def step_t_5(a_base, B, p1): if p1 <= int(root(B, 5)): ### Посчет времени работы start_time = time.time() ### n_list = [] l = 5 if p1 % 4 == 3: n_list = [p1] q_3k4 = readfile("primes/4k+3.txt") sign_p1 = [] for a in a_base: sign_p1.append(numth.jacobi(a, p1)) for q in q_3k4: if q % 24 == p1 % 24: sign_q = [] for a in a_base: sign_q.append(numth.jacobi(a, q)) if sign_q == sign_p1: n_list.append(q) # else: # for p in primes: ### total_time = "--- %s seconds ---\n" % (time.time() - start_time) ### return np.array(n_list) else: print(f"Value Error: p1 > {int(root(B, 5))}")
def solve(ciphertexts, modulus): C = chinese_remainder_theorem(list(zip(ciphertexts, modulus))) M = int(root(C, 3)) M = long_to_bytes(M) if b'flag' in M: print(M.decode()) exit()
def hastads_broadcast_attack(e, pairs): """Hastad's Broadcast Attack If we have e ciphertext of same plaintext with different N, we can find the plaintext using Chinese Remainder Theorem. """ x, n = chinese_remainder_theorem(pairs) return int(gmpy2.root(x, e))
def find_nearest_power(number): gmpy2.get_context().precision = 10000 smallest_r = number nearest_xy = 0 for i in range(2, int(math.log(number, 2))): floor = int(gmpy2.root(mpfr(number), i))**i if number - floor < smallest_r: if floor > number: print("error at %d" % i) smallest_r = number - floor nearest_xy = floor return smallest_r
def Gen_k(a_base, t, B, X): m = len(a_base) T = Hash_Table() a = bases[m] for p in primes: if p <= int(root(B / (a**(t - 2)), 2)): factors = numth.factorization(p - 1) nums = [] for i in range(len(factors)): nums.append(Lambda_p(a_base, factors[i][0])) lmd_p = Lambda_list(a_base, primes) s = T.fetch(Sign(a_base, p)) k = np.prod(s) / s[-1] * p k_list = s[:-1] + [p] if k <= X: pt = Rule_out_k(a_base, k) else: pt = Sieving(a_base, k_list, B) if p <= int(root(B / (a**(t - 3)), 3)): T.insert(Sign(a_base, p), p, lmd_p) return
def t_2(a_base, B, primes_list): clearfile(f"res/jae/2/{a_base}/spsp_{B}.txt") spsp = [] ### Посчет времени работы start_time = time.time() ### i = 1 for p in primes_list: if p < int(root(B, 2)): if p > a_base[-1]: lmd_p = Lambda_p(a_base, p) lmd = numth.lcm(lmd_p, 2) for k in range(int(1 + (p - 1) / lmd), int((B - p) / (p * lmd)) + 1, 1): q = 1 + k * lmd if p * q <= B: # and p * q > B // 100: if numth.is_prime(q) and q > p: if q + 1 == 2 * p: if check_signs(a_base, [p, q]) and psp_2( a_base, [p, q]): item = Signature(Sign(a_base, p), [p, q]) s = f"{i} {np.prod(item.primes)} {item.primes} {item.sign}\n" writefile( f"res/jae/2/{a_base}/spsp_{B}.txt", s) i += 1 spsp.append(item) else: continue else: P = p * (1 + k * lmd) if psp(a_base, P) and check_signs( a_base, [p, q]): item = Signature(Sign(a_base, p), [p, q]) s = f"{i} {np.prod(item.primes)} {item.primes} {item.sign}\n" writefile( f"res/jae/2/{a_base}/spsp_{B}.txt", s) i += 1 spsp.append(item) # else: # break ### total_time = "--- %s seconds ---\n" % (time.time() - start_time) ### writefile(f"res/jae/2/{a_base}/spsp_{B}.txt", total_time) return spsp
def _keylessDecryption_broadcast_msg(path): n_1, n_2, n_3, e, key_S_1, key_S_2, key_S_3, iv_1, kol1 = asnGenerator.decode( path) #n_2, e_2, key_S_2, iv_2, kol2 = asnGenerator.decode("wallpapers2.jpg.ecrypted") #n_3, e_3, key_S_3, iv_3, kol3 = asnGenerator.decode("wallpapers3.jpg.ecrypted") m = (n_1, n_2, n_3) a = (key_S_1, key_S_2, key_S_3) x = crt(m, a) #print("x ==== ", x) print("\n\nX = ", x) #print("x^(1/3) = ", pow(x,1/3)+1) gmpy2.get_context().precision = 200 m = int(gmpy2.root(x, 3)) print("m = ", m) decryptedKey_S = m.to_bytes(16, 'big') print('Dec Key s = ', decryptedKey_S) print("IV = ", iv_1) b = bytearray() with open('~tmp' + path, 'rb') as file: data = file.read() #print('Cipher:\n') #print(data) print('Decrypted:\n') decryptedText = AES_data_Decryption(data, decryptedKey_S, iv_1) #print("kol = ",kol1) #print("len(cip) = ", len(decryptedText)) kol2 = len(decryptedText) i = 0 while i < kol1: b.append(decryptedText[i]) i = i + 1 #pad(data,AES.block_size), decryptedKey_S, iv_fromCipher) #decryptedText = unpad(decryptedText, AES.block_size) #print(decryptedText) os.remove('~tmp' + path) output = open(path + ".decrypted", 'wb') output.write(b) #decryptedText) output.close()
def main(): global lock lock = threading.Lock() jobs = [] procs = 5 for i in range(procs): process = threading.Thread(target=list_append) jobs.append(process) for j in jobs: j.start() for j in jobs: j.join() C = chinese_remainder_theorem(keys) M = int(root(C, n_items)) print(n_to_bytes(M))
