def step2(search_number, i, M):
if i == 1 or len(M) > 1:
# Step 2a/2b
while True:
if debug:
sys.stdout.write("\rCurrent search number: %d" % search_number)
sys.stdout.flush()
search_number += 1
test_ciphertext = c0 * search_number ** exponent
test_ciphertext %= modulus
if padding_oracle(test_ciphertext.binary()[::-1]):
if verbose:
print "Found s0! Starting to narrow search interval..."
return(search_number)
else:
# Step 2c
a = list(M)[0][0]
b = list(M)[0][1]
r = gmpy.ceil( 2*(b * search_number - B2)/modulus )
while True:
s_range_bottom = gmpy.ceil(( B2 + r * modulus ) / b)
s_range_top = gmpy.floor(( B3-1 + r * modulus ) / a)
s = gmpy.mpz(s_range_bottom)
while s <= s_range_top:
test_ciphertext = c0 * s ** exponent
test_ciphertext %= modulus
if padding_oracle(test_ciphertext.binary()[::-1]):
return(s)
s += 1
r += 1
def step2(search_number, i, M):
if i == 1 or len(M) > 1:
# Step 2a/2b
while True:
if debug:
sys.stdout.write("\rCurrent search number: %d" % search_number)
sys.stdout.flush()
search_number += 1
test_ciphertext = c0 * search_number ** exponent
test_ciphertext %= modulus
if padding_oracle(test_ciphertext.binary()[::-1]):
if verbose:
print "Found s0! Starting to narrow search interval..."
return(search_number)
else:
# Step 2c
a = list(M)[0][0]
b = list(M)[0][1]
r = gmpy.ceil( 2*(b * search_number - B2)/modulus )
while True:
s_range_bottom = gmpy.ceil(( B2 + r * modulus ) / b)
s_range_top = gmpy.floor(( B3-1 + r * modulus ) / a)
s = gmpy.mpz(s_range_bottom)
while s <= s_range_top:
test_ciphertext = c0 * s ** exponent
test_ciphertext %= modulus
if padding_oracle(test_ciphertext.binary()[::-1]):
return(s)
s += 1
r += 1
def vector_norm_i(v):
"""
Calculate Norm of vector as Integer
Args:
v : A vector
Return: || v ||
"""
return int(gmpy.ceil(gmpy.sqrt(sum(starmap(op.pow, zip(v, cycle([2])))))))
def step3(s, M, R):
new_M = set([])
for a,b in M:
for r in R:
new_a = max(a, gmpy.ceil( (B2 + r * modulus)/s ) )
new_b = min(b, gmpy.floor( (B3 - 1 + r * modulus)/s ) )
if new_a <= new_b:
new_M |= set([(new_a, new_b)])
return new_M
def get_r_values(s, M):
R = []
for a,b in M:
low_val = gmpy.ceil( (a * s - B3 + 1)/modulus )
high_val = gmpy.floor( ((b * s - B2)/modulus))
R.extend([x for x in range(int(low_val),int(high_val+1))])
if verbose and len(R) > 1:
print "Found %d possible r values, trying to narrow to one..." % len(R)
return R
def step3(s, M, R):
new_M = set([])
for a,b in M:
for r in R:
new_a = max(a, gmpy.ceil( (B2 + r * modulus)/s ) )
new_b = min(b, gmpy.floor( (B3 - 1 + r * modulus)/s ) )
if new_a <= new_b:
new_M |= set([(new_a, new_b)])
return new_M
def get_r_values(s, M):
R = []
for a,b in M:
low_val = gmpy.ceil( (a * s - B3 + 1)/modulus )
high_val = gmpy.floor( ((b * s - B2)/modulus))
R.extend([x for x in range(int(low_val),int(high_val+1))])
if verbose and len(R) > 1:
print "Found %d possible r values, trying to narrow to one..." % len(R)
return R
def fermat_factor(N, minutes=10, verbose=False):
"""
Code based on Sage code from FactHacks, a joint work by
Daniel J. Bernstein, Nadia Heninger, and Tanja Lange.
http://facthacks.cr.yp.to/
N - integer to attempt to factor using Fermat's Last Theorem
minutes - number of minutes to run the algorithm before giving up
verbose - (bool) Periodically show how many iterations have been
attempted
"""
from time import time
current_time = int(time())
end_time = current_time + int(minutes * 60)
def sqrt(n):
return gmpy.fsqrt(n)
def is_square(n):
sqrt_n = sqrt(n)
return sqrt_n.floor() == sqrt_n
if verbose:
print "Starting factorization..."
