JFOER
commented
3 months ago Thank u for your questions. Addressing the first issue, SageMath inherently handles rational numbers, eliminating the need for the Fraction package. In this scenario, you can modify the assignment to tmpfrac = 2 ** (mr_mu[0][index2] - m) directly. Additionally, ensure to update any subsequent references to tmpfrac accordingly for consistency. Regarding the subsequent issue.
- We do not randomly insert k into the txt file. Each line represents a piece of signature data, and they are ordered sequentially. That is to say, they are stored in order and correspond one-to-one with other files, such as r.txt. 2. We require all data, more specifically, the private key and k (while r, s, and hash are already known). Firstly, the private key is needed to compare with the one we have recovered to verify its correctness. Secondly, k is essential as we intend to simulate side-channel attacks or fault injection attacks. We assume access to some bits of information about k, based on which our experiments will be conducted. Consequently, the leakage models, depending on the location of the leak, are categorized as MSB, LSB, MB, etc. In practical attacks, you can simply replace the respective part with the actual leaked information about k. Furthermore, the need for information about k arises from a method mentioned in the paper that involves making guesses about certain information. For more details, please refer to the answer in #issue 1. 3. There is a variable called "index", which serves as a control variable for testing different sets of data. Its value ranges from 1 to 100, corresponding to files from data1 to data100. In fact, we have a total of 500 sets of data, amounting to 500*1000 = 500,000 signature data entries. However, due to the file size limit on GitHub, we cannot upload larger files. If you require more data, we can provide it for you.
HAPPY男孩 @.***
------------------ 原始邮件 ------------------ 发件人: "JFOER/Lattice-Attacks-on-ECDSA" @.>; 发送时间: 2024年7月25日(星期四) 凌晨5:25 @.>; @.***>; 主题: [JFOER/Lattice-Attacks-on-ECDSA] ٍError : (Issue #2)
sage -python3 'Attack wNAF with invert function.py' Use the signature with index 846 Use the signature with index 854 Use the signature with index 551 The dimension of the lattice is 104 The correct guess is [491, 0] Traceback (most recent call last): File "/root/Desktop/v5/new method/Lattice-Attacks-on-ECDSA-main/Attack wNAF with invert function.py", line 392, in (-l_bkz[i][u - 1 + index2] + 2 * (m - 1)) tmpfrac)
File "sage/rings/integer.pyx", line 1929, in sage.rings.integer.Integer.mul (build/cythonized/sage/rings/integer.c:13450)
File "sage/structure/coerce.pyx", line 1242, in sage.structure.coerce.CoercionModel.bin_op (build/cythonized/sage/structure/coerce.c:11809)
File "/usr/lib/python3.11/fractions.py", line 372, in reverse
return monomorphic_operator(a, b)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/fractions.py", line 488, in _mul
g1 = math.gcd(na, db)
another question : you insert 1000 K in txt file Randomly ? if we have K why must use LLL Attack ? please tell me about 1000 R 1000S 1000 z or hash ... and tell us why use K ? and How to make another data like data101 to test script .. thanks
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
sokary2004
sage -python3 'Attack wNAF with invert function.py' Use the signature with index 846 Use the signature with index 854 Use the signature with index 551 The dimension of the lattice is 104 The correct guess is [491, 0] Traceback (most recent call last): File "/root/Desktop/v5/new method/Lattice-Attacks-on-ECDSA-main/Attack wNAF with invert function.py", line 392, in
(-l_bkz[i][u - 1 + index2] + 2 * (m - 1)) tmpfrac)