<a href="https://colab.research.google.com/github/mathengem/Algorithmic-Trading-Backtesting-in-python/blob/main/Z3SShamirREcover.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [2]:
!pip install z3-solver

Collecting z3-solver
  Downloading z3_solver-4.13.0.0-py2.py3-none-manylinux2014_x86_64.whl (57.3 MB)
[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m57.3/57.3 MB[0m [31m7.0 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: z3-solver
Successfully installed z3-solver-4.13.0.0


In [6]:
import random
from z3 import *

# Constants
NUM_GUESSES = 1000  # Number of guesses to generate
SHARE_LENGTH = 12    # Length of each share

# Function to generate guesses for the remaining share(s) based on vulnerabilities
def generate_guesses():
    # We exploit the vulnerability of biased coefficient generation
    # Generate guesses by considering the bias introduced in coefficient generation
    guesses = []
    for _ in range(NUM_GUESSES):
        guess = []
        for _ in range(SHARE_LENGTH):
            # Simulate biased coefficient generation
            coefficient = random.randint(1, 254)  # Coefficients are never 255
            guess.append(coefficient)
        guesses.append(guess)
    return guesses

# Function to calculate probability distributions of the secret
def calculate_probability_distribution():
    # Calculate probability distributions based on the reduced entropy
    # We can estimate the entropy reduction using known formulas or simulations
    # For simplicity, let's assume a fixed reduction in entropy for each byte of the secret
    entropy_reduction_per_byte = 7.72  # Estimated entropy reduction per byte
    probability_distribution = {}
    for i in range(SHARE_LENGTH):
        probability_distribution[i] = 2 ** (-entropy_reduction_per_byte / 8)
    return probability_distribution

# Main function
def main():
    # Given shares
    share1 = [ord(char) for char in "session cigar grape merry useful churn fatal thought very any arm unaware"]
    share2 = [ord(char) for char in "clock fresh security field caution effort gorilla speed plastic common tomato echo"]

    # Generate guesses for remaining share(s)
    guesses = generate_guesses()

    # Calculate probability distributions of the secret
    probability_distribution = calculate_probability_distribution()

    # Create Z3 variables as bit vectors
    secret = [BitVec(f'secret_{i}', 8) for i in range(SHARE_LENGTH)]

    # Create Z3 solver
    solver = Solver()

    # Add constraints based on known shares
    for i in range(SHARE_LENGTH):
        solver.add(secret[i] ^ share1[i] ^ share2[i] == 0)

    # Add constraints based on probability distributions
    for i in range(SHARE_LENGTH):
        solver.add(If(secret[i] != 0, probability_distribution[i], 0) == 1)

    # Add constraints to ensure secret is printable ASCII characters
    for i in range(SHARE_LENGTH):
        solver.add(And(secret[i] >= 32, secret[i] <= 126))

    # Check if solver is satisfiable
    if solver.check() == sat:
        model = solver.model()
        reconstructed_secret = ''.join([chr(model[secret[i]].as_long()) for i in range(SHARE_LENGTH)])
        print(f"Reconstructed Secret: {reconstructed_secret}")
    else:
        print("No solution found.")

if __name__ == "__main__":
    main()


No solution found.


In [7]:
import random
from z3 import *

# Constants
NUM_GUESSES = 1000  # Number of guesses to generate
SHARE_LENGTH = 12    # Length of each share

# Function to generate guesses for the remaining share(s) based on vulnerabilities
def generate_guesses():
    # We exploit the vulnerability of biased coefficient generation
    # Generate guesses by considering the bias introduced in coefficient generation
    guesses = []
    for _ in range(NUM_GUESSES):
        guess = []
        for _ in range(SHARE_LENGTH):
            # Simulate biased coefficient generation
            coefficient = random.randint(1, 254)  # Coefficients are never 255
            guess.append(coefficient)
        guesses.append(guess)
    return guesses

# Function to calculate probability distributions of the secret
def calculate_probability_distribution():
    # Calculate probability distributions based on the reduced entropy
    # We can estimate the entropy reduction using known formulas or simulations
    # For simplicity, let's assume a fixed reduction in entropy for each byte of the secret
    entropy_reduction_per_byte = 7.72  # Estimated entropy reduction per byte
    probability_distribution = {}
    for i in range(SHARE_LENGTH):
        probability_distribution[i] = 2 ** (-entropy_reduction_per_byte / 8)
    return probability_distribution

