diff --git a/contrib/yggdrasil-brute-simple/LICENSE b/contrib/yggdrasil-brute-simple/LICENSE new file mode 100644 index 00000000..2d61b400 --- /dev/null +++ b/contrib/yggdrasil-brute-simple/LICENSE @@ -0,0 +1,150 @@ +This software is released into the public domain. As such, it can be +used under the Unlicense or CC0 public domain dedications. + + + +The Unlicense + +This is free and unencumbered software released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to + + + +CC0 1.0 Universal + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator and +subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for the +purpose of contributing to a commons of creative, cultural and scientific +works ("Commons") that the public can reliably and without fear of later +claims of infringement build upon, modify, incorporate in other works, reuse +and redistribute as freely as possible in any form whatsoever and for any +purposes, including without limitation commercial purposes. These owners may +contribute to the Commons to promote the ideal of a free culture and the +further production of creative, cultural and scientific works, or to gain +reputation or greater distribution for their Work in part through the use and +efforts of others. + +For these and/or other purposes and motivations, and without any expectation +of additional consideration or compensation, the person associating CC0 with a +Work (the "Affirmer"), to the extent that he or she is an owner of Copyright +and Related Rights in the Work, voluntarily elects to apply CC0 to the Work +and publicly distribute the Work under its terms, with knowledge of his or her +Copyright and Related Rights in the Work and the meaning and intended legal +effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not limited +to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, communicate, + and translate a Work; + + ii. moral rights retained by the original author(s) and/or performer(s); + + iii. publicity and privacy rights pertaining to a person's image or likeness + depicted in a Work; + + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + + v. rights protecting the extraction, dissemination, use and reuse of data in + a Work; + + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation thereof, + including any amended or successor version of such directive); and + + vii. other similar, equivalent or corresponding rights throughout the world + based on applicable law or treaty, and any national implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention of, +applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and +unconditionally waives, abandons, and surrenders all of Affirmer's Copyright +and Related Rights and associated claims and causes of action, whether now +known or unknown (including existing as well as future claims and causes of +action), in the Work (i) in all territories worldwide, (ii) for the maximum +duration provided by applicable law or treaty (including future time +extensions), (iii) in any current or future medium and for any number of +copies, and (iv) for any purpose whatsoever, including without limitation +commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes +the Waiver for the benefit of each member of the public at large and to the +detriment of Affirmer's heirs and successors, fully intending that such Waiver +shall not be subject to revocation, rescission, cancellation, termination, or +any other legal or equitable action to disrupt the quiet enjoyment of the Work +by the public as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason be +judged legally invalid or ineffective under applicable law, then the Waiver +shall be preserved to the maximum extent permitted taking into account +Affirmer's express Statement of Purpose. In addition, to the extent the Waiver +is so judged