## Exercise 5 ~ The Adventures of the Crypto-Apprentice: Return Of Vernam Cipher

In [1]:
# Get variable from parameters file
import utils
import binascii
params = utils.get_parameters()

In [2]:
p = params.Q5_p # the prime number
a = params.Q5_a # a first integer
b = params.Q5_b # a second integer
C = params.Q5_C # the ciphertext
y = params.Q5_y # y-coordinate of [2^{2|M'|}]P
n = params.Q5_n # the order of the elliptic curve E

Random point $P=(P_x,P_y)$ of an elliptic curve $E$ is the shared secret and a seed of the key sequence.

Let $K=K_0K_1\cdots$ be a key sequence. Then:

$K_i=\times([2^i]P)\ \textrm{mod}\ 2$

$K_i=1\ \textrm{if}\ [2^i]P\ \textrm{is the point at infinity}\ \mathcal{O}$

Where $\times(P)=P_x$ and $[2^i]P$ is a scalar multiplication between an integer $2^i$ and a point $P$.

### Elliptic curve $E$:

$E=\{\mathcal{O}\}\cup\{(x,y)\in K^2\mid y^2=x^3+ax+b\}$

Where $K=\mathbb{Z}_p$.

### Also:

We are given the $y$-coordinate of $[2^{2\mid M^\prime\mid}]P$

In [3]:
G = IntegerModRing(p)

First, let's find the solutions of the elliptic curve equation with the given value $y$ :

In [4]:
R.<u> = PolynomialRing(G, 'u')
f = (- y ** 2 + u ** 3 + a * u + b)
r = [i[0] for i in f.roots()]
print r

[2863630260273906879738304382327082098766838571003235254560, 829539754520273617339926976669563027315213831455604281432, 215435968619537503897656783387023535044104393106441343301]


Now let's get these points in the elliptic curve :

In [5]:
E = EllipticCurve(G, [0, 0, 0, a, b])

In [6]:
points = [E(i, y) for i in r]

We can easily find the possible private keys using the inverse of $2^{2|M'|}$ and the three points ! The apprentice should not have given us the value $y$ !

In [7]:
k = inverse_mod(2 ** (2 * len(C)), n)
possible_private_keys = [k * point for point in points]

In [8]:
# decode_binary_string will decode a binary string using a given encoding [FOUND ON STACKOVERFLOW]
def decode_binary_string(s, encoding='utf-8'):
    byte_string = ''.join(chr(int(s[i*8:i*8+8],2)) for i in range(len(s)//8))
    return byte_string.decode(encoding)

def decrypt(P):
    plaintext = []
    two_i = 1
    for i, b in enumerate(C):
        Ki = mod((two_i * P)[0], 2)
        Mi = mod(Ki + int(b), 2)
        plaintext.append(str(Mi))
        two_i *= 2
    try:
        plain = decode_binary_string(''.join(plaintext), 'ascii')
        return plain
    except:
         return ''

In [9]:
for P in possible_private_keys:
    d = decrypt(P)
    if d != '':
        print d
        break

Revenge? Revenge! The King under Raglan is dead and where are his kin that dare seek revenge? Girion Lord of Dwarf is dead, and I have eaten his people like a wolf among sheep, and where are his sons' sons that dare approach me? I kill where I wish and none dare resist. I laid low the warriors of old and their like is not in the world today. Then I was but young and tender. Now I am old and strong, strong, strong, Thief in Siestas!
