ZKHack IV Puzzles #3 Chaos Theory

Puzzle: https://zkhack.dev/zkhackIV/puzzleF3.html
Solution: https://github.com/flyq/puzzle-chaos-theory

ElGamal encryption

Key generation

Alice:

secret key:
$x$
public key:
$H = x \cdot G$

Encryption

Bob:

$M = F (m)$ , the
$m$ is the message, and the
$M$ is the element in
$G$ .
ephemeral key:
$y$
shared secret:
$S = H \cdot y = x \cdot y \cdot G$
$C_{1} = y \cdot G$
$C_{2} = S + M$

if someone knows

(C_{1}, C_{2})

and

M

, the

S = C_{2} - M

Decryption

Alice:

$S = C_{1} \cdot x = x \cdot y \cdot G$
$M = C_{2} - S$
$m = F^{- 1} (M)$

Sender(Bob):

y

and

C_{1} = y \cdot G_{1}

Receiver(Alice):

H

in

G_{1}

group
Message:

M

in

G_{1}

group
ElGamal:

(C_{1}, C_{2})

in

G_{1}

group,

H ((C_{1}, C_{2})) = hash_to_curve ((C_{1}, C_{2})) \cdot Q

in

G_{2}

group

s:

T = y \cdot H ((C_{1}, C_{2}))

send:
$C_{1}$ ,
$C_{2} = H \cdot y + M = S + M$
authenticate:
$H ((C_{1}, C_{2})) \cdot y$
check_auth:
$e (G_{1}, T) = e (C_{1}, H ((C_{1}, C_{2})))$

blob:

C_{1}, (C_{1}, C_{2}), T, H