#ECDH #InvalidCurveAttack #CRT 楕円曲線の位数がある程度小さい数を含むように素因数分解できる場合に、楕円曲線のgenerator * (order / factor)をやると、位数がfactorな部分群のgeneratorが求まる（位数を調整するテク）。あとは #CRT で復元 #!/usr/bin…

#rarctf2021 from collections import namedtuple import random def moddiv(x,y,p): return (x * pow(y, -1, p)) %p Point = namedtuple("Point","x y") class EllipticCurve: INF = Point(0,0) def __init__(self, a, b, p): self.a = a self.b = b self.p…

#!/usr/bin/env sage import signal, hashlib, string, random, os os.chdir(os.path.dirname(os.path.abspath(__file__))) FLAG = open("./flag.txt", 'r').read() ROUNDS = 30 def PoW(): s = ''.join([random.choice(string.ascii_letters + string.digit…

import os class AffinePoint: def __init__(self, curve, x, y): self.curve = curve self.x = x self.y = y def __add__(self, other): return self.curve.add(self, other) def __iadd__(self, other): return self.__add__(other) def __rmul__(self, sc…

InvalidCurveAttackのこと

#bsidesnoidactf from Crypto.Util.number import getRandomNBitInteger, isPrime # extended gcd def egcd(a, b): old_x, new_x = 1, 0 old_y, new_y = 0, 1 while a != 0: q, a, b = b // a, b % a, a new_x, old_x = old_x, new_x - q * old_x new_y, old…

#googlectf2021 // Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://w…