I have all parameter of elliptic curve. And the coordinate of points Q and P. I want to solve Q=k*P (where k is the unknown) by testing all possible k.
So i used this class
then:
a=-1
b=0
p=134747661567386867366256408824228742802669457
curve = EllipticCurve(a,b,p)
P=[18185174461194872234733581786593019886770620,74952280828346465277451545812645059041440154]
Q=[76468233972358960368422190121977870066985660, 33884872380845276447083435959215308764231090]
for i in range(2902021510595963727029):
result = curve.multPoint(i,P)
if result[0]==Q[0] and result[1]==Q[1]:
print (i)
break
Is this the right approach to solve this problem?
The curve is vulnerable to both the MOV attack and the older FR attack that works similarly, So we can use Weil or Tate pairings (respectively).
q = 134747661567386867366256408824228742802669457
Zq = Zmod(q)
E = EllipticCurve(Zq, [0,0,0,-1,0])
P = E(18185174461194872234733581786593019886770620, 74952280828346465277451545812645059041440154)
Q = E(76468233972358960368422190121977870066985660, 33884872380845276447083435959215308764231090)
n = P.order()
k = GF(n)(q).multiplicative_order()
R = E.random_element()
w1 = P.tate_pairing(R, n, k)
w2 = Q.tate_pairing(R, n, k)
print w1, w2
with w2=w1^k we need to solve a discrete logarithm problem in a ring of integer mod p. It can take quite a while but is still feasible given the small modulus.
PS: This is eltrai answer.