def __init__(self):
self.p = gensafeprime.generate(
512) #512 bit primes for speed/recursion depth
self.q = gensafeprime.generate(512)
self.n = self.p * self.q
self.e, self.d = generate_key_pair(self.p, self.q)
self.plaintext = "hi mom"
def generate_keys():
e = 3
p = gensafeprime.generate(1024)
q = gensafeprime.generate(1024)
n = p*q
et = (p-1)*(q-1)
d = Crypto.Util.number.inverse(e,et)
return(d,e,n)
def main():
p = gensafeprime.generate(100)
q = gensafeprime.generate(100)
n = p*q
e,d = generate_key_pair(p, q)
m = "hello my friend!!"
ct = rsa_encrypt(m, e, n)
md = rsa_decrypt(ct, d, n)
print md
def __init__(self):
self.p = gensafeprime.generate(300) #300 bit primes
self.q = gensafeprime.generate(300)
self.n = self.p * self.q
self.e, self.d = generate_key_pair(self.p, self.q)
self.texts = [
"I like cheese", "I like cryptography",
"I'm not very good at this", "hmmmmmmmm", "Do your worst!",
"I bet you can't decrypt this"
]
def keypair(bits):
p = gensafeprime.generate(bits)
q = gensafeprime.generate(bits)
n = p * q
et = (p - 1) * (q - 1)
e = 3
d = invmod(e, et)
Public = [e, n]
Private = [d, n]
return [Public, Private]
def keypair(bits):
p = gensafeprime.generate(bits)
q = gensafeprime.generate(bits)
n = p * q
et = (p-1) * (q-1)
e = 3
d = invmod(e, et)
Public = [e, n]
Private = [d, n]
return [Public, Private]
def __init__(self, pk = None, sk = None):
self.MsgDir = './messages/'
if pk is None:
from gensafeprime import generate
p, q = generate(1024), generate(1024)
pk = p * q
self.pk = pk
if sk is None:
sk = 2 * number.getRandomNBitInteger(255) + 1
self.sk = sk
def rsa_keygen(n):
# use openssl to generate primes
p = gensafeprime.generate(n//2)
q = gensafeprime.generate(n//2)
N = p*q
phi = (p-1)*(q-1)
d = modinv(phi, E_RSA)
sk = (d, N)
pk = (E_RSA, N)
return pk, sk
def rsa_keygen(n):
# use openssl to generate primes
p = gensafeprime.generate(n // 2)
q = gensafeprime.generate(n // 2)
N = p * q
phi = (p - 1) * (q - 1)
d = modinv(phi, E_RSA)
sk = (d, N)
pk = (E_RSA, N)
return pk, sk
def main():
m = "Hi I'm encrypting this 3 times hopefully it goes ok!"
ct = []
pk = []
for i in range(3):
p = gensafeprime.generate(300) #300 bit primes
q = gensafeprime.generate(300)
n = p*q
e,d = generate_key_pair(p, q)
c = rsa_encrypt(m, e, n)
ct.append(c)
pk.append(n)
print e_3_broadcast(ct, pk)
def __init__(self, l=512):
if l <= 0:
print "error"
raise Exception()
elif l < 16:
self._p = 47
self._q = 59
self.n = self._p * self._q
self._phi = (self._p - 1) * (self._q - 1)
else:
self._p = gensafeprime.generate(l)
self._q = gensafeprime.generate(l)
self.n = self._p * self._q
self._phi = (self._q - 1) * (self._p - 1)
def rsa(msg):
e = 3
p = gensafeprime.generate(1024)
q = gensafeprime.generate(1024)
n = p * q
et = (p - 1) * (q - 1)
d = Crypto.Util.number.inverse(e, et)
m = Crypto.Util.number.bytes_to_long(msg)
c = pow(m, e, n)
decrypt_msg = pow(c, d, n)
dec = Crypto.Util.number.long_to_bytes(decrypt_msg)
print(dec)
return (c, n)
def gen_keys():
'''
generates public and private key for RSA encryption
with crypto safe prime numbers (1024 bits)
returns -> ( public ( e , n ) , private ( d , n )
'''
e = 17
p = gensafeprime.generate(128)
q = gensafeprime.generate(128)
n = p*q
et = (p-1)*(q-1)
d = inverse(e,et)
public = e,n
private = d,n
return(public,private)
def generate_primes(key_size=128):
"""
Generate some primes. Key size in bits.
