-
Notifications
You must be signed in to change notification settings - Fork 125
/
nonce_reuse.py
25 lines (21 loc) · 901 Bytes
/
nonce_reuse.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import os
import sys
path = os.path.dirname(os.path.dirname(os.path.dirname(os.path.realpath(os.path.abspath(__file__)))))
if sys.path[1] != path:
sys.path.insert(1, path)
from shared import solve_congruence
def attack(p, m1, r1, s1, m2, r2, s2):
"""
Recovers the nonce and private key from two messages signed using the same nonce.
:param p: the prime used in the ElGamal scheme
:param m1: the first message
:param r1: the signature of the first message
:param s1: the signature of the first message
:param m2: the second message
:param r2: the signature of the second message
:param s2: the signature of the second message
:return: generates tuples containing the possible nonce and private key
"""
for k in solve_congruence(s1 - s2, m1 - m2, p - 1):
for x in solve_congruence(r1, m1 - k * s1, p - 1):
yield int(k), int(x)