def generate_sparse_matrix(u_1, modified_secret_key, x_p):
global global_random_state
seed = mpz(time.time())
global_random_state = gmpy2.random_state(seed)
Theta_vector = [0 for _ in range(Theta)]
for i in range(1, Theta):
Theta_vector[i] = generate_random(kappa + 1, False, True, False)
modified_secret_key[0] = True
for i in range(1, Theta):
modified_secret_key[i] = False
count = theta - 1
gmpy2.random_state()
while count > 0:
index = gmpy2.mpz_random(global_random_state, RAND_MAX) % Theta
if not modified_secret_key[index]:
modified_secret_key[index] = True
count -= 1
sum_ = zero
temp = gmpy2.mul_2exp(one, kappa + 1)
for i in range(1, Theta):
if modified_secret_key[i]:
sum_ = gmpy2.add(sum_, Theta_vector[i])
sum_ %= temp
u_1 = gmpy2.sub(x_p, sum_)
if u_1 < zero:
u_1 = gmpy2.add(temp, u_1)
return mpz(seed), mpz(u_1)
def runPart3(N):
A2 = add(isqrt(mul(24, N)), 1)
x2 = isqrt(sub(mul(A2, A2), mul(24, N)))
p = div(sub(A2, x2), 6)
q = div(add(A2, x2), 4)
return p, q
def factor_n1():
'''
Factoring challenge #1:
The following modulus N is a products of two primes p and q where
|p−q| < 2N^(1/4). Find the smaller of the two factors and enter it
as a decimal integer.
'''
N = gmpy2.mpz(
'179769313486231590772930519078902473361797697894230657273430081157732675805505620686985379449212982959585501387537164015710139858647833778606925583497541085196591615128057575940752635007475935288710823649949940771895617054361149474865046711015101563940680527540071584560878577663743040086340742855278549092581'
)
A = gmpy2.add(gmpy2.isqrt(N), one)
x = gmpy2.isqrt(gmpy2.sub(gmpy2.mul(A, A), N))
print 'Calculating first factors...'
ticks = 0
while True:
p = gmpy2.sub(A, x)
q = gmpy2.add(A, x)
if gmpy2.is_prime(p) and gmpy2.is_prime(q) and gmpy2.mul(p, q) == N:
print "p =", p, "q =", q, "ticks =", ticks
return
else:
x = gmpy2.add(x, one)
ticks += 1
if ticks % 10000 == 0:
print 'ticks:', ticks
def calc_near6(self):
""" Solves the Extra Credit question Q3
See:
Uses only integer arithmetic to avoid issues with rounding errors
Solution credit to Francois Degros:
https://class.coursera.org/crypto-011/forum/thread?thread_id=517#post-2279
:return: the prime factors of ```self.n```, p and q
:rtype: tuple
"""
# A = ceil(sqrt(24 N)) - the use of isqrt() won't matter, as we seek the ceil
A = add(isqrt(mul(self.n, mpz(24))), mpz(1))
# D = A^2 - 24 N
D = sub(mul(A, A), mul(24, self.n))
# E = sqrt(D) - note D is a perfect square and we can use integer arithmetic
E = isqrt(D)
assert sub(mul(E, E), D) == mpz(0)
p = div(sub(A, E), 6)
q = div(add(A, E), 4)
if self._check_sol(p, q):
return p, q
# The above is the right solution, however, there is another possible solution:
p = div(add(A, E), 6)
q = div(sub(A, E), 4)
if self._check_sol(p, q):
return p, q
print 'Could not find a solution'
return 0, 0
def generate_random(bit_size, include_negative_range, seeded, full_range):
global global_random_state
if not seeded or global_random_state is None:
global_random_state = gmpy2.random_state()
x = zero
if full_range:
x = gmpy2.mul_2exp(one, bit_size - 1)
tmp = 0
if bit_size < 33:
tmp = gmpy2.mpz_random(global_random_state, RAND_MAX)
temp = (1 << bit_size)
x = gmpy2.f_mod(tmp, temp)
if include_negative_range:
tmp = gmpy2.mul_2exp(one, bit_size - 1)
x = gmpy2.sub(x, tmp)
return x
for i in range(bit_size - 32, 0 - 1, -32):
tmp = gmpy2.mpz_random(global_random_state, RAND_MAX)
tmp = gmpy2.mul_2exp(tmp, i)
x = gmpy2.add(x, tmp)
x = gmpy2.add(x, gmpy2.mpz_random(global_random_state, RAND_MAX))
if include_negative_range:
tmp = gmpy2.mul_2exp(one, bit_size - 1)
x = gmpy2.sub(x, tmp)
return mpz(x)
def addition(self, interval):
reset_default_precision()
res_inc_left = False
res_inc_right = False
if self.include_lower and interval.include_lower:
res_inc_left = True
if self.include_upper and interval.include_upper:
res_inc_right = True
with gmpy2.local_context(gmpy2.context(),
round=gmpy2.RoundDown,
precision=mpfr_proxy_precision) as ctx:
res_left = gmpy2.add(mpfr(self.lower), mpfr(interval.lower))
with gmpy2.local_context(gmpy2.context(),
round=gmpy2.RoundUp,
precision=mpfr_proxy_precision) as ctx:
res_right = gmpy2.add(mpfr(self.upper), mpfr(interval.upper))
if res_left <= res_right:
res_right = round_number_up_to_digits(res_right, self.digits)
res_left = round_number_down_to_digits(res_left, self.digits)
return Interval(res_left, res_right, res_inc_left, res_inc_right,
self.digits)
else:
res_right = round_number_down_to_digits(res_right, self.digits)
res_left = round_number_up_to_digits(res_left, self.digits)
return Interval(res_right, res_left, res_inc_right, res_inc_left,
self.digits)
def runPart1(N):
A = isqrt(N)
A = add(A, 1) #couldn't find default ceil function
x = isqrt(sub(mul(A,A), N))
p = sub(A, x)
q = add(A, x)
return p, q
def three():
N = mpz('720062263747350425279564435525583738338084451473999841826653057981916355690188337790423408664187663938485175264994017897083524079135686877441155132015188279331812309091996246361896836573643119174094961348524639707885238799396839230364676670221627018353299443241192173812729276147530748597302192751375739387929')
A = mul(isqrt(mul(6,N)),2)
A = add(A,1)
x = isqrt(sub(mul(A,A),mul(24,N)))
p = t_div(sub(A,x),6)
q = t_div(add(A,x),4)
if mul(p,q) == N:
print "3. " + str(p)
def one():
N = mpz('179769313486231590772930519078902473361797697894230657273430081157732675805505620686985379449212982959585501387537164015710139858647833778606925583497541085196591615128057575940752635007475935288710823649949940771895617054361149474865046711015101563940680527540071584560878577663743040086340742855278549092581')
A = isqrt(N)
A = add(A,1)
x = isqrt(sub(mul(A,A),N))
p = sub(A,x)
q = add(A,x)
if mul(p,q) == N:
print "1. " + str(p)
return p, q, N
def three():
N = mpz(
'720062263747350425279564435525583738338084451473999841826653057981916355690188337790423408664187663938485175264994017897083524079135686877441155132015188279331812309091996246361896836573643119174094961348524639707885238799396839230364676670221627018353299443241192173812729276147530748597302192751375739387929'
)
A = mul(isqrt(mul(6, N)), 2)
A = add(A, 1)
x = isqrt(sub(mul(A, A), mul(24, N)))
p = t_div(sub(A, x), 6)
q = t_div(add(A, x), 4)
if mul(p, q) == N:
print "3. " + str(p)
def prime_factor(n):
assert n % 2 != 0
a = add(isqrt(n), 1) # làm tròn đến phần nguyên của A = căn(N)
# print(a)
x2 = add(square(a), -n) # x^2 = a^2 - n
# print(x2)
p = add(a, -isqrt(x2))
q = add(a, isqrt(x2))
return int(p), int(q)
def fun(self,coef_poly,k,t,x):
ff = gmpy2.mpz(0)
for j in range(k*t-k+1)[::-1]:
temp = gmpy2.mul(ff,x)
ff = gmpy2.add(temp,coef_poly[j])
if j == 1:
break
temp = gmpy2.mul(ff,x) #temp = at-1*xt-1+...+a1*x
ff = gmpy2.add(temp,coef_poly[0]) #f = temp+a0
ff = gmpy2.f_mod(ff,q)
return ff
def two():
N = mpz('648455842808071669662824265346772278726343720706976263060439070378797308618081116462714015276061417569195587321840254520655424906719892428844841839353281972988531310511738648965962582821502504990264452100885281673303711142296421027840289307657458645233683357077834689715838646088239640236866252211790085787877')
