Suggested update of code at line 358

compute roots of the polynomial

if (poly_target!=0):
    d_guesses = poly_target.roots()
else:
    return None

print("Poly Target: ",poly_target)

Hello,

I read your paper at iacr.org, thank you for detailed explanation, but I have a question: what is a practical impact of your “new attack” if all nonces are generated in a random way?

I mean this is a pretty obvious that if nonces are in a known sequence, secrets might be revealed, just trying to understand the full picture of your method. Are you like trying to understand the relation for given nonces and solve the matrix of equations, or you’re analyzing nonces using known sequences?

Thank you.

Nevermind. I misunderstood.

Hello, my friend!Please look at my correct output in the console, otherwise pubkey errors confuses me
Start time UTC: 2023-09-27 16:19:49.931918
Expected end time and date UTC 2023-09-27 16:26:50.000895
Successful attacks: 0
Total pubkey errors: 0
Lines percentage: 11.41%
Batches processed: 575
Lines count: 4572
Lines/s 101.65
Start time UTC: 2023-09-27 16:19:49.931918
Expected end time and date UTC 2023-09-27 16:27:08.909127
Successful attacks: 0
Total pubkey errors: 0
Lines percentage: 11.41%
Batches processed: 600
Lines count: 4572
Lines/s 97.76
Start time UTC: 2023-09-27 16:19:49.931918
Expected end time and date UTC 2023-09-27 16:27:25.701429
Successful attacks: 0
Total pubkey errors: 0
Lines percentage: 11.41%
Batches processed: 625
Lines count: 4572
Lines/s 94.58
Start time UTC: 2023-09-27 16:19:49.931918
Expected end time and date UTC 2023-09-27 16:27:41.269610
Successful attacks: 0
Total pubkey errors: 0
Lines percentage: 11.41%

I am running some tests on your project with the original attacks. The SageMath environment works perfectly on my Linux desktop, but I am attempting to convert the code from SageMath libraries to SymPy so that I can continue to test on my phone's PyDroid 3 app. The two lines of code that I am having an issue with converting are:

> (dd,) = R._first_ngens(1)

I have converted the original functions preceding the above to:

> dd = symbols('dd')
> Z = GF(usedcurve.order)
> R = PolynomialRing(Z, symbols = ('dd',))

I am trying to build the functions for the PolynomialRing so that calculation of the roots produces accurate results. This brings me to the second line of code that is causing me an issue:

> d_guesses = poly_target.roots()

I have converted this (thus far) using the multivariate roots functions of SymPy without success on evaluating the roots properly. At present this is the converted code snippet:

> d_guesses1 = real_roots(poly_target)
> d_guesses2 = [[int(root.evalf()) % usedcurve.order] for root in d_guesses1]

This is simply resulting in [0][1]. With other functions I am receiving an output of irrational numbers, or the entire roots factorial equation displayed.

Any assitance you are able to provide would be very welcome to assist with testing the original attacks on our mobile devices without using the SageMath environment. Thank you.