AlexanderKud

/**********************************************************************
 * Copyright (c) 2017, Jochen Hoenicke                                *
 *                                                                    *
 * Compile with:                                                      *
 *  gcc -O2 -I secp256k1/src/ -I secp256k1/ break_short.c -lgmp       *
 **********************************************************************/

#include "libsecp256k1-config.h"

#include <stdio.h>

AlexanderKud

import random
import math
from field import Fp


class ClockPointFp:
    def __init__(self, x, y, p):
        self.x = Fp(x, p)
        self.y = Fp(y, p)
        pass

AlexanderKud

def invMod(x, p):
    return pow(x, p-2, p)

def addECC(x1,y1,x2,y2,a,b,p):
    s = (invMod(x2-x1, p)*(y2-y1)) % p
    if ((x1 - x2) % p == 0) and ((y1-y2) % p == 0):
        s=(invMod(2*y1, p)*(3*x1*x1 + a)) % p
    x3 = (s*s -x1 -x2) %p
    y3 = (s*(x1-x3) -y1) % p
    return x3,y3

AlexanderKud

from sympy.abc import x, y
from sympy.core.compatibility import is_sequence
from sympy.core.numbers import oo
from sympy.core.relational import Eq
from sympy.polys.domains import FiniteField, QQ, RationalField
from sympy.solvers.solvers import solve

from sympy.ntheory.factor_ import divisors
from sympy.ntheory.residue_ntheory import sqrt_mod

AlexanderKud

// ------------------------------------------------------------

57. Diffie-Hellman Revisited: Subgroup-Confinement Attacks

This set is going to focus on elliptic curves. But before we get to
that, we're going to kick things off with some classic Diffie-Hellman.

Trust me, it's gonna make sense later.

AlexanderKud

import random

class Montgomery:

    #     B*v^2 = u^3 + A*u^2 + u

    def __init__(self, A, B, p):
        self.A = A
        self.B = B
        self.p = p

AlexanderKud

# This is an example of hash length extension attacks (and why you don't roll your own crypto!!!)
# In this case, an attacker, Malice, intercepts a message ("to=12345&amt=103.53&note=Thanks!")
# that has been "authenticated" using a poorly constructed MAC (message authentication code).
# This MAC has been created using the following method: md5(secret | message).
# Ideally, since the attacker, Malice, doesn't have the secret, he should be unable to craft a new
# message that is also authenticated. However, because of how the mac was created, we can use 
# Hash Length Extensions. We'll be using the pymd5 library as found on upenn's website via google cache:
# https://webcache.googleusercontent.com/search?q=cache:yyvXXyVKuYYJ:https://www.cis.upenn.edu/~cis331/project1/pymd5.py+&cd=3&hl=en&ct=clnk&gl=us

import urllib

AlexanderKud

extern crate rand;
extern crate num;

use kangaroo::rand::Rng;
use num::ToPrimitive;
use num::{Integer, Zero, One};
use std::collections::HashMap;
use std::sync::Mutex;

#[derive(Debug)]

AlexanderKud

def I(s):
  val = 0
  for i in range(len(s)):
    digit = ord(s[len(s) - i - 1])
    val <<= 8
    val |= digit
  return val

def Sn(i, length):
  s = ''

AlexanderKud

#; -*- mode: python;-*-
 
# This is an implementation of the Nguyen-Stern algorithm, and of our new multivariate attack
 
# To run the Nguyen-Stern algorithm, run the function NSattack().
# To run all the experiments with the Nguyen-Stern algorithm, run the function statNS().
# We provide the experimental results below.
 
# To run our algorithm, run the function multiAttack().
# To run all the experiments with our algorithm, run the function statMulti().