This repository contains code for replicating the experiments in the 'Popping "R-propping"' paper. The code is written in Sagemath 9.4.
We provide code to verify that our computations in M_k(F_{2^8}) obtain the same results as those in the "R-propping" series of papers. To run the verification, run
sage papers.py
To run the attacks on the GSDP-related HK17-like encryption scheme, run
sage plaintextrec.py
Use the --warmup
flag to run the "warmup" attack against the buggy scheme using coefficient-wise product
Use the --same-m-n
flag to make alice and bob use the same exponents m and n.
Use the --seed
flag to change the PRNG seed for the experiments.
Use the --verbose
flag to see the output of every instance, including the orders of g_0.
To run the forgery attacks on the signature scheme, run
sage forgery.py
Use the --seed
flag to change the PRNG seed for the experiments.
Use the --tries
flag to determine how many tries to run for the experiments.
Use the --verbose
flag to see the output of every instance, including the orders of g_0.
To run the DLP attacks on the "R-propped" parameters, run
sage dlp.py
Use the --seed
flag to change the PRNG seed for the experiments.
Use the --tries
flag to determine how many tries to run for the experiments.
Use the --verbose
flag to see the output of every instance, including the orders of g_0.
As part of our work, we implemented the examples given in some of the "R-propping" papers, to check that our implementation matched the original one. The numbers can be generated by running
sage papers.py