gmpy.set_minprec(4096)
N = gmpy.mpf(N)
if N <= 0: return [1,N]
if N % 2 == 0: return [2,N/2]
a = gmpy.mpf(gmpy.ceil(sqrt(N)))
count = 0
while not is_square(gmpy.mpz(a ** 2 - N)):
a += 1
count += 1
if verbose:
if (count % 1000000 == 0):
sys.stdout.write("\rCurrent iterations: %d" % count)
sys.stdout.flush()
if time() > end_time:
if verbose: print "\nTime expired, returning [1,N]"
return [1,N]
b = sqrt(gmpy.mpz(a ** 2 - N))
print "\nModulus factored!"
return [long(a - b), long(a + b)]
def fermat_factor(N, minutes=10, verbose=False):
"""
Code based on Sage code from FactHacks, a joint work by
Daniel J. Bernstein, Nadia Heninger, and Tanja Lange.
http://facthacks.cr.yp.to/
N - integer to attempt to factor using Fermat's Last Theorem
minutes - number of minutes to run the algorithm before giving up
verbose - (bool) Periodically show how many iterations have been
attempted
"""
from time import time
current_time = int(time())
end_time = current_time + int(minutes * 60)
def sqrt(n):
return gmpy.fsqrt(n)
def is_square(n):
sqrt_n = sqrt(n)
return sqrt_n.floor() == sqrt_n
if verbose:
print "Starting factorization..."
gmpy.set_minprec(4096)
N = gmpy.mpf(N)
if N <= 0: return [1,N]
if N % 2 == 0: return [2,N/2]
a = gmpy.mpf(gmpy.ceil(sqrt(N)))
count = 0
while not is_square(gmpy.mpz(a ** 2 - N)):
a += 1
count += 1
if verbose:
if (count % 1000000 == 0):
sys.stdout.write("\rCurrent iterations: %d" % count)
sys.stdout.flush()
if time() > end_time:
if verbose: print "\nTime expired, returning [1,N]"
return [1,N]
b = sqrt(gmpy.mpz(a ** 2 - N))
print "\nModulus factored!"
return [long(a - b), long(a + b)]
def try_weightedavg(N, weightedavg2sq):
# gmpy.set_minprec(1000)
# print weightedavg2 - 2*gmpy.ceil(gmpy.fsqrt(6*N))
import pdb
# pdb.set_trace()
# radical = gmpy.fsqrt(weightedavg2sq - 24*N)
# numerators = [gmpy.fsqrt(weightedavg2sq) + x for x in [radical, -radical]]
# for n in numerators:
# p = gmpy.cdivmod(mpz(gmpy.fround(n)), 6)[0] # +/- 1?
# # q = gmpy.cdivmod(weightedavg2 - 3*p, 2)[0]
# if(gmpy.cdivmod(N,p)[1] == 0):
# print("found divisor")
# print p
# if p*q == N:
# return min(p,q)
# print "diff"
# print (3*p + 2*q)/2 - gmpy.ceil(gmpy.sqrt(6*N))
# pdb.set_trace()
# weightedavg2 = mpz(gmpy.floor(gmpy.fsqrt(weightedavg2sq)))
# num = weightedavg2 - mpz(gmpy.fsqrt(N/2)) - 1
# lim = weightedavg2 + 1
# done = False
# while not done and num < lim:
# # print num
# p = gmpy.cdivmod(num, 6)[0] # +/- 1?
# # q = gmpy.cdivmod(weightedavg2 - 3*p, 2)[0]
# if(gmpy.cdivmod(N,p)[1] == 0):
# done = True
# print("found divisor")
# print min(p, gmpy.cdivmod(N,p)[0])
# return True
# num += 1
weightedavg2 = gmpy.ceil(gmpy.fsqrt(weightedavg2sq))
num = weightedavg2 - gmpy.fsqrt(weightedavg2 * weightedavg2 - 24 * N)
p = gmpy.cdivmod(mpz(num), 6)[0]
for i in xrange(0, 100000):
if (gmpy.cdivmod(N, p + i)[1] == 0 or gmpy.cdivmod(N, p - i)[1] == 0):
print("found divisor")
q = gmpy.cdivmod(N, p)[0]
print min(p, q)
print N == p * q
print i
return True
return False
def try_weightedavg(N, weightedavg2sq):