def main(): n= 691611766208546073444876122261067788277978858453710639029761974358666489171591889808344592871468081368348731289584873825685836699513369087940744233044470468106283756269016888690397802087612562650740690626844050981638158798650899164329024889012339813251634342169796374490173324858177655412520581064091323105709703802894635752243504165527728325493775585018099572491218738859140069209745383085972126419677929983854492018948495162457428459536088314487922683148031388611849013227501962458386817851194913551405843074740308192841259015955432216658418219471365781271743026881045054161177699500233983945284463060091084401032681620162554495490307966608011765399197534175588394769839991952726269105973546086964385977836193216093842605576347580465390858378577913173391209728199847916944392685608959720919745441534152140791433228642857247821519585327091864890122871765266988285510728943279970135846908966516130597249552710186071954611133294079017500030355232895541367427153922527925908108643934213023557398363684188823565535815365161748782796247844503993809352854741573950620787090272760236473228652960605730173150252619759400890068298838592790770868307280012495168740250977525199965477849089021924445456338550258621310346872587368865023459114279L e1= 2623119 e2= 2611101 c1= 632613645684838434911920364870092246688638723680203743297038042884981435531349983627632652213126007404455112992754038899192740232209237012089852184466576496173356903126767617531366105427616049893559911396536574555008451239827427140619373005107923039458285095437111146013805698400274937791209388463040761234346114146112603113513874269976957472698342250573902102976387047390228485927254752372525379266486917620487089416581168720140744193600912161065888758451629009978676721731074043142666019127528370181044741033938879227651226413524178992155234346229899043794846119210274959231350300191718278291314079326011260972911790929707654859407903619102516710246683375658271085356783673232677699444921875427077745087507202504075374873842972977165904031632108921391219453633100007509368853543202918527396858214941532156620908283394786740941868393377733920317480973184132461984594109692489226477402338664642727766514992506288377119275635222078018270479534265371971469799345627297451492177595572561618185463142728664331779856911512823762928116551034186671353283417747535010208121962539603383913657773795358612010178381857101029638404248669376029927680328805839410427459248430136708902815920536603541943356116875656311481908672896225539754812052984 c2= 473583830101449207063655453483957320801977763405664178108962387145963115641321631378723122470718049239150183483107837540062110255460217493574236417576528210993551734521104360323008425196350719034294427914294044848231276934402896045785500160974092767601908407706594433190832523140982335688121038712802163776950422665847149664034820576774873956120202470663588902529914328392634164212558025176982387474287314624421143326789371057668708456922968762564019631616913937820209470604081356673188045257490667304640155390478645279862586730343779998826931285683980941686981775369499484033439920659579124275957233449431588512697916708510428626881790592757578867152025501459202793986322020476004209777449674143157280081483085868896558215825742742029607229809248023263081810931655981810534293127835168642962477010095223356972141559004635008185531900175232541978761179342338914489553003329293031284557554252476291770973145365678145226167965362251186233138510776436645583796590010200995100899736056399413460647507781994189935869541735701599175369334170081795310585938471394672279359692859881857399434361716843681313191143289947464231132723256066979526475873327590657111481299295002695482778491520250596998683754980263059514032256777144682239680031331 s = egcd(e1, e2) s1 = s[1] s2 = s[2] if s1<0: s1 = - s1 c1 = modinv(c1, n) elif s2<0: s2 = - s2 c2 = modinv(c2, n) m = (pow(c1,s1,n)*pow(c2,s2,n))%n gmpy2.get_context().precision=2000 m = gmpy2.root(m,3) print str(hex(int(str(m)[:-2])))[2:-1].decode('hex')
def encodeToAxis(word_list): word_values = [1] used_words = [] for word in word_list: if used_words == []: used_words.append(word) continue curr_value = 0 for i in range(len(used_words)): curr_value += word_values[i] * sum_of_words[used_words[i]] word_values.append(curr_value + 1) used_words.append(word) for i, value in enumerate(word_values): word_values[i] = float(gmpy2.root(value, 750)) value_dict = {} for i in range(len(used_words)): value_dict[used_words[i]] = word_values[i] return value_dict
else: ponderacion = int(fecha_fin_list[0]) n_ponderacion += ponderacion lista_precios.append(precio_promedio**ponderacion) else: ponderacion = 5 lista_precios.append(precio_promedio**ponderacion) n_ponderacion += ponderacion print("Producto: " + ine_product, end="") for i in range(blank_spaces - len(ine_product)): print(" ", end="") for price in lista_precios: prom_geo_hist *= price try: prom_geo_hist = gmpy2.root(prom_geo_hist, n_ponderacion) except (ValueError, ZeroDivisionError): prom_geo_hist = None wsresumen.cell(row=row, column=column).value = float( prom_geo_hist) if prom_geo_hist is not None else prom_geo_hist try: print("Promedio geométrico: %d" % prom_geo_hist) except TypeError: print("Promedio geométrico: 0") row += 1 column += 1 if wsresumen.cell(row=8, column=column).value is None: break print("Guardando los cambios en el documento excel.")