# Main function
def main():
    # Given shares (corrected to be lists of integers)
    share1 = [115, 101, 115, 115, 105, 111, 110, 32, 99, 105, 103, 97]
    share2 = [114, 32, 103, 114, 97, 112, 101, 32, 109, 101, 114, 114]

    # Generate guesses for remaining share(s)
    guesses = generate_guesses()

    # Calculate probability distributions of the secret
    probability_distribution = calculate_probability_distribution()

    # Create Z3 variables as bit vectors
    secret = [BitVec(f'secret_{i}', 8) for i in range(SHARE_LENGTH)]

    # Create Z3 solver
    solver = Solver()

    # Add constraints based on known shares
    for i in range(SHARE_LENGTH):
        solver.add(secret[i] == share1[i] ^ share2[i])

    # Add constraints to ensure secret is printable ASCII characters
    for i in range(SHARE_LENGTH):
        solver.add(And(secret[i] >= 32, secret[i] <= 126))

    # Check if solver is satisfiable
    if solver.check() == sat:
        model = solver.model()
        reconstructed_secret = ''.join([chr(model[secret[i]].as_long()) for i in range(SHARE_LENGTH)])
        print(f"Reconstructed Secret: {reconstructed_secret}")
    else:
        print("No solution found.")

if __name__ == "__main__":
    main()

No solution found.


In [10]:
import random
from z3 import *

# Constants
NUM_GUESSES = 10000  # Increase the number of guesses
SHARE_LENGTH = 12    # Length of each share

# Function to generate guesses for the remaining share(s) based on vulnerabilities
def generate_guesses():
    # We exploit the vulnerability of biased coefficient generation
    # Generate guesses by considering the bias introduced in coefficient generation
    guesses = []
    for _ in range(NUM_GUESSES):
        guess = []
        for _ in range(SHARE_LENGTH):
            # Simulate biased coefficient generation
            coefficient = random.randint(1, 254)  # Coefficients are never 255
            guess.append(chr(coefficient))
        guesses.append(guess)
    return guesses

# Function to calculate probability distributions of the secret
def calculate_probability_distribution():
    # Calculate probability distributions based on the reduced entropy
    # We can estimate the entropy reduction using known formulas or simulations
    # For simplicity, let's assume a fixed reduction in entropy for each byte of the secret
    entropy_reduction_per_byte = 7.72  # Estimated entropy reduction per byte
    probability_distribution = {}
    for i in range(SHARE_LENGTH):
        probability_distribution[i] = 2 ** (-entropy_reduction_per_byte / 8)
    return probability_distribution

# Main function
def main():
    # Given shares (as words)
    share1 = "session cigar grape merry useful churn fatal thought very any arm unaware"
    share2 = "clock fresh security field caution effort gorilla speed plastic common tomato echo"

    # Generate guesses for remaining share(s)
    guesses = generate_guesses()

    # Calculate probability distributions of the secret
    probability_distribution = calculate_probability_distribution()

    # Create Z3 variables as bit vectors
    secret = [BitVec(f'secret_{i}', 8) for i in range(SHARE_LENGTH)]

    # Create Z3 solver
    solver = Solver()

    # Add constraints based on known shares
    for i in range(SHARE_LENGTH):
        solver.add(secret[i] == ord(share1[i]) ^ ord(share2[i]))

    # Add constraints to ensure secret is printable ASCII characters and guided by probability distribution
    for i in range(SHARE_LENGTH):
        solver.add(And(secret[i] >= 32, secret[i] <= 126))
        solver.add(secret[i] == If(probability_distribution[i] > 0.5,
                                  BitVec(f'secret_{i}', 8),
                                  BitVec(f'secret_{i}', 8) + 1))

    # Check if solver is satisfiable
    if solver.check() == sat:
        model = solver.model()
        reconstructed_secret = ''.join([chr(model[secret[i]].as_long()) for i in range(SHARE_LENGTH)])
        print(f"Reconstructed Secret: {reconstructed_secret}")
    else:
        print("No solution found.")

if __name__ == "__main__":
    main()

No solution found.
