BADA55: Scripts

This site contains several scripts to generate/verify standards, specifically elliptic-curve standards. These scripts are designed to be released publicly: each script includes comments highlighting a few of the choices made in the script as standard, secure, obvious things to do.

To run these scripts you need three tools:

The Sage computer-algebra system, a mathematical front-end to Python, including Python wrappers around many math libraries. The scripts use Sage to count points on elliptic curves. (Verifying the number of points is an easier computation, doable without much effort in plain Python, but would need this number to be included in the scripts.)
The full "seadata" database used for counting points. Sage includes a small version of this database, enough to count points on 256-bit elliptic curves. The full database is enough to count points on 512-bit elliptic curves.
SimpleSHA3, a Python library providing a simple hash-a-string interface to Keccak, the SHA-3 competition winner. SHA-3 is not yet a standard part of Python. There are several other "SHA-3" libraries for Python, but most of them provide only the original Keccak; the SHA-3 standard is a tweak of the original Keccak and produces different outputs. SimpleSHA3 provides both SHA-3 and the original Keccak: e.g., "sha3256" is SHA3-256 with 256-bit output (and 512-bit "capacity"), while "keccakc512" is the original Keccak with 256-bit output (and 512-bit "capacity"). SimpleSHA3 is currently built on top of the 9-tweet C library TweetFIPS202, so it is very small but still tolerably fast.

Beware that Sage is a very large unsigned package with frequent updates. To help protect your machine, you are encouraged to use a virtual machine to install and run Sage. Inside that virtual machine, as root, run the following commands to install Python development tools, create a "sage" account, download Sage, and compile Sage, along with the full "seadata" database:

     aptitude install python-dev -y # for Ubuntu; similar for other Linux systems
     adduser --disabled-password --gecos 'Sage' sage
     su - sage
     
     wget http://pari.math.u-bordeaux.fr/pub/pari/packages/seadata.tgz
     openssl sha256 seadata.tgz
     # c9282a525ea3f92c1f9c6c69e37ac5a87b48fb9ccd943cfd7c881a3851195833
     wget http://mirrors.mit.edu/sage/src/sage-6.8.tar.gz
     openssl sha256 sage-6.8.tar.gz
     # 49ca2885cce1ed1ea5e84f4954cee3f0e9d403289bbd5f6c0faf0411ffcf5580
     
     ln -s sage-6.8/sage
     time tar -xf sage-6.8.tar.gz
     cd sage-6.8
     time MAKE="make -j7" make
     cd
     tar -xf seadata.tgz
     cp data/seadata/* sage-6.8/local/share/pari/seadata/
     echo print 2+2 | ./sage
     exit

Also run the following commands, as any user inside the virtual machine, to download and compile SimpleSHA3:

     cd
     mkdir simplesha3
     cd simplesha3
     wget https://bada55.cr.yp.to/simplesha3/setup.py
     openssl sha256 < setup.py
     # 62939d9373b3d02f1d98a6a9e05e73827228360431a206a324dab6a388edbcd6
     wget https://bada55.cr.yp.to/simplesha3/simplesha3.c
     openssl sha256 < simplesha3.c
     # 4e7035f667d9c663a33322ee4b3f18e11bd87c38c13c66ac3d378ba20200ee62

     python setup.py build

Finally, as the same user, download and run the verification scripts:

     cd
     mkdir bada55
     cd bada55
     cp $HOME/simplesha3/build/lib*/simplesha3.so .
     for i in vr224.sage vr256.sage vr384.sage \
       brain224slow.sage brain224.sage brainpool.sage \
       brain224fixedslow.sage brain224fixed.sage brainpoolfixed.sage \
       vpr1slow.sage vpr1.sage vpr2slow.sage vpr2.sage
     do
       wget https://bada55.cr.yp.to/$i
       openssl sha256 < $i
     done
     # 17069d82719f15fdc7c50b5a01e231d06e45a15acad902335a983df656c4a0dc
     # c0d476c440675cba00a576b892eb24e7d574bb0fe23a9e2b25a81c02c22cdbf5
     # 345d17677c00f408638229f257cf03855344775c0aa351717090272e1ece3e9e
     # 7cddb931b0cf45fdda0933b46fbfbb476f5a29cbec3d812c986e1175cb9cbc8e
     # aaaa7eb12e9749b9f5832b3813120cb15deb4e55e86ba389f35fffc8af8b77bf
     # 2dfdd1050235e15c71a3203f434062a848ffc1c6e0187c08957c7f5289b32bb5
     # f2968bc205d144cd09ccac6d99a2aa34752e03612975aeda4187541d3a18b19b
     # 89cb8909059d33f55955d359d4bc9a62fbd1122ba68f69bbc55f1503c04107fd
     # 8da0745723dcccdae7a6451f904f87d9567997bdd7a1063d3d6ecc5ddf36e79c
     # 520e62202ccf981d098e62a779d37171775e92f3ce5d8f27ebbf00c075ad75cd
     # a9cb15eee2297fc81c59297aa33b696edd604e314f544c004019a94db5e4603e
     # 969bee92ff94fb236d04fc97542e63663d40d3a9b4f8b8c28e2a0eefca4e73d5
     # f82c9de4f32654d4e343e93ce9c0ecf69bcc42d9befb5c88812b699f58a8f505

     for i in vr224 vr256 vr384 \
       brain224slow brain224 brainpool \
       brain224fixedslow brain224fixed brainpoolfixed \
       vpr1slow vpr1 vpr2slow vpr2
     do
       /home/sage/sage $i.sage > $i.out
     done

The scripts take under a day on one core of a fast machine, and only a few hours if you leave out the "slow" scripts.

Version: This is version 2017.01.22 of the "Scripts" web page.