Elliptic Curves

The name of the challenge is the name of the vulnerability CVE-2020-0601 on the crypto32.dll utility on the Microsoft Windows operating system. This vulnerability only targets ECC, and that an adversary can specify their own generator, private key and curve used, as Windows allows for this specifying arbitrary curve behavior. The same idea applies for this challenge. From the source code of the challenge, 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 def search_trusted(self, Q): for host, cert in self....

Title suggest the use of MOV attack, which is a mapping from ECC to Bilinear Maps to solve DLP. More information can be found on Crypto StackExchange. The code is based on this writeup on HackTheBox by WizardAlfredo, which the following solution uses the implementation from. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 from Crypto....

Big kudos to ConnorM on the Cryptohack Discord for the help. This challenge is super sneaky, as the implementation looks very sound, and it bears great resemblance to the example of the Python-ecdsa module. I learnt two lessons from this. First, please do code fuzzing carefully - I was very close to the actual solution but simply missed the crucial idea. Second, do not make assumptions about one’s code - vulnerabilities can start from something very silly....

The title of the challenge hints at a clue - the modulo used in the challenge is a smooth prime. There are no obvious weakness in the encryption scheme given in the source code. Again, revising the old lesson - Pohlig-Hellman algorithm is insane at solving DLP with primes of smooth order. Otherwise, the challenge is simply a matter of figuring out the proper Sage syntax to solve the challenge. discrete_log of Sage is powerful when it comes to solving DLP, as the underlying implementation of Sage involves both Pohlig-Hellman and BSGS....