Commit 17347b04 by Michael Hamburg

### test harness to invert elligator by brute force

parent 1a38c25d
 ... ... @@ -385,25 +385,34 @@ class Decaf_1_1_Point(QuotientEdwardsPoint): for toggle_s in [False,True]: for toggle_r in [False,True]: s,m1,m12,swap = self.toJacobiQuartic(toggle_rotation,toggle_altx,toggle_s) if self == self.__class__(): print print toggle_rotation,toggle_altx,toggle_s print m1 print m12 if self == self.__class__() and self.cofactor == 4: # Hacks for identity! if toggle_altx: m12 = 1 elif toggle_s: m1 = 1 elif toggle_r: continue ## BOTH??? rnum = (d*a*m12-m1) rden = ((d*a-1)*m12+m1) if swap: rnum,rden = rden,rnum ok,sr = isqrt_i(rnum*rden*self.qnr) if not ok: continue sr *= rnum print "Works! %d %x" % (swap,sr) if negative(sr) != toggle_r: sr = -sr ret = self.gfToBytes(sr) #assert self.elligator(ret) == self or self.elligator(ret) == -self if self.elligator(ret) == -self and self != -self: print "Negated!",[toggle_rotation,toggle_altx,toggle_s,toggle_r] if self.elligator(ret) != self and self.elligator(ret) != -self: print "WRONG!",[toggle_rotation,toggle_altx,toggle_s] if self.elligator(ret) == -self and self != -self: print "Negated!",[toggle_rotation,toggle_altx,toggle_s] rets.append(bytes(ret)) return rets ... ... @@ -478,6 +487,40 @@ class Decaf_1_1_Point(QuotientEdwardsPoint): if negative(s) == iss: s = -s return cls.fromJacobiQuartic(s,t) def elligatorInverseBruteForce(self): """Invert Elligator using SAGE's polynomial solver""" a,d = self.a,self.d R. = self.F[] r = self.qnr * r0^2 den = (d*r-(d-a))*((d-a)*r-d) n1 = (r+1)*(a-2*d)/den n2 = r*n1 ret = set() for s2,t in [(n1, -(r-1)*(a-2*d)^2 / den - 1), (n2,r*(r-1)*(a-2*d)^2 / den - 1)]: x2 = 4*s2/(1+a*s2)^2 y = (1-a*s2) / t selfT = self for i in xrange(self.cofactor/2): xT,yT = selfT polyX = xT^2-x2 polyY = yT-y sx = set(r for r,_ in polyX.numerator().roots()) sy = set(r for r,_ in polyY.numerator().roots()) ret = ret.union(sx.intersection(sy)) selfT = selfT.torque() ret = [self.gfToBytes(r) for r in ret] for r in ret: assert self.elligator(r) in [self,-self] ret = [r for r in ret if self.elligator(r) == self] return ret class Ed25519Point(RistrettoPoint): F = GF(2^255-19) d = F(-121665/121666) ... ...
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!