Crypto - Monkfish

Hmm... smells like a fishy proof of knowledge... - emh

Challenge

#!/usr/bin/sage
import sys
print("I caught a monkfish in the sea! ")
sys.stdout.flush()
from hashlib import sha256
from Crypto.Util.number import bytes_to_long
from random import SystemRandom
import ast
def verif_pok(v, F, pi):
    com = pi[0]
    resp = pi[1]
    verif = pi[2]
    a = list(FF)[sha256(bytes([list(FF).index(i[0]) for i in list(com) + list(v) + list(verif)])).digest()[0] % len(list(FF))]
    out1 = apply(F, resp)
    out2 = com + (a * a) * v - a * verif
    return out1 == out2
s = random_matrix(FF, n, 1)
m0 = matrix(FF, m, 1, [0]*100)
m1 = matrix(FF, n, 1, [0]*100)
m2 = v
pi = (m0, m1, m2)
res = verif_pok(v, F, pi)

I omit the whole question as we can use this method to solve the question in a small number of attempts. A more general and proper solution is given in the next part.

We give m0,m1,m2 as input and we need the proof of knowledge to be verified.

Suppose we give resp to be 0, then out1 becomes 0. Then we need to get out2 to be 0. We do this by setting com to zero and verif to v. However, this method only works if the value of a becomes 0 or 1, which has a 40% chance based on the value of v