pyecsca.sca.re.zvp module

Provides functionality inspired by the Zero-value point attack [ZVP].

Implements ZVP point construction from [FFD].

map_to_affine(formula, polys)[source]

Map unrolled polynomials of a formula to affine form, using some assumptions along the way (e.g. Z = 1).

Parameters:

  • formula (Formula) – The formula the polynomials belong to.

  • polys (List[Tuple[str, Poly]]) – The polynomials (intermediate values) to map.

Return type:

List[Tuple[str, Poly]]

Returns:

The mapped intermediate values, with associated variable names.

compute_factor_set(formula, affine=True, filter_nonhomo=True, xonly=False)[source]

Compute a set of factors present in the formula.

Parameters:

  • formula (Formula) – Formula to compute the factor set of.

  • affine (bool) – Whether to transform the polynomials into affine form.

  • filter_nonhomo (bool) – Whether to filter out non-homogenous polynomials.

  • xonly (bool) – Whether to make the factor set “x”-only by eliminating y-coords using the curve equation.

Return type:

Set[Poly]

Returns:

The set of factors present in the formula.

zvp_points(poly, curve, k, n)[source]

Find a set of (affine) ZVP points for a given intermediate value and dlog relationship.

Parameters:

  • poly (Poly) – The polynomial to zero out, obtained as a result of unroll_formula() (or its factor).

  • curve (EllipticCurve) – The curve to compute over.

  • k (int) – The discrete-log relationship between the two points, i.e. (x2, x2) = [k](x1, x1)

  • n (int) – The curve order.

Return type:

Set[Point]

Returns:

The set of points (x1, y1).