-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathExploitRS.py
117 lines (93 loc) · 3.42 KB
/
ExploitRS.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
import random
# Elliptic Curve Parameters (secp256k1 - Bitcoin Standard)
p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F # Prime field
a = 0 # Curve parameter a
b = 7 # Curve parameter b
Gx = 55066263022277343669578718895168534326250603453777594175500187360389116729240 # Generator x
Gy = 32670510020758816978083085130507043184471273380659243275938904335757337424483 # Generator y
n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 # Order of the group
# Elliptic curve point addition
def point_addition(P, Q):
if P == (0, 0):
return Q
if Q == (0, 0):
return P
if P == Q:
lam = (3 * P[0] ** 2 + a) * pow(2 * P[1], -1, p) % p
else:
lam = (Q[1] - P[1]) * pow(Q[0] - P[0], -1, p) % p
x = (lam ** 2 - P[0] - Q[0]) % p
y = (lam * (P[0] - x) - P[1]) % p
return x, y
def scalar_multiplication(k, P):
result = (0, 0)
temp = P
while k:
if k & 1:
result = point_addition(result, temp)
temp = point_addition(temp, temp)
k >>= 1
return result
# Generate private key (x), public key (P = xG)
def generate_keys():
x = random.randint(1, n - 1) # Private key
P = scalar_multiplication(x, (Gx, Gy)) # Public key
return x, P
# Sign a message
def sign_message(x, m, k):
t = scalar_multiplication(k, (Gx, Gy)) # t = Gk
r = t[0] % n # X coordinate of t
s = (m + x * r) * pow(k, -1, n) % n # s = (m + x * r) / k
return r, s
# Verify signature
def verify_signature(P, m, r, s):
w = pow(s, -1, n) # w = 1 / s
u1 = (m * w) % n
u2 = (r * w) % n
t = point_addition(scalar_multiplication(u1, (Gx, Gy)), scalar_multiplication(u2, P))
return t[0] % n == r
# Main function
if __name__ == "__main__":
print("=== Simplified Bitcoin-like ECDSA Implementation ===")
# Step 1: Generate or Input Keys
print("\nChoose an option:")
print("1. Generate new keys")
print("2. Input your own private key")
choice = input("Enter your choice (1 or 2): ")
if choice == "1":
private_key, public_key = generate_keys()
print("\nGenerated Keys:")
print(f"Private Key (x): {private_key}")
print(f"Public Key (P = xG): {public_key}")
elif choice == "2":
private_key = int(input("Enter your private key (x): "))
public_key = scalar_multiplication(private_key, (Gx, Gy))
print("\nDerived Public Key:")
print(f"Public Key (P = xG): {public_key}")
else:
print("Invalid choice! Exiting.")
exit()
# Step 2: Input Message
message = int(input("\nEnter your message (as an integer): "))
# Step 3: Input or Generate Nonce (k)
print("\nChoose an option for nonce:")
print("1. Generate random nonce (k)")
print("2. Input your own nonce (k)")
k_choice = input("Enter your choice (1 or 2): ")
if k_choice == "1":
k = random.randint(1, n - 1)
print(f"\nGenerated Nonce (k): {k}")
elif k_choice == "2":
k = int(input("Enter your nonce (k): "))
else:
print("Invalid choice! Exiting.")
exit()
# Step 4: Generate Signature
r, s = sign_message(private_key, message, k)
print(f"\nGenerated Signature:")
print(f"r = {r}")
print(f"s = {s}")
# Step 5: Verify the Signature
print("\nVerifying the signature...")
is_valid = verify_signature(public_key, message, r, s)
print(f"Signature valid: {is_valid}")