A = isqrt(N)
while True:
A = add(A,1)
x = isqrt(sub(mul(A,A),N))
p = sub(A,x)
q = add(A,x)
if mul(p,q) == N:
print "2. " + str(p)
break
def one():
N = mpz(
'179769313486231590772930519078902473361797697894230657273430081157732675805505620686985379449212982959585501387537164015710139858647833778606925583497541085196591615128057575940752635007475935288710823649949940771895617054361149474865046711015101563940680527540071584560878577663743040086340742855278549092581'
)
A = isqrt(N)
A = add(A, 1)
x = isqrt(sub(mul(A, A), N))
p = sub(A, x)
q = add(A, x)
if mul(p, q) == N:
print "1. " + str(p)
return p, q, N
def two():
N = mpz(
'648455842808071669662824265346772278726343720706976263060439070378797308618081116462714015276061417569195587321840254520655424906719892428844841839353281972988531310511738648965962582821502504990264452100885281673303711142296421027840289307657458645233683357077834689715838646088239640236866252211790085787877'
)
A = isqrt(N)
while True:
A = add(A, 1)
x = isqrt(sub(mul(A, A), N))
p = sub(A, x)
q = add(A, x)
if mul(p, q) == N:
print "2. " + str(p)
break
def runPart2(N):
A = isqrt(N)
maxVal = add(isqrt(N), 2**20)
p = 0
q = 0
while mul(p, q) != N and A <= maxVal:
A = add(A, 1)
x = isqrt(sub(mul(A,A), N))
p = sub(A, x)
q = add(A, x)
return p, q
def find_factors(n):
a = gmp.isqrt(n)
p = 0
q = 0
while not check(n, p, q):
a = gmp.add(a, 1)
a2 = gmp.mul(a, a)
x = gmp.isqrt(gmp.sub(a2, n))
p = gmp.mpz(gmp.sub(a, x))
q = gmp.mpz(gmp.add(a, x))
return (p, q)
def __next__(self):
n = self.n
while True:
if n == 1:
n = gmpy2.add(n, 1)
continue
elif sqrt_test(n) == False:
if self.store:
self.num_list.append(n)
self.n = gmpy2.add(n, 1)
return n
n = gmpy2.add(n, 1)
def generate_x_i(sk, length):
tmp, q, r = 0, 0, 0
q = gmpy2.mul_2exp(one, length - 1)
gmpy2.random_state()
for i in range(length - 32, 0 - 1, -32):
tmp = gmpy2.get_random()
tmp = gmpy2.mul_2exp(tmp, i)
q = gmpy2.add(tmp, q)
q = gmpy2.add(q, gmpy2.get_random())
r = generate_random(rho, True, False, False)
x_i = gmpy2.mul(q, sk)
x_i = gmpy2.add(r, x_i)
return x_i
def computepi():
# N: number of decimals
f = StringIO()
w = xmpz(0)
k = 1
n1 = xmpz(4)
n2 = xmpz(3)
d = xmpz(1)
f10 = xmpz(10)
n10 = xmpz(-10)
i = 0
URL = request.args.get('URL', type=str)
N = request.args.get('N', default=10, type=int)
lenght = request.args.get('lenght', default=1, type=int)
while True:
# digit
u = int(div(n1, d))
v = int(div(n2, d))
if u == v:
f.write(chr(48 + u))
i += 1
if i % 10 == 0:
f.write("\t:%d\n" % i)
if i == N:
break
# extract
u = mul(d, mul(n10, u))
n1 = mul(n1, f10)
n1 = add(n1, u)
n2 = mul(n2, f10)
n2 = add(n2, u)
else:
# produce
k2 = k << 1
u = mul(n1, k2 - 1)
v = add(n2, n2)
w = mul(n1, k - 1)
n1 = add(u, v)
u = mul(n2, k + 2)
n2 = add(w, u)
d = mul(d, k2 + 1)
k += 1
if lenght != 0:
contents = urllib.request.urlopen(URL + "?N=" + str(N) + "&lenght=" +
str(lenght - 1)).read()
return (f.getvalue())
def find_factors_6n(n):
n24 = gmp.mul(n, 24)
a = gmp.isqrt(n24)
p = 0
q = 0
while not check(n, p, q):
a = gmp.add(a, 1)
a2 = gmp.mul(a, a)
x = gmp.isqrt(gmp.sub(a2, n24))
p = gmp.mpz(gmp.div(gmp.sub(a, x), 6))
q = gmp.mpz(gmp.div(gmp.add(a, x), 4))
return (p, q)
def get_min_prime_root(euler_value,prime_factors,m):
"""求最小的原根"""
a = 1
i = 0
while(a<m):
for prime_factor in prime_factors:
if gmpy2.powmod(a, gmpy2.div(euler_value, prime_factor), m) == 1:
a = gmpy2.add(a,1)
else:
i = gmpy2.add(i,1)
break
if i == len(prime_factors):
break
return a
def FermatFactor(N):
A = gmpy2.mpz( gmpy2.ceil( gmpy2.sqrt(N) ) )
