1
# Local imports
2
import public_values_aux
3
from public_values_aux import *
4

5
# Load Sage files
6
load('castryck_decru_shortcut.sage')
7

8
# Baby SIKEp64 parameters
9
a = 33
10
b = 19
11

12
# Set the prime, finite fields and starting curve
13
# with known endomorphism
14
p = 2^a*3^b - 1
15
public_values_aux.p = p
16

17
Fp2.<i> = GF(p^2, modulus=x^2+1)
18
R.<x> = PolynomialRing(Fp2)
19

20
E_start = EllipticCurve(Fp2, [0,6,0,1,0])
21
E_start.set_order((p+1)^2) # Speeds things up in Sage
22

23
# Generation of the endomorphism 2i
24
two_i = generate_distortion_map(E_start)
25

26
# Generate public torsion points, for SIKE implementations
27
# these are fixed but to save loading in constants we can
28
# just generate them on the fly
29
P2, Q2, P3, Q3 = generate_torsion_points(E_start, a, b)
30
check_torsion_points(E_start, a, b, P2, Q2, P3, Q3)
31

32
# Generate Bob's key pair
33
bob_private_key, EB, PB, QB = gen_bob_keypair(E_start, b, P2, Q2, P3, Q3)
34
solution = Integer(bob_private_key).digits(base=3)
35

36
print(f"Running the attack against Baby SIDHp64 parameters, which has a prime: 2^{a}*3^{b} - 1")
37
print(f"If all goes well then the following digits should be found: {solution}")
38

39
# ===================================
40
# =====  ATTACK  ====================
41
# ===================================
42

43
def RunAttack(num_cores):
44
    return CastryckDecruAttack(E_start, P2, Q2, EB, PB, QB, two_i, num_cores=num_cores)
45

46
if __name__ == '__main__' and '__file__' in globals():
47
    if '--parallel' in sys.argv:
48
        # Set number of cores for parallel computation
49
        num_cores = os.cpu_count()
50
        print(f"Performing the attack in parallel using {num_cores} cores")
51
    else:
52
        num_cores = 1
53
    recovered_key = RunAttack(num_cores)
54

55

56