Affirmer hereby grants to each affected person a royalty-free, +non transferable, non sublicensable, non exclusive, irrevocable and +unconditional license to exercise Affirmer's Copyright and Related Rights in +the Work (i) in all territories worldwide, (ii) for the maximum duration +provided by applicable law or treaty (including future time extensions), (iii) +in any current or future medium and for any number of copies, and (iv) for any +purpose whatsoever, including without limitation commercial, advertising or +promotional purposes (the "License"). The License shall be deemed effective as +of the date CC0 was applied by Affirmer to the Work. Should any part of the +License for any reason be judged legally invalid or ineffective under +applicable law, such partial invalidity or ineffectiveness shall not +invalidate the remainder of the License, and in such case Affirmer hereby +affirms that he or she will not (i) exercise any of his or her remaining +Copyright and Related Rights in the Work or (ii) assert any associated claims +and causes of action with respect to the Work, in either case contrary to +Affirmer's express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + + b. Affirmer offers the Work as-is and makes no representations or warranties + of any kind concerning the Work, express, implied, statutory or otherwise, + including without limitation warranties of title, merchantability, fitness + for a particular purpose, non infringement, or the absence of latent or + other defects, accuracy, or the present or absence of errors, whether or not + discoverable, all to the greatest extent permissible under applicable law. + + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without limitation + any person's Copyright and Related Rights in the Work. Further, Affirmer + disclaims responsibility for obtaining any necessary consents, permissions + or other rights required for any use of the Work. + + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to this + CC0 or use of the Work. + +For more information, please see + diff --git a/contrib/yggdrasil-brute-simple/Makefile b/contrib/yggdrasil-brute-simple/Makefile new file mode 100644 index 00000000..aa2adc86 --- /dev/null +++ b/contrib/yggdrasil-brute-simple/Makefile @@ -0,0 +1,12 @@ +.PHONY: all + +all: util yggdrasil-brute-multi-curve25519 yggdrasil-brute-multi-ed25519 + +util: util.c + gcc -Wall -std=c89 -O3 -c -o util.o util.c + +yggdrasil-brute-multi-ed25519: yggdrasil-brute-multi-ed25519.c util.o + gcc -Wall -std=c89 -O3 -o yggdrasil-brute-multi-ed25519 -lsodium yggdrasil-brute-multi-ed25519.c util.o + +yggdrasil-brute-multi-curve25519: yggdrasil-brute-multi-curve25519.c util.o + gcc -Wall -std=c89 -O3 -o yggdrasil-brute-multi-curve25519 -lsodium yggdrasil-brute-multi-curve25519.c util.o diff --git a/contrib/yggdrasil-brute-simple/README.md b/contrib/yggdrasil-brute-simple/README.md new file mode 100644 index 00000000..f7b68765 --- /dev/null +++ b/contrib/yggdrasil-brute-simple/README.md @@ -0,0 +1,8 @@ +# yggdrasil-brute-simple + +Simple program for finding curve25519 and ed25519 public keys whose sha512 hash has many leading ones. +Because ed25519 private keys consist of a seed that is hashed to find the secret part of the keypair, +this program is near optimal for finding ed25519 keypairs. Curve25519 key generation, on the other hand, +could be further optimized with elliptic curve magic. + +Depends on libsodium. diff --git a/contrib/yggdrasil-brute-simple/util.c b/contrib/yggdrasil-brute-simple/util.c new file mode 100644 index 00000000..fd17e496 --- /dev/null +++ b/contrib/yggdrasil-brute-simple/util.c @@ -0,0 +1,62 @@ +#include "yggdrasil-brute.h" + +int find_where(unsigned char hash[64], unsigned char besthashlist[NUMKEYS][64]) { + /* Where to insert hash into sorted hashlist */ + int j; + int