Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
ashutosh1206
GitHub Repository: ashutosh1206/crypton
 Path: blob/master/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/pollardrho.py
1402 views
1
from sage.all import *

2
from Crypto.Util.number import *

3


4
def func_f(X_i, P, Q, E):

5
    """

6
        To calculate X_(i+1) = f(X_i)

7


8
        :parameters:

9
            X_i : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field

10
                X_i = (a_i * P) + (b_i * Q)

11
            P : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field

12
                Base point on which ECDLP is defined

13
            Q : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field

14
                Q = x*P, where `x` is the secret key

15
            E : sage.schemes.elliptic_curves.ell_finite_field.EllipticCurve_finite_field_with_category

16
                Elliptic Curve defined as y^2 = x^3 + a*x + b mod p

17
    """

18
    try:

19
        # Point P and Q should lie on the Elliptic Curve E

20
        assert P == E((P[0], P[1]))

21
        assert Q == E((Q[0], Q[1]))

22
    except Exception as e:

23
        # Do not return anything if the point is invalid

24
        print "[-] Point does not lie on the curve!"

25
        return None

26
    if int(X_i[0]) % 3 == 2:

27
        # Partition S_1

28
        return X_i + Q

29
    if int(X_i[0]) % 3 == 0:

30
        # Partition S_2

31
        return 2*X_i

32
    if int(X_i[0]) % 3 == 1:

33
        # Partition S_3

34
        return X_i + P

35
    else:

36
        print "[-] Something's Wrong!"

37
        return -1

38


39
def func_g(a, P, X_i, E):

40
    """

41
    Calculate a_(i+1) = g(a)

42


43
    :parameters:

44
        a : int/long

45
            Equivalent to a_i in X_i = a_i*P + b_i*Q

46
        P : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field

47
            Base point on which ECDLP is defined

48
        X_i : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field

49
            X_i = a_i*P + b_i*Q

50
        E : sage.schemes.elliptic_curves.ell_finite_field.EllipticCurve_finite_field_with_category

51
            Elliptic Curve defined as y^2 = x^3 + a*x + b mod p

52
    """

53
    try:

54
        assert P == E((P[0], P[1]))

55
    except Exception as e:

56
        print e

57
        print "[-] Point does not lie on the curve"

58
        return None

59
    n = P.order()

60
    if int(X_i[0]) % 3 == 2:

61
        # Partition S_1

62
        return a

63
    if int(X_i[0]) % 3 == 0:

64
        # Partition S_2

65
        return 2*a % n

66
    if int(X_i[0]) % 3 == 1:

67
        # Partition S_3

68
        return (a + 1) % n

69
    else:

70
        print "[-] Something's Wrong!"

71
        return None

72


73
def func_h(b, P, X_i, E):

74
    """

75
    Calculate a_(i+1) = g(a)

76


77
    :parameters:

78
        a : int/long

79
            Equivalent to a_i in X_i = a_i*P + b_i*Q

80
        P : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field

81
            Base point on which ECDLP is defined

82
        X_i : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field

83
            X_i = a_i*P + b_i*Q

84
        E : sage.schemes.elliptic_curves.ell_finite_field.EllipticCurve_finite_field_with_category

85
            Elliptic Curve defined as y^2 = x^3 + a*x + b mod p

86
    """

87
    try:

88
        assert P == E((P[0], P[1]))

89
    except Exception as e:

90
        print e

91
        print "[-] Point does not lie on the curve"

92
        return None

93
    n = P.order()

94
    if int(X_i[0]) % 3 == 2:

95
        # Partition S_1

96
        return (b + 1) % n

97
    if int(X_i[0]) % 3 == 0:

98
        # Partition S_2

99
        return 2*b % n

100
    if int(X_i[0]) % 3 == 1:

101
        # Partition S_3

102
        return b

103
    else:

104
        print "[-] Something's Wrong!"

105
        return None

106


107
def pollardrho(P, Q, E):

108
    try:

109
        assert P == E((P[0], P[1]))

110
        assert Q == E((Q[0], Q[1]))

111
    except Exception as e:

112
        print e

113
        print "[-] Point does not lie on the curve"

114
        return None

115
    n = P.order()

116


117
    for j in range(10):

118
        a_i = random.randint(2, P.order()-2)

119
        b_i = random.randint(2, P.order()-2)

120
        a_2i = random.randint(2, P.order()-2)

121
        b_2i = random.randint(2, P.order()-2)

122


123
        X_i = a_i*P + b_i*Q

124
        X_2i = a_2i*P + b_2i*Q

125


126
        i = 1

127
        while i <= n:

128
            # Single Step Calculations

129
            a_i = func_g(a_i, P, X_i, E)

130
            b_i = func_h(b_i, P, X_i, E)

131
            X_i = func_f(X_i, P, Q, E)

132


133
            # Double Step Calculations

134
            a_2i = func_g(func_g(a_2i, P, X_2i, E), P, func_f(X_2i, P, Q, E), E)

135
            b_2i = func_h(func_h(b_2i, P, X_2i, E), P, func_f(X_2i, P, Q, E), E)

136
            X_2i = func_f(func_f(X_2i, P, Q, E), P, Q, E)

137


138
            if X_i == X_2i:

139
                if b_i == b_2i:

140
                    break

141
                assert GCD(b_2i - b_i, n) == 1

142
                return ((a_i - a_2i) * inverse(b_2i - b_i, n)) % n

143
            else:

144
                i += 1

145
                continue

146


147
if __name__ == "__main__":

148
    import random

149
    for i in range(100):

150
        E = EllipticCurve(GF(17), [2, 2])

151
        P = E((5, 1))

152
        x = random.randint(2, P.order()-2)

153
        Q = x*P

154
        assert pollardrho(P, Q, E)*P == Q

155


156