def solve(A, low, high):
A = sorted(set(A))
N = len(A)
G = [0] * N
G[-1] = A[-1]
for i in reversed(range(N-1)):
G[i] = int(gmpy.gcd(G[i+1], A[i]))
#print 'A:', A, ' low=%d high=%d' % (low, high)
#print 'G:', G
if low <= A[0]:
x = solve1(low, A[0], 1, G[0])
if x is not None:
return x
lcm = A[0]
for i in xrange(N-1):
x = solve1(max(low, A[i]), min(high, A[i+1]), lcm, G[i+1])
if x is not None:
return x
lcm = int(gmpy.lcm(lcm, A[i+1]))
if lcm > high:
break
if low <= lcm <= high:
return lcm
return 'NO'
def elemop(N=1000):
r'''
(Takes about 40ms on a first-generation Macbook Pro)
'''
for i in range(N):
assert a+b == 579
assert a-b == -333
assert b*a == a*b == 56088
assert b%a == 87
assert divmod(a, b) == (0, 123)
assert divmod(b, a) == (3, 87)
assert -a == -123
assert pow(a, 10) == 792594609605189126649
assert pow(a, 7, b) == 99
assert cmp(a, b) == -1
assert '7' in str(c)
assert '0' not in str(c)
assert a.sqrt() == 11
assert _g.lcm(a, b) == 18696
assert _g.fac(7) == 5040
assert _g.fib(17) == 1597
assert _g.divm(b, a, 20) == 12
assert _g.divm(4, 8, 20) == 3
assert _g.divm(4, 8, 20) == 3
assert _g.mpz(20) == 20
assert _g.mpz(8) == 8
assert _g.mpz(4) == 4
assert a.invert(100) == 87
def elemop(N=1000):
r'''
(Takes about 40ms on a first-generation Macbook Pro)
'''
for i in range(N):
assert a + b == 579
assert a - b == -333
assert b * a == a * b == 56088
assert b % a == 87
assert divmod(a, b) == (0, 123)
assert divmod(b, a) == (3, 87)
assert -a == -123
assert pow(a, 10) == 792594609605189126649
assert pow(a, 7, b) == 99
assert cmp(a, b) == -1
assert '7' in str(c)
assert '0' not in str(c)
assert a.sqrt() == 11
assert _g.lcm(a, b) == 18696
assert _g.fac(7) == 5040
assert _g.fib(17) == 1597
assert _g.divm(b, a, 20) == 12
assert _g.divm(4, 8, 20) == 3
assert _g.divm(4, 8, 20) == 3
assert _g.mpz(20) == 20
assert _g.mpz(8) == 8
assert _g.mpz(4) == 4
assert a.invert(100) == 87
def solve(b, n, m):
if n <= b:
return n
if b == 1:
return 1
z = 1
for i in xrange(b):
z = lcm(z, m[i])
c = sum(z / m[i] for i in xrange(b))
if n % c != 0:
n -= (n / c) * c
else:
n -= ((n - 1) / c) * c
if n <= b:
return n
t = list(m)
for i in xrange(b, n - 1):
x = min(t)
if x > 0:
for j in xrange(b):
t[j] -= x
k = t.index(0)
t[k] = m[k]
x = min(t)
k = t.index(x)
return k + 1
def solve(A, low, high):
A = sorted(set(A))
N = len(A)
G = [0] * N
G[-1] = A[-1]
for i in reversed(range(N - 1)):
G[i] = int(gmpy.gcd(G[i + 1], A[i]))
#print 'A:', A, ' low=%d high=%d' % (low, high)
#print 'G:', G
if low <= A[0]:
x = solve1(low, A[0], 1, G[0])
if x is not None:
return x
lcm = A[0]
for i in xrange(N - 1):
x = solve1(max(low, A[i]), min(high, A[i + 1]), lcm, G[i + 1])
if x is not None:
return x
lcm = int(gmpy.lcm(lcm, A[i + 1]))
if lcm > high:
break
if low <= lcm <= high:
return lcm
return 'NO'
def atan_coefficients(NN, bits):
ps = []
qs = []
temp = []
Q = 1
for k in range(2 * NN + 50):
p = 1
q = 2 * k + 1
if lcm(Q, q) < 2**bits:
temp.append(mpq(p, q))
Q = lcm(Q, q)