where = -1; + for (j = 0; j < NUMKEYS; ++j) { + if (memcmp(hash, besthashlist[j], 64) > 0) ++where; + else break; + } + return where; +} + +void insert_64(unsigned char itemlist[NUMKEYS][64], unsigned char item[64], int where) { + int j; + for (j = 0; j < where; ++j) { + memcpy(itemlist[j], itemlist[j+1], 64); + } + memcpy(itemlist[where], item, 64); +} + +void insert_32(unsigned char itemlist[NUMKEYS][32], unsigned char item[32], int where) { + int j; + for (j = 0; j < where; ++j) { + memcpy(itemlist[j], itemlist[j+1], 32); + } + memcpy(itemlist[where], item, 32); +} + +void make_addr(unsigned char addr[32], unsigned char hash[64]) { + /* Public key hash to yggdrasil ipv6 address */ + int i; + int offset; + unsigned char mask; + unsigned char c; + int ones = 0; + unsigned char br = 0; /* false */ + for (i = 0; i < 64 && !br; ++i) { + mask = 128; + c = hash[i]; + while (mask) { + if (c & mask) { + ++ones; + } else { + br = 1; /* true */ + break; + } + mask >>= 1; + } + } + + addr[0] = 2; + addr[1] = ones; + + offset = ones + 1; + for (i = 0; i < 14; ++i) { + c = hash[offset/8] << (offset%8); + c |= hash[offset/8 + 1] >> (8 - offset%8); + addr[i + 2] = c; + offset += 8; + } +} diff --git a/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-curve25519.c b/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-curve25519.c new file mode 100644 index 00000000..a592f38b --- /dev/null +++ b/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-curve25519.c @@ -0,0 +1,105 @@ +/* +sk: 32 random bytes +sk[0] &= 248; +sk[31] &= 127; +sk[31] |= 64; + +increment sk +pk = curve25519_scalarmult_base(mysecret) +hash = sha512(pk) + +if besthash: + bestsk = sk + besthash = hash +*/ + +#include "yggdrasil-brute.h" + + +void seed(unsigned char sk[32]) { + randombytes_buf(sk, 32); + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; +} + + +int main(int argc, char **argv) { + int i; + int j; + unsigned char addr[16]; + time_t starttime; + time_t requestedtime; + + unsigned char bestsklist[NUMKEYS][32]; + unsigned char bestpklist[NUMKEYS][32]; + unsigned char besthashlist[NUMKEYS][64]; + + unsigned char sk[32]; + unsigned char pk[32]; + unsigned char hash[64]; + + unsigned int runs = 0; + int where; + + if (argc != 2) { + fprintf(stderr, "usage: ./yggdrasil-brute-multi-curve25519 \n"); + return 1; + } + + if (sodium_init() < 0) { + /* panic! the library couldn't be initialized, it is not safe to use */ + printf("sodium init failed!\n"); + return 1; + } + + starttime = time(NULL); + requestedtime = atoi(argv[1]); + + if (requestedtime < 0) requestedtime = 0; + fprintf(stderr, "Searching for yggdrasil curve25519 keys (this will take slightly longer than %ld seconds)\n", requestedtime); + + sodium_memzero(bestsklist, NUMKEYS * 32); + sodium_memzero(bestpklist, NUMKEYS * 32); + sodium_memzero(besthashlist, NUMKEYS * 64); + seed(sk); + + do { + /* generate pubkey, hash, compare, increment secret. + * this loop should take 4 seconds on modern hardware */ + for (i = 0; i < (1 << 16); ++i) { + ++runs; + if (crypto_scalarmult_curve25519_base(pk, sk) != 0) { + printf("scalarmult to create pub failed!\n"); + return 1; + } + crypto_hash_sha512(hash, pk, 32); + + where = find_where(hash, besthashlist); + if (where >= 0) { + insert_32(bestsklist, sk, where); + insert_32(bestpklist, pk, where); + insert_64(besthashlist, hash, where); + + seed(sk); + } + for (j = 1; j < 31; ++j) if (++sk[j]) break; + } + } while (time(NULL) - starttime < requestedtime || runs < NUMKEYS); + + fprintf(stderr, "--------------addr-------------- -----------------------------secret----------------------------- -----------------------------public-----------------------------\n"); + for (i = 0; i < NUMKEYS; ++i) { + make_addr(addr, besthashlist[i]); + for (j = 0; j < 16; ++j) printf("%02x", addr[j]); + printf(" "); + for (j = 0; j < 32; ++j) printf("%02x", bestsklist[i][j]); + printf(" "); + for (j = 0; j < 32; ++j) printf("%02x", bestpklist[i][j]); + printf("\n"); + } + + sodium_memzero(bestsklist, NUMKEYS * 32); + sodium_memzero(sk, 32); + + return 0; +} diff --git a/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-ed25519.c b/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-ed25519.c new file mode 100644 index 00000000..02218e50 --- /dev/null +++ b/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-ed25519.c @@ -0,0 +1,106 @@ +/* +seed: 32 random bytes +sk: sha512(seed) +sk[0] &= 248 +sk[31] &= 127 +sk[31] |= 64 + +pk: scalarmult_ed25519_base(sk) + + +increment seed +generate sk +generate pk +hash = sha512(mypub) + +if besthash: + bestseed = seed + bestseckey = sk + bestpubkey = pk + besthash = hash +*/ + +#include "yggdrasil-brute.h" + + +int main(int argc, char **argv) { + int i; + int j; + time_t starttime; + time_t requestedtime; + + unsigned char bestsklist[NUMKEYS][64]; /* sk contains pk */ + unsigned char besthashlist[NUMKEYS][64]; + + unsigned char seed[32]; + unsigned char sk[64]; + unsigned char pk[32]; + unsigned char hash[64]; + + unsigned int runs = 0; + int where; + + if (argc != 2) { + fprintf(stderr, "usage: ./yggdrasil-brute-multi-curve25519 \n"); + return 1; + } + + if (sodium_init() < 0) { + /* panic! the library couldn't be initialized, it is not safe to use */ + printf("sodium init failed!\n"); + return 1; + } + + starttime = time(NULL); + requestedtime = atoi(argv[1]); + + if (requestedtime < 0) requestedtime = 0; + fprintf(stderr, "Searching for yggdrasil ed25519 keys (this will take slightly longer than %ld seconds)\n", requestedtime); + + sodium_memzero(bestsklist, NUMKEYS * 64); + sodium_memzero(besthashlist, NUMKEYS * 64); + randombytes_buf(seed, 32); + + do { + /* generate pubkey, hash, compare, increment secret. + * this loop should take 4 seconds on modern hardware */ + for (i = 0; i < (1 << 17); ++i) { + ++runs; + crypto_hash_sha512(sk, seed, 32); + + if (crypto_scalarmult_ed25519_base(pk, sk) != 0) { + printf("scalarmult to create pub failed!\n"); + return 1; + } + memcpy(sk + 32, pk, 32); + + crypto_hash_sha512(hash, pk, 32); + + /* insert into local list of good key */ + where = find_where(hash, besthashlist); + if (where >= 0) { + insert_64(bestsklist, sk, where); + insert_64(besthashlist, hash, where); + randombytes_buf(seed, 32); + } + for (j = 1; j < 31; ++j) if (++seed[j]) break; + } + } while (time(NULL) - starttime < requestedtime || runs < NUMKEYS); + + fprintf(stderr, "!! Secret key is seed concatenated with public !!\n"); + fprintf(stderr, "---hash--- ------------------------------seed------------------------------ -----------------------------public-----------------------------\n"); + for (i = 0; i < NUMKEYS; ++i) { + for (j = 0; j < 5; ++j) printf("%02x", besthashlist[i][j]); + printf(" "); + for (j = 0; j < 32; ++j) printf("%02x", bestsklist[i][j]); + printf(" "); + for (j = 32; j < 64; ++j) printf("%02x", bestsklist[i][j]); + printf("\n"); + } + + sodium_memzero(bestsklist, NUMKEYS * 64); + sodium_memzero(sk, 64); + sodium_memzero(seed, 32); + + return 0; +} diff --git a/contrib/yggdrasil-brute-simple/yggdrasil-brute.h b/contrib/yggdrasil-brute-simple/yggdrasil-brute.h new file mode 100644 index 00000000..8e39e0f3 --- /dev/null +++ b/contrib/yggdrasil-brute-simple/yggdrasil-brute.h @@ -0,0 +1,12 @@ +#include +#include /* printf */ +#include /* memcpy */ +#include /* atoi */ +#include /* time */ + + +#define NUMKEYS 10 +void make_addr(unsigned char addr[32], unsigned char hash[64]); +int find_where(unsigned char hash[64], unsigned char besthashlist[NUMKEYS][64]); +void insert_64(unsigned char itemlist[NUMKEYS][64], unsigned char item[64], int where); +void insert_32(unsigned char itemlist[NUMKEYS][32], unsigned char item[32], int where);