Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
- nistp256r1_modulus = 2**224 * (2**32 - 1) + 2**192 + 2**96 - 1
- nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
- nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B
- nistp256r1_field = GF(nistp256r1_modulus)
- nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])
- nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
- nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
- nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)
- curve = nistp256r1
- curve_order = nistp256r1_order
- curve_gen = nistp256r1_gen
- CG = Zmod(curve_order)
- ### these are "inputs" to the system. Only pubkey is known
- privkey = CG.random_element()
- Q = curve(ZZ(privkey) * curve_gen)
- ### we generates the necessary malicious generator
- kprime = CG.random_element()
- kprimeinv = kprime.inverse_of_unit()
- Gprime = ZZ(kprimeinv) * Q
- ### We can now verify that the we knows a private key corresponding
- ### to the public key under their generator
- newpoint = curve(ZZ(kprime) * curve_gen)
- Qprime = curve(ZZ(kprime) * Gprime)
- print("Q==Q'", Qprime == Q)
- print(Qprime.xy())
- print(Q.xy())
- print(newpoint)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement