Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
jack4818
GitHub Repository: jack4818/Castryck-Decru-SageMath
 Path: blob/main/SIKEp434.sage
323 views
1
import public_values_aux

2
from public_values_aux import *

3


4
load('castryck_decru_shortcut.sage')

5
load('sandwich_attack.sage')

6


7
SIKE_parameters = {

8
    "SIKEp434" : (216, 137),

9
    "SIKEp503" : (250, 159),

10
    "SIKEp610" : (305, 192),

11
    "SIKEp751" : (372, 239),

12
    "SIKEp964" : (486, 301), # removed after NIST round 1

13
}

14


15
# Change me to attack different parameter sets

16
NIST_submission = "SIKEp434"

17
a, b = SIKE_parameters[NIST_submission]

18


19
print(f"Running the attack against {NIST_submission} parameters, which has a prime: 2^{a}*3^{b} - 1")

20


21
print(f"Generating public data for the attack...")

22
# Set the prime, finite fields and starting curve

23
# with known endomorphism

24
p = 2^a*3^b - 1

25
public_values_aux.p = p

26
Fp2.<i> = GF(p^2, modulus=x^2+1)

27
R.<x> = PolynomialRing(Fp2)

28


29
E_start = EllipticCurve(Fp2, [0,6,0,1,0])

30
E_start.set_order((p+1)^2, num_checks=0) # Speeds things up in Sage

31


32
# Generation of the endomorphism 2i

33
two_i = generate_distortion_map(E_start)

34


35
# Generate public torsion points, for SIKE implementations

36
# these are fixed but to save loading in constants we can

37
# just generate them on the fly

38
P2, Q2, P3, Q3 = generate_torsion_points(E_start, a, b)

39
check_torsion_points(E_start, a, b, P2, Q2, P3, Q3)

40


41
# Generate Bob's key pair

42
bob_private_key, EB, PB, QB = gen_bob_keypair(E_start, b, P2, Q2, P3, Q3)

43
solution = Integer(bob_private_key).digits(base=3)

44


45
print(f"If all goes well then the following digits should be found: {solution}")

46


47
# ===================================

48
# =====  ATTACK  ====================

49
# ===================================

50


51
def RunAttack(num_cores):

52
    return CastryckDecruAttack(E_start, P2, Q2, EB, PB, QB, two_i, num_cores=num_cores)

53


54
if __name__ == '__main__' and '__file__' in globals():

55
    if '--parallel' in sys.argv:

56
        # Set number of cores for parallel computation

57
        num_cores = os.cpu_count()

58
        print(f"Performing the attack in parallel using {num_cores} cores")

59
    else:

60
        num_cores = 1

61


62
    if '--sandwich' in sys.argv:

63
        # Use the fact that 2^a - 5*3^b is a sum of squares

64
        assert NIST_submission == "SIKEp964"

65
        assert two_squares(2^a - 5*3^b)

66
        recovered_key = SandwichAttack(E_start, P2, Q2, EB, PB, QB, two_i, k=5, alp=0)

67
    else:

68
        recovered_key = RunAttack(num_cores)

69


70


71