"""
if key_size >= 512:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=key_size,
backend=default_backend())
private_numbers = private_key.private_numbers()
p, q = private_numbers.p, private_numbers.q
else:
import gensafeprime
p, q = gensafeprime.generate(key_size), gensafeprime.generate(key_size)
return min(p, q), max(p, q)
def diffie_helman():
g = 5
rbytes = ssl.rand.bytes(63)
s = long(rbytes.encode('hex'), 16)
p = sp.generate(504)
print "g=%d, s=%d, p=%d" % (g, s, p)
print "g^s mod p =%d" % (modular_exponentiation(g, s, p))
def diffie_helman():
g = 5
rbytes = ssl.rand.bytes(63)
s = long(rbytes.encode('hex'), 16)
p = sp.generate(504)
print "g=%d, s=%d, p=%d" % (g, s, p)
print "g^s mod p =%d" % (modular_exponentiation(g, s, p))
def get_primes():
rel_prime = False
p, q = 0, 0
while not rel_prime:
# Ensure high order bit is set
while (p >> 511) != 1: # or could bit-wise & with 2^512 and check if equal to 2^512
p = sp.generate(512)
while (q >> 511) != 1:
q = sp.generate(512)
# Verify that phi(n) [(p-1)(q-1) is relatively prime to e]
phin = (p - 1) * (q - 1)
if relatively_prime(phin, e) == 1: # or just phin % e != 0, since e is prime
rel_prime = True
else:
p, q = 0, 0
return p, q
def generate_key(self):
# l is length of p1 and q1
# (l+1) is length of p and q
# n = p * q -> length of n is 2*(l+1)
safeprime_length = self.sec_params["l"] + 1
self.p = gensafeprime.generate(safeprime_length)
self.q = gensafeprime.generate(safeprime_length)
self.p1 = (self.p - 1) / 2
self.q1 = (self.q - 1) / 2
#if self.p1 == self.q1:
# sys.exit("p1 and q1 are the same")
n = self.p * self.q
self.pub_key["n"] = n
n2 = n * n
# n1 = self.p1 * self.q1
gg1 = number.getRandomRange(0, n2) # g' in paper
g = pow(gg1, 2 * n, n2)
self.pub_key["g"] = g
# choose x1, x2, x3 which are < n^2/4
b = n2 / 4
x1 = number.getRandomRange(0, b)
x2 = number.getRandomRange(0, b)
x3 = number.getRandomRange(0, b)
self.sec_key["n"] = n
self.sec_key["g"] = g
self.sec_key["x1"] = x1
self.sec_key["x2"] = x2
self.sec_key["x3"] = x3
y1 = pow(g, x1, n2)
y2 = pow(g, x2, n2)
y3 = pow(g, x3, n2)
self.pub_key["y1"] = y1
self.pub_key["y2"] = y2
self.pub_key["y3"] = y3
return True
def make_pubpri(nbit):
p, q, r = [getPrime(nbit) for _ in xrange(3)]
n = p * q * r
phi = (p - 1) * (q - 1) * (r - 1)
l = min([p, q, r])
d = getPrime(1 << 8)
e = inverse(d, phi)
a = gensafeprime.generate(2 * nbit)
while True:
g = getRandomRange(2, a)
if pow(g, 2, a) != 1 and pow(g, a / 2, a) != 1:
break
return (n, e, a, g), (n, d, a, g)
def extended_euclid(a, b):
if a == 0:
return b, 0, 1
else:
g, y, x = extended_euclid(b % a, a)
return g, x - (b // a) * y, y
if __name__ == "__main__":
# generate key params
bitlen = 512
e = 65537
p = gensafeprime.generate(bitlen)
q = gensafeprime.generate(bitlen)
n = p * q
m = (p - 1) * (q - 1)
while not coprime([e, m]):
p = gensafeprime.generate(bitlen)
q = gensafeprime.generate(bitlen)
n = p * q
m = (p - 1) * (q - 1)
d = mod_inv(e, m)
print("p: " + str(p))
print("q: " + str(q))
print("n: " + str(n))
print("e: " + str(e))
print("d: " + str(d))
def keygen(k, t, l, save_dir, save_in_file=True, gen_dlut=False):
# generate distinct primes vp and vq
vp = gensafeprime.generate(t)
while (1):
vq = gensafeprime.generate(t)
if vp != vq:
break
# generate u to be the prime just greater than 2^l+2
u = nextprime(pow(2, l + 2))
# generate prime p s.t. vp | p-1 and u | p-1
print("Generating p....")
while (1):
temp1 = 2 * u * vp
sz = k // 2 - temp1.bit_length()
prand = gensafeprime.generate(sz)
p = temp1 * prand + 1
if isprime(p):
break
print("Generating q....")
