The use of elliptic curves for public-key cryptography was first suggested in 1985. After resisting decades of attacks, they started to see widespread use from around 2005, providing several benefits over previous public-key cryptosystems such as RSA.
Smaller EC keys offer greater strength, with a 256-bit EC key having the same security level as a 3072-bit RSA key. Furthermore, several operations using those keys (including signing) can be more efficient both time- and memory-wise. Finally, since ECC is more complex than RSA, it has the welcome effect of encouraging developers to make use of trusted libraries rather than rolling their own.
These challenges aim to give you an intuition for the trapdoor function behind ECC; dip your toes into the mathematical structure underlying it; and have you breaking popular schemes like ECDSA.
The point $O$ acts as the identity operator of the group: $P + O = P$ and $P + (-P) = O$.
This brings us to the point of defining an elliptic curve.
Definition: An elliptic curve $E$ is the set of solutions to a Weierstrass equation
$E: Y^{2} = X^{3} + a X + b$
together with a point at infinity $O$. The constants $a,b$ must satisfy the relationship
$4a^{3} + 27 b^{2} \neq 0$
to ensure there are no singularities on the curve.
Formally, let E be an elliptic curve, point addition has the following properties
(a) $P + O = O + P = P$
(b) $P + (−P) = O$
(c) $(P + Q) + R = P + (Q + R)$
(d) $P + Q = Q + P$
In ECC, we study elliptic curves over a finite field $\Fp$. This means we look at the curve modulo the characteristic $p$ and an elliptic curve will no longer be a curve, but a collection of points whose $x,y$ coordinates are integers in $\Fp$.
The following starter challenges will take you through the calculations for ECC and get you used to the basic operations that ECC is built upon, have fun!
Property (d)
shows that point addition is commutative. The flag is the name we give groups with a commutative operation.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
decrypt.py
file to decode the flagYou must be logged in to submit your flag.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
a,b
and keeping them secret.You must be logged in to submit your flag.
You must be logged in to submit your flag.
socket.cryptohack.org 13416
You must be logged in to submit your flag.
socket.cryptohack.org 13417
You must be logged in to submit your flag.
socket.cryptohack.org 13419
You must be logged in to submit your flag.
socket.cryptohack.org 13418
You must be logged in to submit your flag.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
G.x = 9
, find the $x$-coordinate (decimal representation) of point Q = [0x1337c0decafe] G
by implementing the above algorithm.LADDER
in Montgomery curves and their arithmetic together with Alg. 1 xADD
and Alg. 2 xDBL
.
You must be logged in to submit your flag.
You must be logged in to submit your flag.
You are now level Current level