# gmpy.set_minprec(1000)
# print weightedavg2 - 2*gmpy.ceil(gmpy.fsqrt(6*N))
import pdb
# pdb.set_trace()
# radical = gmpy.fsqrt(weightedavg2sq - 24*N)
# numerators = [gmpy.fsqrt(weightedavg2sq) + x for x in [radical, -radical]]
# for n in numerators:
# p = gmpy.cdivmod(mpz(gmpy.fround(n)), 6)[0] # +/- 1?
# # q = gmpy.cdivmod(weightedavg2 - 3*p, 2)[0]
# if(gmpy.cdivmod(N,p)[1] == 0):
# print("found divisor")
# print p
# if p*q == N:
# return min(p,q)
# print "diff"
# print (3*p + 2*q)/2 - gmpy.ceil(gmpy.sqrt(6*N))
# pdb.set_trace()
# weightedavg2 = mpz(gmpy.floor(gmpy.fsqrt(weightedavg2sq)))
# num = weightedavg2 - mpz(gmpy.fsqrt(N/2)) - 1
# lim = weightedavg2 + 1
# done = False
# while not done and num < lim:
# # print num
# p = gmpy.cdivmod(num, 6)[0] # +/- 1?
# # q = gmpy.cdivmod(weightedavg2 - 3*p, 2)[0]
# if(gmpy.cdivmod(N,p)[1] == 0):
# done = True
# print("found divisor")
# print min(p, gmpy.cdivmod(N,p)[0])
# return True
# num += 1
weightedavg2 = gmpy.ceil(gmpy.fsqrt(weightedavg2sq))
num = weightedavg2 - gmpy.fsqrt(weightedavg2*weightedavg2 - 24*N)
p = gmpy.cdivmod(mpz(num), 6)[0]
for i in xrange(0, 100000):
if(gmpy.cdivmod(N,p+i)[1] == 0 or gmpy.cdivmod(N,p-i)[1] == 0) :
print("found divisor")
q = gmpy.cdivmod(N,p)[0]
print min(p, q)
print N == p*q
print i
return True
return False
def func1(N):
"""Computes p and q based on N and the fact that |p−q| < 2*N**(1/4)"""
A = mpz(ceil(fsqrt(N)))
return _func1(N, A)
return myint
def str2intnew(mystr):
res = ''
for char in mystr:
res = res + str(ord(char))
return res
def str_int(s):
a=0
for i in range(0,len(s)):
a=a+ord(s[i])*256**i
return a
N = gmpy.mpz(1234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234717283950617286419848309592787370341273747873748589842596504841720640394292494902982398728707626152070858561887866820294694355043665630787554216250435696249211077918492329836269203487802969283814463105539751494270071615655993342320948911726155780461076389165979343111846372150233530706650782398611627761941453287668879721303235540318234064753133821318150932201158894328482335388315649950679451828519628822971)
r = int(gmpy.ceil(gmpy.sqrt(N)))
p = gmpy.mpz(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723116269)
q = gmpy.mpz(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723109959)
e = 65537L
phi = (p-1)*(q-1)
d = gmpy.gcdext(e, phi)[1]
if d < 0:
d = d + phi
val = getpass('factor 1')
username = pow(gmpy.mpz(int(val[0])), e, N)
username = 418296719726
password = pow(gmpy.mpz(username), d, N)
print password
for char in mystr:
res = res + str(ord(char))
return res
def str_int(s):
a = 0
for i in range(0, len(s)):
a = a + ord(s[i]) * 256**i
return a
N = gmpy.mpz(
1234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234717283950617286419848309592787370341273747873748589842596504841720640394292494902982398728707626152070858561887866820294694355043665630787554216250435696249211077918492329836269203487802969283814463105539751494270071615655993342320948911726155780461076389165979343111846372150233530706650782398611627761941453287668879721303235540318234064753133821318150932201158894328482335388315649950679451828519628822971
)
r = int(gmpy.ceil(gmpy.sqrt(N)))
p = gmpy.mpz(
1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723116269
)
q = gmpy.mpz(
1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723109959
)
e = 65537L
phi = (p - 1) * (q - 1)
d = gmpy.gcdext(e, phi)[1]
if d < 0:
d = d + phi
val = getpass('factor 1')
import sys
import re
from math import log
from gmpy import ceil
from pprint import pprint
input = sys.stdin
T=int(input.readline())
for i in xrange(1,T+1):
L,P,C = [int(x) for x in input.readline().split()]
#print L, P, C
# if float(P) / L == C:
# x = 0
# else:
# #x = ceil(log(log(float(P)/L,C), 2))
# x = ceil(log(ceil(log(float(P)/L,2)), C))
if L*C >= P:
x = 0
else:
x = ceil(log(ceil(log(ceil(float(P)/L),C)), 2))
print "Case #%s: %s" % (i,int(x))
def func1(N):
"""Computes p and q based on N and the fact that |p−q| < 2*N**(1/4)"""
A = mpz(ceil(fsqrt(N)))
return _func1(N, A)