def _introot_gmpy(n, r=2): if n < 0: return None if r & 1 == 0 else -_introot_gmpy(-n, r) return gmpy.root(n, r)[0]
if len(result) % 2 == 1: result = '0' + result return unhexlify(result) def rsaPQ(c, p, q, e): n = p * q lambdaN = lcm(p - 1, q - 1) d = modinv(e, lambdaN) m = gmpy2.powmod(c, d, n) result = format(m, 'x') if len(result) % 2 == 1: result = '0' + result return unhexlify(result) c = 19822919015216334606838147187844513303693151208933506237526243552791188358629927692564408308978667119010159015296389932255536038955462235588806834753957336725477679078308906619631832105515338709749280989968720700332965342664066727614684756288508336906873455402456724514409665063815883721368701414406637816503663069123152206187184332623963069223822592231181833565768221494006940826588467135926385229969814176675741364321794933093636886431505483774320087319252360432547660217288865770681157259876645827929973083604127379805176764472579255503056330078196468565478521112670467341060668527514751961549049873342692541606355 n = 31325016658297791169480146120150580664219873287421481080616514285705723444552690019413852971465151239826845324148227005504609963845765999280375945496745984700803995327426374755551653914842855856840873315380063944650694450432809712755761825613156119793152817878840392132906780617084024598234526140691477142470141549753066179951124472530113331326979879457581531345151803316432362920688290775743184527050943053649567601887797197755209287963264926465811140120495354841559998192053880422049607850758298738351886072262621692207202148055748922934409275716858927938602120378874645091397627068099133689377435543763129394494299 #p = #q = e = 65537 phi2d = 35906402511629257796873331657505713118658548928050971233624880390783608596696326954825632282869296602503506026224317700039936367304295793184619402438417258383719085966506311310962530256051162208791981402840855755528166814248646279836402945873499153624688740477810213128587258701444773118521965801623894073525113745206969653164649471755397819151217316846808139426381244899197410808004893311138089359750966674814512836216536006682471192475385232771846152596445095336059765670795032572594251794907179806180719654128026352708960205125585943113889680588589333301354560543641230664866892752046821466026179340210792546176562 phi = (phi2d * e - 2) // 2 // 37561 a = 1 b = n - phi + 1 p = -(-b + int(gmpy2.root(pow(b, 2) - 4 * a * n, 2))) // 2 q = n // p print(p) print(p * q - n) print(rsaPQ(c, p, q, e))
def sub_sub_sure_factors(f, u, curve_parameter): '''Finds all factors that can be found using ECM with a smoothness bound of u and sigma and give curve parameters. If that fails, checks for being a prime power and does Fermat factoring as well. Yields factors.''' while not (f & 1): yield 2 f >>= 1 while not (f % 3): yield 3 f = f // 3 if isprime(f): yield f return log_u = math.log(u) u2 = int(_7_OVER_LOG_2 * u * log_u / math.log(log_u)) primes = [] still_a_chance = True log_mo = math.log(f + 1 + sqrt(f << 2)) g = gcd(curve_parameter, f) if g not in (1, f): for factor in sub_sub_sure_factors(g, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(f//g, u, curve_parameter): yield factor return g2 = gcd(curve_parameter**2 - 5, f) if g2 not in (1, f): for factor in sub_sub_sure_factors(g2, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(f // g2, u, curve_parameter): yield factor return if f in (g, g2): yield f while still_a_chance: p1 = get_points([curve_parameter], f) for prime in primes: p1 = multiply(p1, prime, f) if not isinstance(p1, list): if p1 != f: for factor in sub_sub_sure_factors(p1, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(f//p1, u, curve_parameter): yield factor return else: still_a_chance = False break if not still_a_chance: break prime = 1 still_a_chance = False while prime < u2: prime = next_prime(prime) should_break = False for _ in range(int(log_mo / math.log(prime))): p1 = multiply(p1, prime, f) if not isinstance(p1, list): if p1 != f: for factor in sub_sub_sure_factors(p1, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(f//p1, u, curve_parameter): yield factor return else: still_a_chance = True primes.append(prime) should_break = True break if should_break: break for i in range(2, int(math.log(f) / LOG_2) + 2): r = root(f, i) if r[1]: for factor in sub_sub_sure_factors(r[0], u, curve_parameter): for _ in range(i): yield factor return a = 1 + sqrt(f) bsq = a * a - f iter = 0 while bsq != sqrt(bsq)**2 and iter < 3: a += 1 iter += 1 bsq += a + a - 1 if bsq == sqrt(bsq)**2: b = sqrt(bsq) for factor in sub_sub_sure_factors(a - b, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(a + b, u, curve_parameter): yield factor return yield f return
