SHARE
TWEET

exploit code

Ariana1729 Apr 21st, 2019 (edited) 81 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. y1=467996041489418065436268622304855825266338280723
  2. y2=373126988100715326072483107245781156204485119489
  3. y3=245091091146774561796627894715885724307214901148
  4. k1=y1*y1-1
  5. k2=y2*y2+1
  6. k3=y3*y3-3*3*3
  7. '''
  8. factor 2*k1-k2-k3 for p
  9. factordb:
  10. 7
  11. 11
  12. 29
  13. 43
  14. 419
  15. 13030584875599
  16. 515696616124863562671639283
  17. 883097976585278660619269873521314064958923370261
  18. '''
  19. Qiy=621803439821606291947646422656643138592770518069
  20. p=883097976585278660619269873521314064958923370261
  21. F=GF(p)
  22. a=F((k1-k2)/2)
  23. b=F((k1+k2)/2)
  24. print "p = ",p
  25. print "a = ",a
  26. print "b = ",b
  27. C=EllipticCurve(GF(p),[a,b])
  28. q=order(C)
  29. print "q = ",q
  30. m=1/2 % q
  31. P.<X> = PolynomialRing(GF(p))
  32. f=X^3+a*X+b-Qiy^2
  33. Qix=f.roots()[0][0]
  34. Q=C.point([Qix,-Qiy])
  35. P=m*Q
  36. print P
  37.  
  38.  
  39. print (9<<8>>4<<9<<12<<6>>9>>2<<5>>3>>4>>8<<12>>1>>5>>7<<13>>12>>12) * P==Q
  40. print (-1*Q).xy()[1]==621803439821606291947646422656643138592770518069
  41. P1=C.point([p + 1, 467996041489418065436268622304855825266338280723])
  42. P2=C.point([p - 1, 373126988100715326072483107245781156204485119489])
  43. P3=C.point([p + 3, 245091091146774561796627894715885724307214901148])
  44. print P1
  45. print P2
  46. print P3
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top