B2 = gmpy2.sub( gmpy2.square(A), N )
while not gmpy2.is_square(B2):
A = gmpy2.add( A, gmpy2.mpz("1") )
B2 = gmpy2.sub( gmpy2.square(A), N )
B = gmpy2.sqrt(B2)
P = gmpy2.mpz( gmpy2.sub( A, B ) )
Q = gmpy2.mpz( gmpy2.add( A, B ) )
if not checkFactors(P,Q,N):
raise Exception("Bad factors generated")
return ( P, Q )
def compute_middle_point_given_interval(low, upper):
with gmpy2.local_context(gmpy2.context(),
round=gmpy2.RoundDown,
precision=mpfr_proxy_precision) as ctx:
res_left = gmpy2.add(gmpy2.div(mpfr(upper), mpfr("2.0")),
gmpy2.div(mpfr(low), mpfr("2.0")))
with gmpy2.local_context(gmpy2.context(),
round=gmpy2.RoundUp,
precision=mpfr_proxy_precision) as ctx:
res_right = gmpy2.add(gmpy2.div(mpfr(upper), mpfr("2.0")),
gmpy2.div(mpfr(low), mpfr("2.0")))
return Interval(
round_number_down_to_digits(res_left, digits_for_range),
round_number_up_to_digits(res_right, digits_for_range), True, True,
digits_for_range)
def _shared_key(a, x, x_pub, b_pub, y_pub, p):
l2 = 2**128
x_mod = gmpy2.t_mod_2exp(x_pub, 128)
d = gmpy2.add(l2, x_mod)
da = gmpy2.mul(d, a)
xda = gmpy2.add(x, da)
y_mod = gmpy2.t_mod_2exp(y_pub, 128)
e = gmpy2.add(l2, y_mod)
sa = gmpy2.powmod(b_pub, e, p)
sa = gmpy2.mul(sa, y_pub)
sa = gmpy2.f_mod(sa, p)
sa = gmpy2.powmod(sa, xda, p)
return sa
def evaluate_error_at_sample(self, tree):
""" Sample from the leaf then evaluate tree in the tree's working precision"""
if tree.left is not None or tree.right is not None:
if tree.left is not None:
sample_l, lp_sample_l = self.evaluate_error_at_sample(
tree.left)
if tree.right is not None:
sample_r, lp_sample_r = self.evaluate_error_at_sample(
tree.right)
if tree.root_name == "+":
return (sample_l + sample_r), gmpy2.add(
mpfr(str(lp_sample_l)), mpfr(str(lp_sample_r)))
elif tree.root_name == "-":
return (sample_l - sample_r), gmpy2.sub(
mpfr(str(lp_sample_l)), mpfr(str(lp_sample_r)))
elif tree.root_name == "*":
return (sample_l * sample_r), gmpy2.mul(
mpfr(str(lp_sample_l)), mpfr(str(lp_sample_r)))
elif tree.root_name == "/":
return (sample_l / sample_r), gmpy2.div(
mpfr(str(lp_sample_l)), mpfr(str(lp_sample_r)))
elif tree.root_name == "exp":
return np.exp(sample_l), gmpy2.exp(mpfr(str(sample_l)))
elif tree.root_name == "sin":
return np.sin(sample_l), gmpy2.sin(mpfr(str(sample_l)))
elif tree.root_name == "cos":
return np.cos(sample_l), gmpy2.cos(mpfr(str(sample_l)))
elif tree.root_name == "abs":
return np.abs(sample_l), abs(mpfr(str(sample_l)))
else:
print("Operation not supported!")
exit(-1)
else:
sample = tree.root_value[0].getSampleSet(n=1)[0]
return sample, mpfr(str(sample))
def generate_private_key(self, vec):
assert len(vec) <= self.eta
sk = gp.mpz(0)
for i in range(len(vec)):
sk = gp.add(sk, gp.mul(self.msk[i], vec[i]))
return {'bound': len(vec), 'sk': gp.digits(sk)}
def verify(A, x, N):
p = gmpy2.sub(A, x)
q = gmpy2.add(A, x)
if gmpy2.mul(p, q) == N:
return [True, p, q]
else:
return [False, p, q]
def chinrest(aas, ns):
count = len(aas)
m = 1
ms = [1] * count
ees = [mpz(0)] * count
# product of all ns
for i in range(0, count):
m = gmpy2.mul(m, ns[i])
# products of all but one ns
for i in range(0, count):
ms[i] = gmpy2.div(m, ns[i])
# extended euclid to get the factors
for i in range(0, count):
ggtn, r, s = gmpy2.gcdext(mpz(ns[i]), mpz(ms[i]))
ees[i] = gmpy2.mul(s, ms[i])
# calculating x
x = 0
for i in range(0, count):
x = gmpy2.add(x, gmpy2.mul(aas[i], ees[i]))
# making x positive. just in case
x = gmpy2.t_mod(mpz(x), mpz(m))
while x < 0:
x = gmpy2.t_mod(mpz(x + m), mpz(m))
return m, x
def verify(A,x,N):