def step_t_3(a_base, B): clearfile(f"res/jnd/3/{a_base}/spsp_{B}.txt") clearfile(f"res/jnd/3/{a_base}/n_list_{B}.txt") n_list = [] ### Посчет времени работы start_time = time.time() ### # equal_2_list = parsefile(f"res/jnd/2/{a_base}/n_list_{B}.txt") # упорядочены по возрастанию p1, где p1<p2 # if len(equal_2_list) != 0: # for i in range(len(equal_2_list)): # p1 = equal_2_list[i].primes[0] # p2 = equal_2_list[i].primes[1] # b = int(p1 * p2) for p1 in primes: p1 = int(p1) print(p1) if p1 <= int(root(B, 3)): # and b * p2 < B: if p1 > a_base[-1]: print(p1) s = "" if len(a_base) > 6: a_base = a_base[:6] leg1 = [] for a in a_base: leg1.append(numth.jacobi(a, p1)) p2_3k4 = readfile("primes/4k+3.txt") p2_1k4 = readfile("primes/4k+1.txt") p2_5k8 = readfile("primes/8k+5.txt") p2_1k8 = readfile("primes/8k+1.txt") if p1 % 4 == 3: print(f"p1 34 {p1}") for p2 in p2_3k4: if p2 > p1 and p2 < B and p2 < B: # на всякий случай проверим print(f"p2 34 {p2}") leg2 = [] b = int(p1 * p2) for a in a_base: leg2.append(numth.jacobi(a, p2)) if leg1 == leg2: # Prop.2 inverse is true if b < 2 * 10**6: # a trick gcd_23 = int( gcd(2**(b - 1) - 1, 3**(b - 1) - 1)) factor_list = numth.factorization(gcd_23) for i in range(len(factor_list)): p3 = factor_list[i][0] if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs( a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) else: p_exist = np.array([p1, p2]) p3_list = next_p(p_exist, a_base, B) # ищем подходящие p3 if isinstance(p3_list, list) and len(p3_list) != 0: for p3 in p3_list: if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs( a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # continue # новый item из equal_2_list # else: # continue for p2 in p2_1k4: print(f"p2 14 to mu {p2}") if Mu_p(a_base, p2) == 4: pass # переход к mu=4 elif p1 % 8 == 5: print(f"p1 58 {p1}") for p2 in p2_5k8: if p2 > p1 and p2 < B: print(f"p2 58 {p2}") if len(a_base) > 5: a_base = a_base[:5] leg2 = [] b = int(p1 * p2) for a in a_base: leg2.append(numth.jacobi(a, p2)) if leg1 == leg2: p_exist = np.array([p1, p2]) p3_list = next_p(p_exist, a_base, B) print(p3_list, type(p3_list)) if isinstance(p3_list, list) and len(p3_list) != 0: for p3 in p3_list: if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs( a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # continue # else: # continue for p2 in p2_1k8: if p2 > p1 and p2 < B: print(f"p2 18 {p2}") if p2 % 16 == 9: print(f"p2 916 {p2}") leg2 = [] b = int(p1 * p2) for a in a_base: leg2.append(numth.jacobi(a, p2)) if np.prod( leg2 ) == 1 and p2 > p1: # если все 1, то произведение 1 p_exist = np.array([p1, p2]) p3_list = next_p(p_exist, a_base, B) if isinstance(p3_list, list) and len(p3_list) != 0: for p3 in p3_list: if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs( a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) else: continue else: continue elif p2 % 16 == 1: print(f"p2 116 to mu {p2}") if Mu_p(a_base, p2) == 4: pass # переход к mu=4 for p2 in p2_3k4: if p2 > p1 and p2 < B: # в тексте этого нет, но на всякий случай проверим print(f"p2 34 {p2}") b = int(p1 * p2) p_exist = np.array([p1, p2]) p3_list = next_p(p_exist, a_base, B) # print(f"p3 list {p3_list}") if isinstance(p3_list, list) and len(p3_list) != 0: for p3 in p3_list: if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs( a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # continue elif p1 % 8 == 1: print(f"p1 18 {p1} p2 any {p2}") e, f = Val(2, p1 - 1), Val(2, Lambda_p(a_base, p1)) if len(a_base) > 5: a_base = a_base[:5] for p2 in primes: if p2 > p1 and p2 < B and e == f: if p2 % (2**(e + 1)) == (1 + 2**e) % (2**( e + 1)): # !!!! СКОБКИ??? leg2 = [] b = int(p1 * p2) for a in a_base: leg2.append(numth.jacobi(a, p2)) if leg1 == leg2: p_exist = np.array([p1, p2]) p3_list = next_p(p_exist, a_base, B) if isinstance(p3_list, list) and len(p3_list) != 0: for p3 in p3_list: if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs( a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) else: continue else: continue elif p2 % (2**(e + 2)) == 1: if Mu_p(a_base, p2) == 4: pass # переход к mu=4 elif p2 % (2**(e + 2)) != 1 and p2 % (2**( e + 2)) == (1 + 2**(e + 1)) % 2**( e + 2): # !!!! СКОБКИ??? leg2 = [] b = int(p1 * p2) for a in a_base: leg2.append(numth.jacobi(a, p2)) if np.prod(leg2) == 1: p_exist = np.array([p1, p2]) p3_list = next_p(p_exist, a_base, B) if isinstance(p3_list, list) and len(p3_list) != 0: for p3 in p3_list: if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs( a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) else: continue else: continue elif p2 > p1 and p2 < B and f < e: if p2 % 2**f == p1: if f == e - 1 and Mu_p( a_base, p1) == 2: # это есть условие выше p_exist = np.array([p1, p2]) p3_list = next_p(p_exist, a_base, B) b = int(p1 * p2) if isinstance(p3_list, list) and len(p3_list) != 0: for p3 in p3_list: if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs( a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) else: continue else: continue else: continue # p1 is any in primes mu_4 = readfile(f"lib/mu/{a_base}/mu_4.txt") for p2 in mu_4: if p2 > p1 and p2 < B: # если p2 mu=4, то не обязательно чтобы и p1 mu=4 print(f"p2 mu4 {p2}") p_exist = np.array([p1, p2]) p3_list = next_p(p_exist, a_base, B) b = int(p1 * p2) if isinstance(p3_list, list) and len(p3_list) != 0: for p3 in p3_list: if p3 * b <= B: # and p3 * b > B // 100: if p3 > p2: print(f"p3 {p3}") signss = check_signs(a_base, [p1, p3]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # continue writefile(f"res/jnd/3/{a_base}/n_list_{B}.txt", s) else: continue else: break i = 1 spsp = [] ss = "" for item in n_list: prod = np.prod(item.primes) if psp(a_base, prod): ss += f"{i} {prod} {item.primes} {item.sign}\n" i += 1 spsp.append(item) ### total_time = "--- %s seconds ---\n" % (time.time() - start_time) ### ss += f"{total_time}\n" writefile(f"res/jnd/3/{a_base}/spsp_{B}.txt", ss) return np.array(spsp)
