())
params = setup()
# ask_p = b64decode(str(raw_input("P0")))
p0 = G2Elem.from_bytes(p0, params[0])
# ask_p = b64decode(str(raw_input("P1")))
p1 = G2Elem.from_bytes(p1, params[0])
# ask_p = b64decode(str(raw_input("P2")))
p2 = G2Elem.from_bytes(p2, params[0])
# ask_s = b64decode(str(raw_input("S0")))
s0 = G1Elem.from_bytes(s0, params[0])
# ask_s = b64decode(str(raw_input("S2")))
s2 = G1Elem.from_bytes(s2, params[0])
(G, o, g1, g2, e) = params
t = 3
#!/usr/bin/env python3
from pwn import *
from base64 import b64decode, b64encode
from bls.scheme import *
from bplib.bp import G1Elem, G2Elem
r = remote('crypto.chal.csaw.io', 1004)
params = setup()
publics = []
r.recvlines(3)
publics.append(G2Elem.from_bytes(b64decode(r.recvline()), params[0]))
r.recvline()
publics.append(G2Elem.from_bytes(b64decode(r.recvline()), params[0]))
r.recvline()
publics.append(G2Elem.from_bytes(b64decode(r.recvline()), params[0]))
r.recvline()
r.sendline('3')
r.recvline()
r.sendline('this stuff')
r.recvline()
s = G1Elem.from_bytes(b64decode(r.recvline()), params[0])
r.recvline()
r.sendline('4')
r.recvline()
r.recvline()
r.sendline(b64encode(s.export()))
# signature of p3 for message "this stuff"
s3 = io.recvline()
io.recv()
io.sendline("4")
io.recvline()
io.recvline()
# generating a new public key
b = 3
pk = b * g2
m = "this stuff"
# signature of my key for message "this stuff"
sm = sign(params, b, m)
p3_point = G2Elem.from_bytes(b64decode(p3), G)
s3_point = G1Elem.from_bytes(b64decode(s3), G)
io.sendline(b64encode(sm.export()))
io.recv()
io.sendline(b64encode(p3_point.export()))
io.recv()
io.sendline(b64encode(s3_point.export()))
io.recv()
io.sendline(b64encode(p3_point.export()))
io.recv()
io.sendline(b64encode((pk + pk - p3_point).export()))
print(io.recv())
io.close()
def get_pk(r, params, name):
r.recvuntil(name)
r.recvline()
return G2Elem.from_bytes(b64decode(r.recvline()[:-1]), params[0])
def _unpackG2(self, elem):
G = self.params[0]
return G2Elem.from_bytes(unhexlify(elem.encode()), G)
def unpackG2(params, x):
G = params[0]
return G2Elem.from_bytes(unhexlify(x.encode()), G)