MR.HAANDI's Short Sign
| Download short_sign_keygenme.zip, 895 kb (password: crackmes.de) Browse contents of short_sign_keygenme.zip My most complex work till now,
Difficulty: 9 - You can't solve this yourself :) | Send a message to MR.HAANDI » View profile of MR.HAANDI » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| divinomas 02. Mar 2009 | Short sign crackme is a theoretical crackable crackme, based on prevalent paring based cryptograph schema. But considering the big Elliptic curve (110bits), it is far more practical to obtain the private key compared to ECC109 challenge on certicom (detail: http://arstechnica.com/old/content/2002/10/1088.ars). Moreover, the curve is non-singular and not anomalous, so polynomial-time or subpolynomial algorithm won't work here. On the other hand, Short sign generates private key from MD5 hash and seemingly the private key is not close to 0 or the group order.Anyway, although I can't get the private key individually, I did learn a lot from the procedure to understand the deep concept concerning elliptic cure. |
|---|---|
| ksc91u 10. Mar 2009 | I know solving large ECC is difficult. But I do not understand, pDriLl's Crypto Keygenme also make use of ECC, from the solution I see his P is like more than 88 bits. Why it is still cracked? |
| MR.HAANDI Author 10. Mar 2009 | Dealing with ecdlp it depends on the largest factor of the order (pohlig-hellman algorithm), which is small in that keygenme. Additionally, current ecdlp solvers can do tasks even with 90bit prime order in some weeks with recent cpus. |
| ksc91u 11. Mar 2009 | EC domain parameters:(p,a,b,G,n) P=k*G How about finding P if we know k, and (p,a,b). Is this as difficult as ECDLP? |
| MR.HAANDI Author 11. Mar 2009 | No, this is a plain EC multiplication for which polynomial time algorithms exist. In this equation only to find k (P,G given) would be difficult. Even to find P in G=k*P (G,k given) wouldn't be hard. |
| ksc91u 11. Mar 2009 | G=k*P (G,k given) is easy because you know the size of field, right? Size=U P=(U-k)*G. What if you don't know U,G ? Many thanks for answering. |
| MR.HAANDI Author 11. Mar 2009 | Firstly, it is not (U-k) but (k^(-1) in the finite field created modulo U). If you do not know U, you have an unknown group structure (the same idea as behind RSA). Here the difficulty is still less than ecdlp. However, it is very challenging to write an own algorithm, which is significantly faster than the one, which solves the ecdlp. |
| ksc91u 11. Mar 2009 | Yes, I agree (k^(-1)). Maybe I was not clear. My U is the number of total points. As in http://www.ellipsa.net/public/ecb/ecb.html this software, right? Why it is simpler than ecdlp? And would you tell me the size of prime in pDriLl's Crypto Keygenme? |
| SpiderZ 04. Nov 2009 | does patching is allowed or any other solution? |
| Unknown Coder 22. Dec 2013 | Succes Data matches the given signature. I did it ? |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.