c = 2039130155866184490894181588949291569587424373754875837330412835527276040280846677481047284126316137541961805207979583672570357348995401556991229785828117383170279052532972654304372432603436204862621797 import gmpy2 from binascii import * gmpy2.get_context().precision = 800000 possible = int(gmpy2.root(c, 3)) print(hex(possible))
# -*- coding: utf-8 -*- import gmpy2 import binascii """ OK no more extra bits of information for you. Good luck trying to solve this one. Just a public key and a ciphertext so should be impossible. """ n = 23516695565660963250242846975094031309572348962900032827958534374248114661507001374384417953124930587796472484525315334716723068326965228898857733318407681656604325744994115789416012096318656034667361976251100005599211469354510367804546831680730445574797161330145320706346512982316782618118878428893337849886890813813050423818145497040676697510093220374542784895778086554812954376689653727580227087363619223145837820593375994747273662064715654881379557354513619477314410917942381406981452545764657853425675230343749326640073923166795823683203941972393206970228647854927797483660176460658959810390117898333516129469397 e = 3 c = 145069245024457407970388457302568525045688441508350620445553303097210529802020156842534271527464635050860748816803790910853366771838992303776518246009397475087259557220229739272919078824096942593663260736405547321937692016524108920147672998393440513476061602816076372323775207700936797148289812069641665092971298180210327453380160362030493 # e small exponent attack to solve # since e is so small, and message likely much smaller than our N, we can easily compute the plaintext by taking the cube root of c # enc_text = pt^3 mod N # pt = root(ct,3) gmpy2.get_context().precision = 200000 m = int(gmpy2.root(c, e)) print(binascii.unhexlify(hex(int(m))[2:]).decode('utf-8'))
def step_t_2(a_base, B, primes_list): clearfile(f"res/jnd/2/{a_base}/spsp_{B}.txt") clearfile(f"res/jnd/2/{a_base}/n_list_{B}.txt") n_list = [] ### Посчет времени работы start_time = time.time() ### for p1 in primes_list: p1 = int(p1) if p1 < int(root(B, 2)): if p1 > a_base[-1]: s = "" if p1 < 10**6: gcd_23 = int(gcd(2**(p1 - 1) - 1, 3**(p1 - 1) - 1)) factors = sorted(numth.factorization(gcd_23)) for i in range(len(factors)): p2 = factors[i][0] if p2 * p1 <= B: # and p1 * p2 > B // 100: if p2 > p1: # В дальнейшем для того, чтобы числа в интервалах не повторялись signss = check_signs(a_base, [p1, p2]) if signss: item = Signature(Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # break elif p1 > 10**8: lmd_p = Lambda_p(a_base, p1) # lmd_p = p1-1 p2 = 1 while p2 <= p1: # and p1 * p2 > B // 100: # к условию, что p2>p1 p2 += lmd_p while p2 * p1 <= B: # and p1 * p2 > B // 100: signss = check_signs(a_base, [p1, p2]) if signss: item = Signature(Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(Signature(item.sign, [p1, p2])) p2 += lmd_p else: # между 10**6..10**8 if len(a_base) > 6: a_base = a_base[:6] lmd_p = Lambda_p(a_base, p1) leg1 = [] for a in a_base: leg1.append(numth.jacobi(a, p1)) if p1 % 4 == 1: p2_4k3 = readfile("primes/4k+3.txt") p2_4k1 = readfile("primes/4k+1.txt") for p2 in p2_4k3: if p1 * p2 <= B: # and p1 * p2 > B // 100: if p2 % lmd_p == 1 and p2 > p1: leg2 = [] for a in a_base: leg2.append(numth.jacobi(a, p2)) signss = check_signs(a_base, [p1, p2]) if leg1 == leg2 and signss: item = Signature( Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # break for p2 in p2_4k1: if p1 * p2 <= B: # and p1 * p2 > B // 100: if p2 % lmd_p == 1 and p2 > p1: leg2 = [] for a in a_base: leg2.append(numth.jacobi(a, p2)) signss = check_signs(a_base, [p1, p2]) if np.prod( leg2 ) == 1 and signss: # если все 1, то произведение 1 item = Signature( Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # break elif p1 % 8 == 5: p2_8k5 = readfile("primes/8k+5.txt") p2_8k1 = readfile("primes/8k+1.txt") for p2 in p2_8k5: if p1 * p2 <= B: # and p1 * p2 > B // 100: if p2 % lmd_p == 5 and p2 > p1: leg2 = [] for a in a_base: leg2.append(numth.jacobi(a, p2)) signss = check_signs(a_base, [p1, p2]) if leg1 == leg2 and signss: item = Signature( Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # break for p2 in p2_8k1: if p1 * p2 <= B: # and p1 * p2 > B // 100: if p2 % lmd_p == 1 and p2 > p1: leg2 = [] for a in a_base: leg2.append(numth.jacobi(a, p2)) signss = check_signs(a_base, [p1, p2]) if np.prod(leg2) == 1 and signss: item = Signature( Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # break elif p1 % 8 == 1: sign = Sign([2], p1)[0] e, f = Val(2, p1 - 1), Val(2, sign) for p2 in primes: if p1 * p2 <= B: # and p1 * p2 > B // 100: if p2 > p1 and e == f: if p2 % (2**(e - 1)) == 