Closed Noname400 closed 2 years ago
:= appeared in python 3.8 now stands in sage 3.8 python 3.7.10
Smartattack.py p = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798#(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8) r = 0xdf713e4a49dd8b474ca6a1ebe11f757b5e69a380ef1bd06112a035ce1219c8b3#(0xd11a650e0618d0901466dc22a1014e858c06e95de5077051af6e92cf9900ef71,0x677fc5dce98a343d3ab0156faf6eadd4607b630c0028efb6b5da17e1d1931cc0) res = attack(p,r_) print(res)
What's the python version of your system? Not the sage one. Try installing the latest python, then reinstalling sage (to version 9.4, the newest sage version).
windows only 9.3 version
Right, I don't have a lot of experience with Windows. It is possible that the Windows binaries only use Python 3.7 right now. In that case, you'll have to modify the script yourself to remove the walrus operator.
i started sagemath. experimenting with mov_attack.attack tells me why P = E(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D04B8) is throwing an error raise TypeError("%s coordinates do not specify a point on %s" % (list(v), curve)) Error type: Coordinates [55066263022277343669578718895168534326250603453777594175500187360389116729240, 32670510020758816978083085130507043184471273380659243275938904335757337482424 1] does not define a point on the elliptic curve defined by y ^ 2 = x ^ 3 + 7 over a finite field size 115792089237316195423570985008687907852837564279074904382605163141518161494337
I specify the base point of the curve.
I need to know the parameters you used to call the attack.
p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 a = 0x0 b = 0x7 E = EllipticCurve(GF(p), [a, b]) P = E(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8) R = E(0xcb3c7c1573671ba4ea94b3835a6315d4e06ded5582068497b87996a9c5ec1493, 0xa475696ec02f4c93c4d2b88ea14eb301e7a7ac8564897eb2720da210874c54e2) l_ = mov_attack.attack(P, R)
The problem is not with the script, it's with:
P = E(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
This is not a valid point for the curve. If you got this point somewhere, it's wrong. If you generated it yourself, you generated it wrongly.
i use:
Gx=0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798, # Base point x
Gy=0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8, # Base point y
pubkey: 04cb3c7c1573671ba4ea94b3835a6315d4e06ded5582068497b87996a9c5ec1493a475696ec02f4c93c4d2b88ea14eb301e7a7ac8564897eb2720da210874c54e2
Pubx = 0xcb3c7c1573671ba4ea94b3835a6315d4e06ded5582068497b87996a9c5ec1493 Puby = 0xa475696ec02f4c93c4d2b88ea14eb301e7a7ac8564897eb2720da210874c54e2
Where did you get that Gx
and Gy
from?
Your p
is wrong.
I'm sorry to interrupt you. but not at all you can figure it out yourself without help. All basic documentation is in English. so practice is the best way to understand. so I turn to you to explain my mistakes. thank you in advance.
yes. sorry 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
sage: p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
sage: a = 0x0
sage: b = 0x7
sage: E = EllipticCurve(GF(p), [a, b])
sage: P = E(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47
....: D08FFB10D4B8)
sage: R = E(0xcb3c7c1573671ba4ea94b3835a6315d4e06ded5582068497b87996a9c5ec1493, 0xa475696ec02f4c93c4d2b88ea14eb301e7a7ac8564897eb2720
....: da210874c54e2)
it all works when you change p
.
yes you are right, i already figured it out smart_attac error
Traceback (most recent call last): File "/home/jo/crypto-attacks/attacks/ecc/main.py", line 32, in <module> l_ = smart_attack.attack(G, l * G) File "/home/jo/crypto-attacks/attacks/ecc/smart_attack.py", line 26, in attack assert E.trace_of_frobenius() == 1, f"Curve should have trace of Frobenius = 1." AssertionError: Curve should have trace of Frobenius = 1.
E = EllipticCurve(GF(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141), \ [0xcb3c7c1573671ba4ea94b3835a6315d4e06ded5582068497b87996a9c5ec1493, 0xa475696ec02f4c93c4d2b88ea14eb301e7a7ac8564897eb2720da210874c54e2]) G = E.gen(0) n = int(G.order()) l = randrange(1, n) l_ = smart_attack.attack(G, l * G)
Smart's attack doesn't work on that curve.
what attacks work ? secp256k1 to know in advance and not to disturb you
:param max_k: the maximum value of embedding degree to try (default: 6)
:param max_tries: the maximum amount of times to try to find l (default: 10)
how to understand these parameters?
what attacks work ? secp256k1 to know in advance and not to disturb you
None that I know of
:param max_k: the maximum value of embedding degree to try (default: 6) :param max_tries: the maximum amount of times to try to find l (default: 10)
how to understand these parameters?
Read the code
tell me what am I doing wrong?
p = (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8) r = (0xd11a650e0618d0901466dc22a1014e858c06e95de5077051af6e92cf9900ef71,0x677fc5dce98a343d3ab0156faf6eadd4607b630c0028efb6b5da17e1d1931cc0) res = attack(p_) print(res)