else:
for a in temp:
ps.append(int(a * Q))
qs.append(int(Q))
Q = q
temp = [mpq(p, q)]
return ps[:NN], qs[:NN]
def atan_coefficients(NN, bits):
ps = []
qs = []
temp = []
Q = 1
for k in range(2*NN+50):
p = 1
q = 2*k+1
if lcm(Q, q) < 2**bits:
temp.append(mpq(p,q))
Q = lcm(Q, q)
else:
for a in temp:
ps.append(int(a * Q))
qs.append(int(Q))
Q = q
temp = [mpq(p,q)]
return ps[:NN], qs[:NN]
def apply(self, ns, evaluation):
'LCM[ns___Integer]'
ns = ns.get_sequence()
result = 1
for n in ns:
value = n.get_int_value()
if value is None:
return
result = lcm(result, value)
return Integer(result)
def release(self): with self.lock: connection = self.engine.connect() s = select([db.commonGCDTable.c.product]) res=connection.execute(s).first() if not res is None: temp = mpz(res[0]) else: temp = mpz(1) lcm = gmp.lcm(temp, self.product) s=db.commonGCDTable.update().where(db.commonGCDTable.c.id==1).values(product=str(lcm)) connection.execute(s) connection.close()
def gen_key(bits=1024):
while True:
p = get_random_prime(bits)
q = get_random_prime(bits)
if p != q and gmpy.gcd(p * q, (p - 1) * (q - 1)) == 1:
break
n = p * q
l = int(gmpy.lcm(p - 1, q - 1))
while True:
g = randint(1, n**2)
if gmpy.gcd(g, n**2) == 1:
break
u = gmpy.invert(L(pow(g, l, n**2), n), n)
return (n, g), (l, u)
def generate_keys(bit_length):
# Make an RSA modulus n.
p = find_random_prime(bit_length / 2)
while True:
q = find_random_prime(bit_length / 2)
if p <> q: break
n = p * q
nsq = n * n
# Calculate Carmichael's function.
lm = gmpy.lcm(p - 1, q - 1)
# Generate a generator g in B.
while True:
g = rand.randint(1, long(nsq))
if gmpy.gcd(L(pow(g, lm, nsq), n), n) == 1: break
return {'n': n, 'g': g}, {'n': n, 'g': g, 'lm': lm}
def generate_keys(bit_length):
# Make an RSA modulus n.
p = find_random_prime(bit_length/2)
while True:
q = find_random_prime(bit_length/2)
if p<>q: break
n = p*q
nsq = n*n
# Calculate Carmichael's function.
lm = gmpy.lcm(p-1, q-1)
# Generate a generator g in B.
while True:
g = rand.randint(1, long(nsq))
if gmpy.gcd(L(pow(g, lm, nsq), n), n) == 1: break
return {'n':n, 'g': g}, {'n': n, 'g': g, 'lm': lm}
def generate_keys(self):
self.p = self.rand_prime(self.key_length/2)
while True:
self.q = self.rand_prime(self.key_length/2)
if not (self.p == self.q):
break
self.n = self.p * self.q
self.nsq = self.n * self.n
self.lam = lcm(self.p-1, self.q-1)
while True:
self.g = randint(1, self.nsq)
if gcd(Paillier.L(pow(self.g, self.lam, self.n), self.n), self.n):
break
self.public_key = {'n':self.n, 'g':self.g}
self.private_key = {'n':self.n, 'g':self.g, 'lam':self.lam}
def _after_pq(public_key, secret_key):
p = secret_key.p
q = secret_key.q
secret_key.n = public_key.n = n = p * q
secret_key.n_half = public_key.n_half = n / 2
t, secret_key.invpmq, secret_key.invqmp = gmpy.gcdext(p, q)
secret_key.nsq = public_key.nsq = nsq = n * n
secret_key.qsq = qsq = q * q
secret_key.psq = psq = p * p
t, secret_key.invpsqmqsq, secret_key.invqsqmpsq = gmpy.gcdext(psq, qsq)
