-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathattack_libgcrypt.py
74 lines (59 loc) · 1.93 KB
/
attack_libgcrypt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
from subprocess import call
import random
import math
# Check if a value is quadratic residue (QR) for safe primes
def isQR(x, p):
q = (p - 1) / 2
return pow(x, q, p)
# Find a message that is not a QR, note: half of messages are not QR
def findQNR(p):
r = random.randint(1, p - 1)
while isQR(r, p) == 1:
r = random.randint(1, p - 1)
return r
# Find a message that is a QR, note: half of messages are not QR
def findQR(p):
r = random.randint(1, p - 1)
return pow(r, 2, p)
# Key generation. We use 512-bit only for better performance
print "Generating the key..."
call(["gcc", "-o", "keygen", "gcrypt_keygen.c", "-lgcrypt"])
call(["gcc", "-o", "encrypt", "gcrypt_encrypt.c", "-lgcrypt"])
call("./keygen")
p = int(open("./p").read(), 16)
y = int(open("./y").read(), 16)
wrong = 0
runs = 1000
print "Running the experiment..."
for i in xrange(runs):
pk = y
# Select two messages
plaintexts = dict()
plaintexts[0] = findQNR(p)
plaintexts[1] = findQR(p)
challenge_bit = random.randint(0,1)
challenge_string = hex(plaintexts[challenge_bit])
challenge_string = challenge_string[2:-1]
challenge_string = challenge_string.zfill(256)
challenge_string = challenge_string.upper()
open("./pt", "wb").write(challenge_string)
call("./encrypt")
ct_a = int(open("./ct_a").read(), 16)
ct_b = int(open("./ct_b").read(), 16)
# Guess the challenge bit
output = -1
# Without the secret key (y is the public key and p is in the public parameter)
# Guess which one it is.
if ((isQR(pk, p) == 1) or (isQR(ct_a, p) == 1)):
if isQR(ct_b, p) == 1:
output = 1
else:
output = 0
else:
if isQR(ct_b, p) == 1:
output = 0
else:
output = 1
if output != challenge_bit:
wrong = wrong + 1
print "Number of times the guess was wrong (should be 50% if ElGamal is secure):", wrong, "/", runs