Last active
July 22, 2024 11:06
-
-
Save mcieno/f0c6334af28f60d244fa054f5a1c22d2 to your computer and use it in GitHub Desktop.
MOV attack on elliptic curves.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Setup curve | |
| p = 17 | |
| a, b = 1, -1 | |
| E = EllipticCurve(GF(p), [a, b]) | |
| G = E.gen(0) | |
| # Target secret key | |
| d = 8 | |
| # Public point | |
| P = d * G | |
| del d | |
| # Find the embedding degree | |
| # p**k - 1 === 0 (mod order) | |
| order = E.order() | |
| k = 1 | |
| while (p**k - 1) % order: | |
| k += 1 | |
| assert k <= 6 | |
| K.<a> = GF(p**k) | |
| EK = E.base_extend(K) | |
| PK = EK(P) | |
| GK = EK(G) | |
| d = 0 | |
| while P != d * G: | |
| QK = EK.random_point() | |
| if QK.order() != E.order(): | |
| continue | |
| AA = PK.tate_pairing(QK, E.order(), k) | |
| GG = GK.tate_pairing(QK, E.order(), k) | |
| d = AA.log(GG) | |
| print(F"{d=}") |
Feel free to suggest improvements :)
While I know how to compute bilinear pairings and I understand the aim, I’ve absolutely no idea about what :
EK = E.base_extend(K)
does (I’m meaning the function). Looks like you’ll have to find a SageMath alternative to do this.
By the way, did you test your code to see if it works on easy samples ?
Was tested on
p = 3009944491747103173592552029257669572283120430367
a, b = 1, 0
E = EllipticCurve(GF(p), [a, b])
G = E(2900641855339024752663919275085178630626065454884, 1803317565451817334919844936679231131166218238368)
P = E(10654737690719804518827220655939579230832010880, 1272308004685912947962139770717466018620937245516)which was a VolgaCTF 2020 Qualifier challenge.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By the way, your code doesn t works on binary curves (even on isogeny 3).
It complains at line 23 that the parameter to
GFisn t a prime power.