secret_key.ordpsq = p * p - p
secret_key.ordqsq = q * q - q
# Calculate Carmichael's function.
secret_key.lm = lm = gmpy.lcm(p - 1, q - 1)
def generate_keys(self):
self.p = self.rand_prime(self.key_length / 2)
while True:
self.q = self.rand_prime(self.key_length / 2)
if not (self.p == self.q):
break
self.n = self.p * self.q
self.nsq = self.n * self.n
self.lam = lcm(self.p - 1, self.q - 1)
while True:
self.g = randint(1, self.nsq)
if gcd(Paillier.L(pow(self.g, self.lam, self.n), self.n), self.n):
break
self.public_key = {'n': self.n, 'g': self.g}
self.private_key = {'n': self.n, 'g': self.g, 'lam': self.lam}
def generate_keys_gmp(bit_length, generate=generate_g_fast):
"""Generating paillier public and secret keys
@type bit_length: int
@type generate: callable
@param generate: a callable which returns a generator g in B
@rtype: tuple(PublicKey, SecretKey)
"""
secret_key = SecretKeyGMP(bit_length)
public_key = PublicKeyGMP(bit_length)
secret_key.p = p = find_random_prime(bit_length / 2)
while 1:
secret_key.q = q = find_random_prime(bit_length / 2)
if p != q:
break
secret_key.n = public_key.n = n = p * q
secret_key.n_half = public_key.n_half = n / 2
t, secret_key.invpmq, secret_key.invqmp = gmpy.gcdext(p, q)
secret_key.nsq = public_key.nsq = nsq = n * n
secret_key.qsq = qsq = q * q
secret_key.psq = psq = p * p
t, secret_key.invpsqmqsq, secret_key.invqsqmpsq = gmpy.gcdext(psq, qsq)
secret_key.ordpsq = p * p - p
secret_key.ordqsq = q * q - q
# Calculate Carmichael's function.
secret_key.lm = lm = gmpy.lcm(p - 1, q - 1)
# Generate a generator g in B.
public_key.g = secret_key.g = g = generate(secret_key)
secret_key.denominv = gmpy.invert(L(crt_pow(g, lm, secret_key), n), n)
return public_key, secret_key
# python2
# coding=utf-8
import gmpy
from Crypto.Util import number
from pwn import *
def L(a, b):
return (a - 1) // b
n = 99157116611790833573985267443453374677300242114595736901854871276546481648883
g = 99157116611790833573985267443453374677300242114595736901854871276546481648884
c = 2433283484328067719826123652791700922735828879195114568755579061061723786565164234075183183699826399799223318790711772573290060335232568738641793425546869
p = 310013024566643256138761337388255591613
q = 319848228152346890121384041219876391791
lam = gmpy.lcm(p - 1, q - 1)
u = number.inverse(L(pow(g, lam, pow(n, 2)), n), n)
m = (L(pow(c, lam, pow(n, 2)), n) * u) % n
flag = unhex(hex(m)[2:])
print flag
# thefile = open('remlistfactored.txt', 'w')
# for item in gcdarraywithoutones:
# thefile.write("%s\n" % item)
psandqs =[]
#print len(gcdarraywithoutones)
#print len(indexofgcd)
for indexofindex in range(len(indexofgcd)):
modulfound= testdata[indexofgcd[indexofindex]]
psandqs.append( modulfound/ gcdarraywithoutones[indexofindex])
privkeys=[]
RSAkeys =[]
constructKeys=[]
for i in range(len(psandqs)):
totient= gmpy.lcm(psandqs[i]-1,gcdarraywithoutones[i]-1)
privkeys.append(gmpy.invert(exp,totient))
# thefile = open('privkeys.txt', 'w')
# for item in privkeys:
# thefile.write("%s\n" % item)
for indexofindex in range(len(indexofgcd)):
constructKeys.append([long(testdata[indexofgcd[indexofindex]]),long(exp),long(privkeys[indexofindex])])
for key in constructKeys:
RSAkeys.append(RSA.construct(key))
for key in RSAkeys:
try:
result= pbp.decrypt(key, open('1.2.4_ciphertext.enc.asc').read())