Program

Question

Program

An1an1 opened this issue 2 years ago · 3 comments

Good afternoon, do you have a video of how this program works? A video would close many questions.

Answer 1 · 2023-01-25T13:36:49.000Z

If you mean "how it works from a theoretical perspective", LatticeAttack uses lattice basis reduction to solve a Shortest Vector Problem from a Hidden Number Problem. For all details, you can read all the bibliography in the README : https://github.com/bitlogik/lattice-attack#bibliography

If you mean "how to use it in practice", there are various resources that can help :

ReadMe Use
Comment in the code L39
An example provided which generates data for input, from a (almost) real case scenario
Our long responses in this issue : #21

Let us know your user issues, your goal, what is not working, what you don't understand to make this software work, and we'll assist you here. This is the right place for any help you would need. Ask your questions.

Answer 2 · 2023-01-29T08:20:21.000Z

public key data x, y where should it be displayed ? in the file gen_input.py

Answer 3 · 2023-01-29T13:30:30.000Z

For the data input, LatticeAttack works with JSON files.
JSON input format :

{
    "curve": curveString,
    "public_key": [pubx, puby],
    "message": [a,b,c,...], // In case same message for all signatures
    "known_type": "LSB"/"MSB",
    "known_bits": 6
    "signatures": [ {"r": intR, "s": intS, "kp": leakednoncepart }, {...}, ... ]
}

Note about the hash :
There are 2 ways to provide the message or hash in the input data for LatticeAttack.

Single common message
In the case the message is the same for all the signature, this needs to be provided as a binary string message (not the hash, before hashing). The format is an integer list/tuple or bytes/bytesarray. The key is top-level "message".
The hash used is SHA2-256 for the hash. Hence it works only for ECDSA using SHA2-256 hash.
Per signature message
In the case the message is unique per signature. The data to provide is an integer. The hash value is provided in the "hash" key in each signature object. The integer is the value of the binary bytes in big endian : from_bytes(h, "big").

About the public key : It needs to be provided as an array of the integer coordinates (a list) : [x, y].

We provide a Python script "gen_data" which generates such input JSON example files to demonstrate how LatticeAttack can be used, and to help to use it.

The public key is computed with : ecdsa_lib.privkey_to_pubkey(d_key, curve)
There are various helpers in the ecdsa_lib file.

It is very hard to help you because we have absolutely no context about your goals and your use case.

Remember that in cryptography, 90% of the work is about translating data from one format to another, and using LatticeAttack is no stranger to this.