# generate prime q s.t. vq | q-1 and u | q-1
while (1):
temp1 = 2 * u * vq
sz = k // 2 - temp1.bit_length()
qrand = gensafeprime.generate(sz)
q = temp1 * qrand + 1
if isprime(q):
break
# calc n
n = p * q
# finding h
partials_p = [2 * u * vp, 2 * u * prand, 2 * vp * prand, prand * vp * u]
while (1):
hrandp = random.randint(0, p - 1)
if (hrandp == 1 or math.gcd(hrandp, p) != 1):
continue
f = False
for prod in partials_p:
f = f | (pow(hrandp, prod, p) == 1)
if (f):
break
if (not f):
break
partials_q = [2 * u * vq, 2 * u * qrand, 2 * vq * qrand, qrand * vq * u]
while (1):
hrandq = random.randint(0, q - 1)
if (hrandq == 1 or math.gcd(hrandq, q) != 1):
continue
f = False
for prod in partials_q:
f = f | (pow(hrandq, prod, q) == 1)
if (f):
break
if (not f):
break
hrand = (hrandp * q * mod_inverse(q, p) +
hrandq * p * mod_inverse(p, q)) % n
h = pow(hrand, 2 * u * prand * qrand, n)
#finding g
partials_p = [2 * u * vp, 2 * u * prand, 2 * vp * prand, prand * vp * u]
while (1):
grandp = random.randint(0, p - 1)
if (grandp == 1 or math.gcd(grandp, p) != 1):
continue
f = False
for prod in partials_p:
f = f | (pow(grandp, prod, p) == 1) # modp or modp-1
if (f):
break
if (not f):
break
partials_q = [2 * u * vq, 2 * u * qrand, 2 * vq * qrand, qrand * vq * u]
while (1):
grandq = random.randint(0, q - 1)
if (grandq == 1 or math.gcd(grandq, q) != 1):
continue
f = False
for prod in partials_q:
f = f | (pow(grandq, prod, q) == 1) # modp or modp-1
if (f):
break
if (not f):
break
grand = (hrandp * q * mod_inverse(q, p) +
hrandq * p * mod_inverse(p, q)) % n
g = pow(grand, 2 * prand * qrand, n)
priv, pub = {}, {}
priv['p'], priv['q'], priv['vp'], priv['vq'] = p, q, \
vp, vq
pub['n'], pub['g'], pub['h'], pub['u'], pub['t'] = n, g, \
h, u, t
if (gen_dlut):
print("Generating dlut....")
priv['dlut'] = []
for i in range(pub['u']):
if (i % 10000 == 0):
print(i)
priv['dlut'].append(pow(pub['g'], priv['vp'] * i, priv['p']))
priv['dlut'] = np.array(priv['dlut'])
if (save_in_file):
np.save(os.path.join(save_dir, "priv.npy"), priv)
np.save(os.path.join(save_dir, "pub.npy"), pub)
return priv, pub
def genSafePrimes(k):
p = gensafeprime.generate(k - 1)
return (p - 1) / 2, p
return crypt(integer, public_key)
def decrypt_string(ciphertext, private_key):
"""Take an integer, return a string."""
return i2s(crypt(ciphertext, private_key))
#### tests ####
## invmod
assert invmod(17, 3120) == 2753
for i in range(10):
a = gensafeprime.generate(64)
m = gensafeprime.generate(64)
x = invmod(a, m)
assert (a * x) % m == 1
## i2s and s2i
h = 'Hiya'
assert i2s(s2i(h)) == h
assert s2i(i2s(999999999)) == 999999999
assert s2i(i2s(9999999999)) == 9999999999
## keypair and crypt
for i in range(10):
U, R = keypair(64)
def __init__(self, bits):
p = gensafeprime.generate(bits/2)
q = gensafeprime.generate(bits/2)
self.bits = bits
self.n = p*q
self.e, self.d = generate_key_pair(p, q)
def gen_N(b=4096):
p = gensafeprime.generate(b // 2)
q = gensafeprime.generate(b // 2)
return p * q
def generate_prime():
prime = gensafeprime.generate(512)
if prime & 1 == 0:
prime = generate_prime()
return prime
def __init__(self):
p = gensafeprime.generate(1024)
q = gensafeprime.generate(1024)
self.n = p*q
self.e, self.d = generate_key_pair(p, q)
import gensafeprime
import random
import time
#générer deux chiffres aléatoires premiers p et q
p = gensafeprime.generate(1024)
q = gensafeprime.generate(1024)
print('Affichage de la valeur de p : ', p)
print('Affichage de la valeur de q : ', q)
N = p * q
print('Affichage de la valeur de N :', N)
#Fi est le 𝜑(𝑁) vu en cours
Fi = (p - 1) * (q - 1)
print('Affichage de la valeur de Fi :', Fi)
# e est l'une des valeurs de la clé public , elle a été énnoncée dans le TP
e = 65537
print("Affichage de la valeur de e :", e)
# pour effectuer l'inversion modulaire on implémente deux fonctions qui sont extended_gcd et inverse_modulaire
def extended_gcd(val1, val2):
lastremainder, remainder = abs(val1), abs(val2)
x, lastx, y, lasty = 0, 1, 1, 0
while remainder:
lastremainder, (quotient,
remainder) = remainder, divmod(lastremainder,
remainder)
import struct, sys, proto, gensafeprime, discrete_log_proof
p=gensafeprime.generate(1024)
coins=set([pow(2,int(s),p) for s in sys.argv[2:]])
proto.bank("127.0.0.1", int(sys.argv[1]),coins,p)
for _ in menu(
*[ f"What do, {USER}?" ] +
[
("Share useless flag.", share_user_flag),
("Redeem useless flag.", redeem_user_flag),
("Store scoring flag.", share_actual_flag),
("Retrieve scoring flag.", redeem_actual_flag)
],
loop=True, done_option=True
):
pass
if not os.path.exists(os.path.join(os.path.dirname(__file__), "prime.ooo")):
print("[STARTUP] Generating prime...")