2**e % (2**( e - 1)) and p2 % lmd_p == 1: leg2 = [] for a in a_base: leg2.append(numth.jacobi(a, p2)) signss = check_signs(a_base, [p1, p2]) if leg1 == leg2 and signss: item = Signature( Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) elif p2 % 2**(e + 1) == 1 and p2 % lmd_p == 1: leg2 = [] for a in a_base: leg2.append(numth.jacobi(a, p2)) signss = check_signs(a_base, [p1, p2]) if np.prod(leg2) == 1 and signss: item = Signature( Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) elif p2 > p1 and f < e and p1 * p2 <= B: # and p1 * p2 > B // 100: signss = check_signs(a_base, [p1, p2]) if p2 % lmd_p == 1 and signss: item = Signature( Sign(a_base, p1), [p1, p2]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) # else: # break writefile(f"res/jnd/2/{a_base}/n_list_{B}.txt", s) else: continue i = 1 spsp = [] ss = "" for item in n_list: prod = np.prod(item.primes) if psp(a_base, prod): ss += f"{i} {prod} {item.primes} {item.sign}\n" i += 1 spsp.append(item) ### total_time = "--- %s seconds ---\n" % (time.time() - start_time) ### ss += f"{total_time}\n" writefile(f"res/jnd/2/{a_base}/spsp_{B}.txt", ss) return np.array(spsp)
import gmpy2 n = 29331922499794985782735976045591164936683059380558950386560160105740343201513369939006307531165922708949619162698623675349030430859547825708994708321803705309459438099340427770580064400911431856656901982789948285309956111848686906152664473350940486507451771223435835260168971210087470894448460745593956840586530527915802541450092946574694809584880896601317519794442862977471129319781313161842056501715040555964011899589002863730868679527184420789010551475067862907739054966183120621407246398518098981106431219207697870293412176440482900183550467375190239898455201170831410460483829448603477361305838743852756938687673 e = 3 c = 2205316413931134031074603746928247799030155221252519872649651160278476902145087143487410518148797849017656369316341655241171591967799156330520717647775870050832989405039500714403825189288474886866683126666398914647066914847128627018357093 gmpy2.get_context().precision = 2000 print gmpy2.root(c, e) print( hex(13016382529449106065894479374027604750406953699090365388202878069532790348997757 )[2:-1]).decode('hex') # picoCTF{n33d_a_lArg3r_e_6eb35d6d}
def sqrt(n): return root(n, 2)[0]
while a > 1: q = a // b a, b = b, a % b x0, x1 = x1 - q * x0, x0 if x1 < 0: x1 += b0 return x1 C1 = get_value(ct1, 'bin') C2 = get_value(ct2, 'bin') C3 = get_value(ct3, 'bin') C4 = get_value(ct4, 'bin') C5 = get_value(ct5, 'bin') ciphertexts = [C1, C2, C3, C4, C5] N1 = get_value(md1, 'b64') N2 = get_value(md2, 'b64') N3 = get_value(md3, 'b64') N4 = get_value(md4, 'b64') N5 = get_value(md5, 'b64') modulus = [N1, N2, N3, N4, N5] result = (chinese_remainder(modulus, ciphertexts)) M = int(root(result, exp)) print(M.bit_length()) print(M) M = M.to_bytes((M.bit_length() + 7) // 8, byteorder='big') print(M)
#!/usr/bin/python3 from Crypto.Util.number import * import binascii import gmpy2 ct = "05c61636499a82088bf4388203a93e67bf046f8c49f62857681ec9aaaa40b4772933e0abc83e938c84ff8e67e5ad85bd6eca167585b0cc03eb1333b1b1462d9d7c25f44e53bcb568f0f05219c0147f7dc3cbad45dec2f34f03bcadcbba866dd0c566035c8122d68255ada7d18954ad604965" ct = bytes_to_long(binascii.unhexlify(ct)) gmpy2.get_context().precision=200000 pt = gmpy2.root(ct,3) # e = 3 message = binascii.unhexlify(hex(int(pt))[2:]) print(message)
def step_t_4(a_base, B): clearfile(f"res/jnd/4/{a_base}/spsp_{B}.txt") clearfile(f"res/jnd/4/{a_base}/n_list_{B}.txt") n_list = [] ### Посчет времени работы start_time = time.time() ### equal_3_list = parsefile(f"res/jnd/3/{a_base}/n_list_{B}.txt") # упорядочены по возрастанию p1, где p1<p2 if len(equal_3_list) != 0: for i in range(len(equal_3_list)): p1 = equal_3_list[i].primes[0] p2 = equal_3_list[i].primes[1] p3 = equal_3_list[i].primes[2] b = int(p1 * p2 * p3) if p1 <= int(root(B, 4)) and b * p3 < B: s = "" if p1 % 4 == 3: # Вместо сигнатур вычисляется символ Лежандра p4_3k4 = readfile("primes/4k+3.txt") for p4 in p4_3k4: if p4 * b <= B: # and p4 * b > B // 100: if p4 > p3: f"p4 {p4}" signss = check_signs(a_base, [p1, p4]) if signss: item = Signature(Sign(a_base, p1), [p1, p2, p3, p4]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) else: p_exist = np.array([p1, p2, p3]) p4_list = next_p(p_exist, a_base, B) if isinstance(p4_list, list): for p4 in p4_list: if p4 * b <= B: # and p4 * b > B // 100: if p4 > p3: f"p4 {p4}" signss = check_signs(a_base, [p1, p4]) if signss: item = Signature( Sign(a_base, p1), [p1, p2, p3, p4]) s += f"{item.primes} {signss} {item.sign}\n" n_list.append(item) writefile(f"res/jnd/4/{a_base}/n_list_{B}.txt", s) else: continue i = 1 spsp = [] ss = "" for item in n_list: prod = np.prod(item.primes) if psp(a_base, prod): ss += f"{i} {prod} {item.primes} {item.sign}\n" i += 1 spsp.append(item) ### total_time = "--- %s seconds ---\n" % (time.time() - start_time) ### ss += f"{total_time}\n" writefile(f"res/jnd/4/{a_base}/spsp_{B}.txt", ss) return np.array(spsp)
