This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#BLS6 curve taken from https://eprint.iacr.org/2019/431.pdf Table 15 | |
def computeS(n,c): | |
""" | |
(Algorithm 2.35: Lenstra, Verheul: An overview of the XTR public key system) | |
Computes S_n(c) as defined in Lenstra, Verheul. | |
Parameters: | |
(int) n>0; | |
(GF(p^2)) c | |
Returns: |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
p = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab | |
r = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001 | |
# assert p.is_prime() | |
# assert r.is_prime() | |
proof.arithmetic(False) | |
Fp = GF(p) | |
Fpx.<x> = Fp[] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function recover(privateKey) { | |
console.log("recover"); | |
const MALICIOUS_PRIME = new Uint8Array([129,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17]); | |
// this generator has order 5 | |
const MALICIOUS_GENERATOR = new Uint8Array([46,35,147,92,93,21,176,170,70,144,93,164,112,85,178,126]); | |
privateKey.algorithm.generator = MALICIOUS_GENERATOR; | |
privateKey.algorithm.prime = MALICIOUS_PRIME; | |
window.crypto.subtle.generateKey( | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Arguments: | |
* priv: CryptoKey representing a DH private key | |
* pub: CryptoKey representing a DH public key | |
* | |
* Returns: Promise resolving to ArrayBuffer | |
*/ | |
async function secret(priv, pub) { | |
return await window.crypto.subtle.deriveBits( | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Arguments: None | |
* | |
* Returns: Promise resolving to: | |
* { | |
* privateKey: CryptoKey, | |
* publicKey: CryptoKey, | |
* } | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
window.crypto.subtle.generateKey( | |
{ | |
name: "AES-GCM", | |
length: 256, //can be 128, 192, or 256 | |
}, | |
false, //whether the key is extractable (i.e. can be used in exportKey) | |
["encrypt", "decrypt"] //can "encrypt", "decrypt", "wrapKey", or "unwrapKey" | |
) | |
.then(function(key){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//https://github.com/diafygi/webcrypto-examples | |
window.crypto.subtle.encrypt( | |
{ | |
name: "AES-GCM", | |
//Don't re-use initialization vectors! | |
//Always generate a new iv every time your encrypt! | |
//Recommended to use 12 bytes length | |
iv: window.crypto.getRandomValues(new Uint8Array(12)), |
NewerOlder