p = gmpy2.sub(A,x)
q = gmpy2.add(A,x)
if gmpy2.mul(p, q) == N:
return [True,p,q]
else:
return [False,p,q]
def generate_keys(n_bits=1024):
"""
Generates keys necessary to Pailler's Cryptossystem
Parameters:
Kwargs:
n_bits: Size of the key, in bits (default=1024)
Returns:
Tuple: Tuple containing two tuples:
t0: Tuple containing the public key (n,g)
t1: Tuple containing the private key (lambda,mu)
"""
one = gmpy2.mpz(1)
p = new_prime(n_bits=n_bits)
q = new_prime(n_bits=n_bits)
# public key
n = gmpy2.mul(p, q)
g = gmpy2.add(n, one)
#private key
lbd = gmpy2.mul(gmpy2.sub(p, one), gmpy2.sub(q, one))
mu = gmpy2.powmod(lbd, -1, n)
return ((n, g), (lbd, mu))
def Q1Q4():
N = mpz('17976931348623159077293051907890247336179769789423065727343008115\
77326758055056206869853794492129829595855013875371640157101398586\
47833778606925583497541085196591615128057575940752635007475935288\
71082364994994077189561705436114947486504671101510156394068052754\
0071584560878577663743040086340742855278549092581')
A = isqrt(N) + 1
x = isqrt(sub(mul(A, A), N))
p = sub(A, x)
q = add(A, x)
print("Q1:")
print(p)
fiN = mul(sub(p, 1), sub(q, 1))
e = mpz(65537)
d = gmpy2.invert(e, fiN)
ct = mpz('22096451867410381776306561134883418017410069787892831071731839143\
67613560012053800428232965047350942434394621975151225646583996794\
28894607645420405815647489880137348641204523252293201764879166664\
02997509188729971690526083222067771600019329260870009579993724077\
458967773697817571267229951148662959627934791540')
pt = gmpy2.powmod(ct, d, N)
ptstr = pt.digits(16)
pos = ptstr.find('00')
payload = ptstr[pos + 2:]
print("Q4:")
print(binascii.unhexlify(payload))
def dlog(pgh):
p = pgh[0]
g = pgh[1]
h = pgh[2]
B = gmpy2.powmod(2,20,mpz(p))
B_low = 0
#B_low = gmpy2.powmod(2,18,mpz(p))
print "B: " + repr(B)
# build the hash
hash_table = {}
for i in range(B_low,B):
left = gmpy2.divm(mpz(h),gmpy2.powmod(mpz(g),i, mpz(p)),mpz(p))
try:
hash_table[left]
print "collision at " + i
except KeyError:
hash_table[left] = i
continue
print "Hash table built"
#print "keys: " + repr(hash_table.keys())
counter = mpz(0)
# meet in the middle
x0 = mpz(0)
x1 = mpz(0)
for i in range(B_low,B):
counter = gmpy2.add(counter,mpz(1))
right = gmpy2.powmod(gmpy2.powmod(mpz(g),mpz(B),mpz(p)),i,mpz(p))
try:
h_entry = hash_table[right]
print 'found x0 and x1...'
x0 = i
x1 = h_entry
print 'x0=' + repr(x0)
print 'x1=' + repr(x1)
break
except KeyError:
continue
print "counter: " + repr(counter)
x = gmpy2.t_mod(gmpy2.add(gmpy2.mul(x0,B),x1), mpz(p))
return x
def generate_x(x, sk):
gmpy2.random_state()
q, r = 0, 0
q = generate_random(gamma - eta, False, False, False)
r = generate_random(rho, True, False, False)
x = gmpy2.mul(q, sk)
x = gmpy2.add(r, x)
return mpz(x)
def is_prime(r):
for k in range(0,10000000):
p = gmpy2.add(r, k)
a = gmpy2.powmod(2, p-1, p)
if (a == 1):
print "k = %i \nprime = %i\n" % (k, p)
return
def solve_quadratic(a, b, c):
""" Solves the quadratic equation ```a x2 + b x + c = 0```
:return: the GMP result of solving the quadratic equation usign multi-precision numbers
"""
bb = sqrt(sub(mul(b, b), mul(mpz(4), mul(a, c))))
x1 = gmpy2.div(sub(-b, bb), mul(mpz(2), a))
x2 = gmpy2.div(add(-b, bb), mul(mpz(2), a))
return x1, x2
def is_prime(r):
for k in range(0, 10000000):
p = gmpy2.add(r, k)
a = gmpy2.powmod(2, p - 1, p)
if (a == 1):
print "k = %i \nprime = %i\n" % (k, p)
return
def get_h_pwd(coordinates):
x = map(lambda x: x[0], coordinates) # extract the x and y coordinates
y = map(lambda x: x[1], coordinates)
h_pwd_ = mpz()