def sub_sub_sure_factors(f, u, curve_parameter): '''Finds all factors that can be found using ECM with a smoothness bound of u and sigma and give curve parameters. If that fails, checks for being a prime power and does Fermat factoring as well. Yields factors.''' while not (f & 1): yield 2 f >>= 1 while not (f % 3): yield 3 f /= 3 if isprime(f): yield f return log_u = math.log(u) u2 = int(_7_OVER_LOG_2 * u * log_u / math.log(log_u)) primes = [] still_a_chance = True log_mo = math.log(f + 1 + sqrt(f << 2)) g = gcd(curve_parameter, f) if g not in (1, f): for factor in sub_sub_sure_factors(g, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(f/g, u, curve_parameter): yield factor return g2 = gcd(curve_parameter**2 - 5, f) if g2 not in (1, f): for factor in sub_sub_sure_factors(g2, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(f / g2, u, curve_parameter): yield factor return if f in (g, g2): yield f while still_a_chance: p1 = get_points([curve_parameter], f) for prime in primes: p1 = multiply(p1, prime, f) if not isinstance(p1, list): if p1 != f: for factor in sub_sub_sure_factors(p1, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(f/p1, u, curve_parameter): yield factor return else: still_a_chance = False break if not still_a_chance: break prime = 1 still_a_chance = False while prime < u2: prime = next_prime(prime) should_break = False for _ in xrange(int(log_mo / math.log(prime))): p1 = multiply(p1, prime, f) if not isinstance(p1, list): if p1 != f: for factor in sub_sub_sure_factors(p1, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(f/p1, u, curve_parameter): yield factor return else: still_a_chance = True primes.append(prime) should_break = True break if should_break: break for i in xrange(2, int(math.log(f) / LOG_2) + 2): r = root(f, i) if r[1]: for factor in sub_sub_sure_factors(r[0], u, curve_parameter): for _ in xrange(i): yield factor return a = 1 + sqrt(f) bsq = a * a - f iter = 0 while bsq != sqrt(bsq)**2 and iter < 3: a += 1 iter += 1 bsq += a + a - 1 if bsq == sqrt(bsq)**2: b = sqrt(bsq) for factor in sub_sub_sure_factors(a - b, u, curve_parameter): yield factor for factor in sub_sub_sure_factors(a + b, u, curve_parameter): yield factor return yield f return
e = 65537 def ComputeGCD(n1, n2): if n2 == 0: return n1 else: return ComputeGCD(n2, n1 % n2) p1 = ComputeGCD(n1, n2) q1 = n1 // p1 phi1 = (p1 - 1) * (q1 - 1) d1 = inverse(e, phi1) pl1 = gmpy2.root(c1, e) pl1 = pow(c1, d1, n1) pl1_hex_converted = hex(pl1).split('x')[-1] # convert plaintext to hex pl1_from_hex_to_ascii = bytearray.fromhex( pl1_hex_converted).decode() # convert hex to ascii print("plaintext1 = ", pl1_from_hex_to_ascii) print( "\n#####################################################################\n" ) p2 = ComputeGCD(n2, n3) q2 = n2 // p2 phi2 = (p2 - 1) * (q2 - 1) d2 = inverse(e, phi2)
if a == 0: return (b, 0, 1) else: g, y, x = egcd(b % a, a) return (g, x - (b // a) * y, y) def modinv(a, m): gcd, x, y = egcd(a, m) if gcd != 1: return None # modular inverse does not exist else: return x % m def int2Text(number, size): """Convert an integer into a text string""" text = "".join( [chr((number >> j) & 0xff) for j in reversed(range(0, size << 3, 8))]) return text.lstrip("\x00") #crt tb = c1 * (n2 * n3) * modinv(n2 * n3, n1) tc = c2 * (n1 * n3) * modinv(n1 * n3, n2) td = c3 * (n1 * n2) * modinv(n1 * n2, n3) c = (tb + tc + td) % (n1 * n2 * n3) root = int(gmpy2.root(c, 3)) print hex(root)[2:-1].decode('hex')
import gmpy2 from Crypto.Util.number import * N1 = 60289643029222274358640373862109572905832367237826183141813583202829591109669612949524019698694013632009103378887037677183876999952454652728808888741248281997406751460346721080506423808100281915419838852944218937480402494149772589869774076589478083083904231331135422435887112387158083457945715084009855703843 N2 = 60289643029222274358640373862109572905832367237826183141813583202829591109669612949524019698694013632009103378887037677183876999952454652728808888741248281997406751460346721080506423808100281915419838852944218937480402494149772589869774076589478083083904231331135422435887112387158083457945715084009855703843 c1 = bytes_to_long( "107792f625f117a5bdbb71ed276f0bf3f977401579e37b78c4663ce44e69eea72f4bcdb4eba81e6b1eee3c5ded268e40dc974e352e3d5762a94c3ab83677b40043226e12adcd57cd65e6098b79fe90b40091b353c4e827c29a5862ac311e315040687babdf339d699eebfdc8e7cf688dd4d2564b28402f039b7b768608197405" .decode('hex')) c2 = bytes_to_long( "01c2deff9ab4282579bb1e9b2f8d8ce937d13c8f79bc4f3b9e7b2ec332bab4db7a7dd2437fae1c5ef72db26d792576b4872d3086b01386b56f82969399227ec2958400390a91c5e66df5456bbc10cab7316b55d601ea273f60e158636a38a9f50754db6d896000c5d51f614775a1918e2fbc98b9ae4d8c37ffe72a3d393cf192" .decode('hex')) e = 65537 tA = c1 * (N2 * N1) * gmpy2.invert(N2 * N1, N1) tB = c2 * (N1 * N2) * gmpy2.invert(N1 * N2, N2) c = (tA + tB) % (N1 * N2) m = gmpy2.root(c, e)[0] print m
q = a // b a, b = b, a % b x0, x1 = x1 - q * x0, x0 if x1 < 0: x1 += b0 return x1 def get_value(filename): with open(filename) as f: value = f.readline() return int(value, 10) if __name__ == '__main__': C1 = get_value(CIPHERTEXT_1) C2 = get_value(CIPHERTEXT_2) C3 = get_value(CIPHERTEXT_3) ciphertexts = [C1, C2, C3] N1 = get_value(MODULUS_1) N2 = get_value(MODULUS_2) N3 = get_value(MODULUS_3) modulus = [N1, N2, N3] C = chinese_remainder_theorem([(C1, N1), (C2, N2), (C3, N3)]) M = int(root(C, 3)) M = hex(M)[2:] print(unhexlify(M).decode('utf-8'))