with open("prime.ooo", 'w') as _f:
_f.write(str(gensafeprime.generate(256)))
if not os.path.exists(os.path.join(os.path.dirname(__file__), "matrix.ooo")):
print("[STARTUP] Generating matrix...")
with open("matrix.ooo", 'w') as _f:
_f.write(str(random_matrix(100, 5)))
P = ast.literal_eval(open("prime.ooo").read().strip())
M = ast.literal_eval(open("matrix.ooo").read().strip())
N = len(M)
K = len(M[0])
def sanity_check(n=N, k=K, m=M):
def one_check(secret):
shares = split_secret(secret, n, k, m)
random.shuffle(shares)
"""Take a string, return an integer."""
integer = s2i(string)
return crypt(integer, public_key)
def decrypt_string(ciphertext, private_key):
"""Take an integer, return a string."""
return i2s(crypt(ciphertext, private_key))
#### tests ####
## invmod
assert invmod(17, 3120) == 2753
for i in range(10):
a = gensafeprime.generate(64)
m = gensafeprime.generate(64)
x = invmod(a, m)
assert (a*x) % m == 1
## i2s and s2i
h = 'Hiya'
assert i2s(s2i(h)) == h
assert s2i(i2s(999999999)) == 999999999
assert s2i(i2s(9999999999)) == 9999999999
## keypair and crypt
for i in range(10):
U, R = keypair(64)
import gensafeprime
import subprocess
import shlex
from math import ceil, log, exp
BITS = [50, 55, 60]
CONFS = {'1': 'hostfile_1', '2': 'hostfile_2', '4': 'hostfile_4'}
BOUND_FACTORS = [1, 2, 4, 8, 16]
COMMANDLINE = "mpirun --hostfile {} -np {} ./bachelor_main {} {} {}"
def L(a,c,N):
z = ceil(exp(c*log(N) ** a*log(log(N)) ** (1-a)))
if z % 2:
z += 1
return ceil(z)
for bits, factor in itertools.product(BITS, BOUND_FACTORS):
prime = gensafeprime.generate(bits)
default_bound = L(0.5, 0.5, prime)
for workers, hostfile in CONFS.items():
cmdline = COMMANDLINE.format(hostfile, workers, bits, prime, ceil(factor * default_bound))
print("---------------------------------")
print('# ', cmdline)
out = subprocess.check_output(shlex.split(cmdline), universal_newlines=True)
print(out)
print("---------------------------------")
print()
with open('out_{}_{}_{}'.format(bits, workers, factor), 'w') as f:
f.write(out)
def __init__(self, bits):
p = gensafeprime.generate(bits / 2)
q = gensafeprime.generate(bits / 2)
self.bits = bits
self.n = p * q
self.e, self.d = generate_key_pair(p, q)
def generate_prime():
prime = gensafeprime.generate(512)
if prime & 1 == 0:
prime = generate_prime()
return prime
def erik_tews_SSL_prime(n):
return gensafeprime.generate(n)
#!/usr/bin/env python3 import gensafeprime import hashlib import random import binascii random.seed(12345) # Seed the PRNG p = gensafeprime.generate(1024) # Generate a safe prime `p` g = random.randint(2, p - 2) # Alice and Bob agree on a base `g` a = random.randint(2, p - 2) # Alice selects their `a` b = random.randint(2, p - 2) # Bob selects their `b` ga = pow(g, a, p) # Alice computes g^a mod p gb = pow(g, b, p) # Bob computes g^b mod p ka = pow(gb, a, p) # Alice uses Bob's `gb` to compute the key kb = pow(ga, b, p) # Bob uses Alice's `ga` to compute the key assert ka == kb # Alice and Bob now have the same key! # ka is maximally 1024 bits, so convert to 128 bytes key = hashlib.sha224(ka.to_bytes(128, 'big')).hexdigest() print(key)