for i in xrange(config.max_features):
h_pwd_ = gmpy2.add(h_pwd_, gmpy2.t_mod(gmpy2.mul(y[i], get_lambda_i(x, i)), config.q))
h_pwd_ = gmpy2.t_mod(h_pwd_, config.q)
return h_pwd_
def find_x(h, g, p, B):
table = build_table(h, g, p, B)
x0, x1 = lookup(table, g, p, B)
# assert x0 != None and x1 != None
Bx0 = mul(x0, B)
x = add(Bx0, x1)
# print(x0, x1)
return x
def __iadd__(self, other):
if type(other
) is GaloisFieldNumber and self.exponent == other.exponent:
self.encoding = gmpy2.mod(gmpy2.add(self.encoding, other.encoding),
self.gfp.p)
return self
else:
return self + other
def computepi():
# N: number of decimals
f = StringIO()
w = xmpz(0)
k = 1
n1 = xmpz(4)
n2 = xmpz(3)
d = xmpz(1)
f10 = xmpz(10)
n10 = xmpz(-10)
i = 0
N = request.args.get('N', default=10, type=int)
while True:
# digit
u = int(div(n1, d))
v = int(div(n2, d))
if u == v:
f.write(chr(48 + u))
i += 1
if i % 10 == 0:
f.write("\t:%d\n" % i)
if i == N:
break
# extract
u = mul(d, mul(n10, u))
n1 = mul(n1, f10)
n1 = add(n1, u)
n2 = mul(n2, f10)
n2 = add(n2, u)
else:
# produce
k2 = k << 1
u = mul(n1, k2 - 1)
v = add(n2, n2)
w = mul(n1, k - 1)
n1 = add(u, v)
u = mul(n2, k + 2)
n2 = add(w, u)
d = mul(d, k2 + 1)
k += 1
return (f.getvalue())
def calc_brute_force(self):
a = ceil(sqrt(self.n))
for n in xrange(1, 2 ** 20):
p, q = self._calc_factors(add(a, n))
if self._check_sol(p, q):
return p, q
#self.log.print_progress(n)
else:
raise ValueError("Cannot factor {}".format(self.n))
def calculate_shared_secret(self):
val = powmod(self.generator, self.get_identity_hash(), self.modulus)
val2 = mul(self.get_multiplier(), val)
val3 = sub(self.get_server_public_value(), val2)
val4 = mul(self.get_scrambler(), self.get_identity_hash())
val5 = add(self.get_private_value(), val4)
val6 = t_mod(val3, self.modulus)
val7 = t_mod(val5, self.modulus)
self.shared_secret = powmod(val6, val7, self.modulus)
def add_all_coefficients_upper_abs(self):
with gmpy2.local_context(gmpy2.context(),
round=gmpy2.RoundAwayZero,
precision=mpfr_proxy_precision) as ctx:
res_right = mpfr("0.0")
for coeff in self.coefficients:
res_right = gmpy2.add(
res_right, abs(mpfr(self.coefficients[coeff].upper)))
# now the number is positive so we can round up
return round_number_up_to_digits(res_right, digits_for_range)
def get_random_value(self, start_pow, p=None):
""" Sample a random value based on self.rng of p bits between [0,2^(start_pow+1)). """
if p == None:
p = self.context.precision
s = mpfr(0)
nextbit = gmpy2.exp2(start_pow)
for i in range(1, p):
s = gmpy2.add(s, gmpy2.mul(nextbit, mpfr(self.rng())))
nextbit = gmpy2.exp2(start_pow - i)
return s
def main():
# predefine these, we will stop overwriting them when ready to run the big numbers
p=mpz('13407807929942597099574024998205846127'
'47936582059239337772356144372176403007'
'35469768018742981669034276900318581848'
'6050853753882811946569946433649006084171'
)
g=mpz('117178298803662070095161175963353670885'
'580849999989522055999794590639294997365'
'837466705721764714603129285948296754282'
'79466566527115212748467589894601965568'
)
y=mpz('323947510405045044356526437872806578864'
'909752095244952783479245297198197614329'
'255807385693795855318053287892800149470'
'6097394108577585732452307673444020333'
)
log.info("Starting Discrete Log Calculation")
log.info("p: %i", p)
log.info("g: %i", g)
log.info("y: %i", y)
m = gmpy2.ceil(gmpy2.sqrt(p))
log.info("m: %i", m)
# custom range since builtin has a size limit
long_range = lambda start, stop: iter(itertools.count(start).next, stop)
chunk_size = 100000
if m < 100000:
chunk_size = m
stop_at = chunk_size
start = 0
while True:
chunk = {}
log.info("Starting chunk from %i to %i", start, stop_at)
for i in xrange(start, stop_at):
chunk[gmpy2.powmod(g,i,p)] = i
for t in long_range(0,m):
expone = mpz(gmpy2.mul(-m,t))
g_term = gmpy2.powmod(g, expone, p)
res = gmpy2.f_mod(gmpy2.mul(y, g_term), p)
if res in chunk:
s = chunk[res]
dc = gmpy2.f_mod(mpz(gmpy2.add(s, gmpy2.mul(m,t))), p)
log.info("DC LOG FOUND")
log.info("dc: %i", dc)
return
log.info("Completed chunk run: %i to %i no DC yet :(", start, stop_at)
start = stop_at
stop_at += chunk_size
def compute(self):
self.build_table(end=self.B)
rhs = self.g_B
for x0 in xrange(1, self.B):
x1 = self.lookup_table.get(rhs, None)
if x1:
res = gmpy2.f_mod(gmpy2.add(gmpy2.mul(x0, self.B), x1), self.p)
return res
if x0 and (x0 % self.CHECKPOINT) == 0:
self.log.print_progress(x0)
rhs = gmpy2.f_mod(gmpy2.mul(rhs, self.g_B), self.p)
def factorize(N,ran):
for i in ran:
A = gmpy2.add(gmpy2.isqrt(N),i)
Asq = gmpy2.mul(A,A)
diff = gmpy2.sub(Asq, N)
x = gmpy2.isqrt_rem(diff)[0]
[correct,p,q] = verify(A,x,N)
if(correct):
print p
return [p,q]
print "Not Found"
def factorize(N, ran):
for i in ran:
A = gmpy2.add(gmpy2.isqrt(N), i)
Asq = gmpy2.mul(A, A)
diff = gmpy2.sub(Asq, N)
x = gmpy2.isqrt_rem(diff)[0]
[correct, p, q] = verify(A, x, N)
if (correct):
print p
return [p, q]
print "Not Found"
def computeN2Factors():
p = 0
q = 0
A = computeA(N2)
while not confirmed(N2, p, q):
A2 = pow(A, 2)
assert A2 > N2
x = gmpy2.sqrt(gmpy2.sub(A2, N2))
p = gmpy2.sub(A, x)
q = gmpy2.add(A, x)
A += 1
def findDiscreteLog(self):
x = -1
element_powB = gmpy2.powmod(mpz(self.element), mpz(self.B), mpz(self.prime))
for x0 in range (0, self.B + 1):
right_x0 = gmpy2.powmod(element_powB, x0, mpz(self.prime))
if right_x0 in self.h_by_gx_hash:
print("x0: %d" % (x0))
x1 = self.h_by_gx_hash[right_x0]
print("x1: %d" % (x1))
x = gmpy2.t_mod(gmpy2.add(gmpy2.mul(x0, self.B), x1), mpz(self.prime))
print("x: %d" % (x))
return str(x)
return x
def isqrt(x):
'''
Writing your own square root function
'''
if x < 0: raise ValueError('square root not defined for negative numbers')
n = mpz(x)
if n == 0: return 0
a, b = t_divmod(n.bit_length(), mpz(2))
x = 2**(a + b)
while True:
y = div(add(x, div(n, x)), 2 )
if y >= x: return x
x = y
def q3():
N = 720062263747350425279564435525583738338084451473999841826653057981916355690188337790423408664187663938485175264994017897083524079135686877441155132015188279331812309091996246361896836573643119174094961348524639707885238799396839230364676670221627018353299443241192173812729276147530748597302192751375739387929
rt = gmpy2.sqrt(gmpy2.mul(N, 6))
A = gmpy2.ceil(rt)
A2 = pow(A, 2)
assert A2 > N
x = gmpy2.sqrt(gmpy2.sub(A2, N))
x = gmpy2.mul(x, 3/2)
p = gmpy2.sub(A, x)
q = gmpy2.add(A, x)
gotcha(N, p, q)
def generate(pwd, stat):
config.generate_r()
pwd = mpz(crypt.get_bit_str_from_byte(pwd), base=2)
global table
table = [] # clear the table
for i in xrange(config.max_features):
x_0 = crypt.p(mpz((i + 1) << 1), config.r) # calculate x0, x1 and y0, y1
x_1 = crypt.p(mpz(((i + 1) << 1) + 1), config.r)
y_0 = gmpy2.add(poly.calculate(x_0), crypt.g(mpz((i + 1) << 1), config.r ^ pwd)) # use r xor pwd as the key
y_1 = gmpy2.add(poly.calculate(x_1), crypt.g(mpz(((i + 1) << 1) + 1), config.r ^ pwd))
if reader.if_init():
table.append((y_0, y_1)) # if in initialization phase, add correct value
else:
if stat[i][0] is None:
table.append((y_0, y_1)) # if no statistic information is derived
elif (stat[i][1] + stat[i][0] * config.k) < config.ti: # if fast