import gmpy2 from Crypto.Util.number import long_to_bytes gmpy2.get_context().precision = 2048 n = 86431753033855985150102208955150746586984567379198773779001331665367046453352820308880271669822455250275431988006538670370772552305524017849991185913742092236107854495476674896994207609393292792117921602704960758666683584350417558805524933062668049116636465650763347823718120563639928978056322149710777096619 e = 43593315545590924566741189956390609253174017258933397294791907025439424425774036889638411588405163282027748339397612059157433970580764560513322386317250465583343254411506953895016705520492303066099891805233630388103484393657354623514864187319578938539051552967682959449373268200012558801313113531016410903723 cipher = 6017385445033775122298094219645257172271491520435372858165807340335108272067850311951631832540055908237902072239439990174700038153658826905580623598761388867106266417340542206012950531616502674237610428277052393911078615817819668756516229271606749753721145798023983027473008670407713937202613809743778378902 pt = gmpy2.root(cipher, e) print(long_to_bytes(pt).decode()) # python3
try: import gmpy2 except: print("I will install gmpy2 module...") print( "################################# INSTALLING #################################" ) install_gmpy2 = call("sudo apt-get install python3-gmpy2", shell=True) print( "################################# INSTALLED #################################" ) from Crypto.Util.number import long_to_bytes gmpy2.get_context().precision = 2048 n = 29331922499794985782735976045591164936683059380558950386560160105740343201513369939006307531165922708949619162698623675349030430859547825708994708321803705309459438099340427770580064400911431856656901982789948285309956111848686906152664473350940486507451771223435835260168971210087470894448460745593956840586530527915802541450092946574694809584880896601317519794442862977471129319781313161842056501715040555964011899589002863730868679527184420789010551475067862907739054966183120621407246398518098981106431219207697870293412176440482900183550467375190239898455201170831410460483829448603477361305838743852756938687673 e = 3 ciphertext = 2205316413931134031074603746928247799030155221252519872649602375643231006596573791863783976856797977916843724727388379790172135717557077760267874464115099065405422557746246682213987550407899612567166189989232143975665175662662107329564517 flag = gmpy2.root(ciphertext, e) test_pl = pow(plaintext, e) if (test_pl == ciphertext): print("This vulnerability is working with these variables!\n") print(long_to_bytes(flag).decode()) else: print("This vulnerability is not working with these variables :(")
) c2 = mpz( 4132099145786478580573701281040504422332184017792293421890701268012883566853254627860193724809808999005233349057847375798626123207766954266507411969802654226242300965967704040276250440511648395550180630597000941240639594 ) c3 = mpz( 43690392479478733802175619151519523453201200942800536494806512990350504964044289998495399805335942227586694852363272883331080188161308470522306485983861114557449204887644890409995598852299488628159224012730372865280540944897915435604154376354144428 ) #enter N here n1 = mpz( 924506488821656685683910901697171383575761384058997452768161613244316449994435541406042874502024337501621283644549497446327156438552952982774526792356194523541927862677535193330297876054850415513120023262998063090052673978470859715791539316871 ) n2 = mpz( 88950937117255391223977435698486265468789676087383749025900580476857958577458361251855358598960638495873663408330100969812759959637583297211068274793121379054729169786199319454344007481804946263873110263761707375758247409 ) n3 = mpz( 46120424124283407631877739918717497745499448442081604908717069311339764302716539899549382470988469546914660420190473379187397425725302899111432304753418508501904277711772373006543099077921097373552317823052570252978144835744949941108416471431004677 ) #stage 1 - get temp variables t1 = mpz(c1 * (n3 * n2) * gmpy2.invert((n3 * n2), n1)) t2 = mpz(c2 * (n1 * n3) * gmpy2.invert((n1 * n3), n2)) t3 = mpz(c3 * (n2 * n1) * gmpy2.invert((n2 * n1), n3)) c = (t1 + t2 + t3) % (n1 * n2 * n3) answer = mpz(gmpy2.root(c, 3)) print("[+]Hex: \n\t" + hex(answer)) print("[+]Text: \n\t" + str(binascii.unhexlify(hex(answer)[2:])))
r, s, d = extended_gcd(n, m) if d != 1: raise "Input not pairwise co-prime" result += a * s * m # Make sure we return the canonical solution. return result % N def extended_gcd(a, b): x, y = 0, 1 lastx, lasty = 1, 0 while b: a, (q, b) = b, divmod(a, b) x, lastx = lastx - q * x, x y, lasty = lasty - q * y, y return (lastx, lasty, a) if __name__ == '__main__': ciphertexts = [c1, c2, c3] modulus = [n1, n2, n3] C = chinese_remainder_theorem([(c1, n1), (c2, n2), (c3, n3)]) M = int(root(C, 3)) print(codecs.decode(hex(M).replace("0x", "").replace("L", ""), "hex"))