rand_value = gmpy2.t_mod(config.generate_rand(), config.q)
table.append((y_0, rand_value))
elif (stat[i][1] - stat[i][0] * config.k) > config.ti: # if slow
rand_value = gmpy2.t_mod(config.generate_rand(), config.q)
table.append((rand_value, y_1))
else:
table.append((y_0, y_1))
def q1():
N = 179769313486231590772930519078902473361797697894230657273430081157732675805505620686985379449212982959585501387537164015710139858647833778606925583497541085196591615128057575940752635007475935288710823649949940771895617054361149474865046711015101563940680527540071584560878577663743040086340742855278549092581
rt = gmpy2.sqrt(N)
A = gmpy2.ceil(rt)
A2 = pow(A, 2)
assert A2 > N
x = gmpy2.sqrt(gmpy2.sub(A2, N))
p = gmpy2.sub(A, x)
q = gmpy2.add(A, x)
gotcha(N, p, q)
def bruteSmall(N):
zero = g.mpz(0)
two = g.mpz(2)
if g.f_mod(N, two) == zero:
return two, g.mpz(g.div(N, two))
i = g.mpz(3)
while True:
if g.f_mod(N, i) == zero:
p = g.mpz(i)
q = g.mpz( g.div(N,i) )
if checkFactors(p,q,N) :
return p,q
i = g.add(i, two)
def pi_calc():
global calcs, y, u, q, r, t, j, calc_uy, startTime
digitstring = ''
dpm = 0
strPi = ''
loop = 1
elapsed = 0
elapsedStart = time.time()
while loop:
digitCalcTime = time.time()
j3 = mul(3, j)
u, y = mpz(3 * (j3 + 1) * (j3 + 2)), mpz(div((add(mul(q, (mul(27, j)) - 12), mul(5, r))), mul(5, t)))
strPi = str(y)
digitstring += strPi
q, r, t, j = mpz(mul((20 * j ** 2 - mul(10, j)), q)), \
mpz(mul(mul(10, u), (q * (mul(5, j) - 2) + r - mul(y, t)))), \
mpz(mul(t, u)), add(j, 1)
# dpm = digits per minute
now = time.time()
elapsed = now - elapsedStart
# if the elapsed calculation time exceeds .5 seconds break the loop and return the digits calculated
if elapsed >= 1:
break
elif (j - 2) % 1000 == 0: # break also every 1000nth digit to report stats
break
dps = (1.0 / elapsed) * len(digitstring)
info = {
"digits": digitstring,
"digitcount": int(j) - 2,
"dpm": round(dps * 60),
"dps": round(dps, 2)
}
if (j - 2) % 1000 == 0:
info['mark'] = {"digitmark": (int(str(j)) - 2),
"runtime": time.time() - startTime}
return info
def Run_MFun(self, itermax, Z_0):
""" Expects gmpy2.mpc type for Z_0. """
if not gmpy2.get_context().precision == self.prec:
gmpy2.get_context().precision = self.prec
Z = Z_0
while self.iters < itermax:
Z = add( gmpy2.mul(Z,Z), self.C )
if norm(Z) > 4.0:
break
self.iters += 1
if self.iters == itermax:
self.inmset = True
def Q3():
N = mpz('72006226374735042527956443552558373833808445147399984182665305798191\
63556901883377904234086641876639384851752649940178970835240791356868\
77441155132015188279331812309091996246361896836573643119174094961348\
52463970788523879939683923036467667022162701835329944324119217381272\
9276147530748597302192751375739387929')
A = isqrt(mul(6, N)) + 1
# (3 * p + 2 * q) / 2 is not an integer. or, A - 0.5 = (3p + 2q) / 2
# so, x = sqrt((A-0.5)^2 - 6N) = sqrt(A^2 - A + 0.25 - 6N). the 0.25 term can be thrown away.
x = isqrt(sub(sub(mul(A, A), A), mul(6, N)))
p = div(sub(A, x), 3)
q = div(add(A, x), 2)
if mul(p, q) == N:
print("Q3:")
print(p)
def Q2():
N = mpz('6484558428080716696628242653467722787263437207069762630604390703787\
9730861808111646271401527606141756919558732184025452065542490671989\
2428844841839353281972988531310511738648965962582821502504990264452\
1008852816733037111422964210278402893076574586452336833570778346897\
15838646088239640236866252211790085787877')
for d in range(1, 1<<20):
A = isqrt(N) + d
x = isqrt(sub(mul(A, A), N))
p = sub(A, x)
q = add(A, x)
if mul(p, q) == N:
print("Q2:")
print(p)
break
