def rightHand(x):
aux = numbthy.powmod(g, B, p);
aux = numbthy.powmod(aux, x, p);
aux = aux % p;
if(aux < 0):
raise NameError('Aux less than zero.');
return aux
def main():
g_to_b = powmod(G, 1048576, P)
g_invert = invmod(G, P)
map = {}
time_start = time.time()
calc_1 = powmod(H * G, 1, P)
for i in range(1048576 + 1):
calc_1 = powmod(calc_1 * g_invert, 1, P)
map[calc_1] = i
time_end = time.time()
sys.stdout.write('\n\n')
sys.stdout.write('Left side complete...\n')
sys.stdout.write('Time: %0.3f ms\n' % ((time_end - time_start) * 1000.0))
sys.stdout.flush()
time_start = time.time()
calc_0 = invmod(g_to_b, P)
for j in range(1048576 + 1):
calc_0 = powmod(calc_0 * g_to_b, 1, P)
if calc_0 in map:
calc = (j * 1048576) + map[calc_0]
sys.stdout.write('\n\n')
sys.stdout.write('Successfully found x with a value of %s\n' % calc)
sys.stdout.flush()
break
time_end = time.time()
sys.stdout.write('Time: %0.3f ms\n' % ((time_end - time_start) * 1000.0))
sys.stdout.flush()
def find_x():
for x0 in xrange(0, B + 1):
val = powmod(g, x0 * B, p)
if val in table:
x1 = table[val]
break
print "x = " + str(x0 * B + x1)
def leftHand(x):
aux = numbthy.powmod(g, x, p);
[m, aux, y] = numbthy.xgcd(aux, p);
aux = (aux * h) % p;
aux = aux % p;
if(aux < 0):
raise NameError('Aux less than zero.');
return aux;
def get_discrete_log(p, g, h):
lhs_values = {}
for x1 in range(0, B + 1):
if x1 % 20000 == 0:
print('(LHS) storing x1={}'.format(x1))
lhs = (numbthy.invmod(numbthy.powmod(g, x1, p), p) * h) % p
if lhs not in lhs_values:
lhs_values[lhs] = x1
x0_found, x1_found, x_found = None, None, None
for x0 in range(0, B + 1):
if x0 % 10000 == 0:
print('(RHS) checking x0={}'.format(x0))
rhs = numbthy.powmod(g, B * x0, p)
if rhs in lhs_values:
x0_found, x1_found = x0, lhs_values[rhs]
x_found = (x0_found * B + x1_found) % p
print('Found. x0={}, x1={}, x={}'.format(x0_found, x1_found,
x_found))
break
assert x_found, 'Failed to find discrete log. May not exist?'
return x_found
def main():
print( 'Building hash...' )
build_hash()
print( 'Searching hash...' )
result = search_hash()
print( 'Calculating x...' )
x = find_x(result)
print( x )
print "g^x % p", numbthy.powmod(g, x, p)
print " h", h
def main():
print('Building hash...')
build_hash()
print('Searching hash...')
result = search_hash()
print('Calculating x...')
x = find_x(result)
print(x)
print "g^x % p", numbthy.powmod(g, x, p)
print " h", h
def get_discrete_log(p, g, h):
lhs_values = {}
for x1 in range(0, B + 1):
if x1 % 20000 == 0:
print('(LHS) storing x1={}'.format(x1))
lhs = (numbthy.invmod(numbthy.powmod(g, x1, p), p) * h) % p
if lhs not in lhs_values:
lhs_values[lhs] = x1
x0_found, x1_found, x_found = None, None, None
for x0 in range(0, B + 1):
if x0 % 10000 == 0:
print('(RHS) checking x0={}'.format(x0))
rhs = numbthy.powmod(g, B * x0, p)
if rhs in lhs_values:
x0_found, x1_found = x0, lhs_values[rhs]
x_found = (x0_found * B + x1_found) % p
print('Found. x0={}, x1={}, x={}'.format(
x0_found, x1_found, x_found))
break
assert x_found, 'Failed to find discrete log. May not exist?'
return x_found
def build_hash():
''' Build a hash of h/g**x for x = 0 ... B
'''
inv_g = invmodp( g, p )
for x1 in xrange(0, B):
if x1 % 10000 == 0:
print('add: ' + str(x1))
#val = (h / g**x1) % p
#val = (h * (g ** -x1)) % p
#val = (h / numbthy.powmod( g, x1, p )) % p
#val = (h * numbthy.powmod(g, -x1, p)) % p
val = (h * numbthy.powmod(inv_g, x1, p)) % p
w5hash[val] = x1
def search_hash():
''' search for g ** B ** x in hash for x = 0 ... B
'''
#g_B = numbthy.powmod(g, B, p)
for x0 in xrange(0, B):
if x0 % 10000 == 0:
print('search: ' + str(x0))
#val = (g ** (B * x0)) % p
val = numbthy.powmod(g, B * x0, p)
#val = numbthy.powmod(g_B, x0, p)
if w5hash.has_key(val):
print "x0:", x0
print "x1:", w5hash[val]
return ( x0, w5hash[val] )
def build_hash():
''' Build a hash of h/g**x for x = 0 ... B
'''
inv_g = invmodp(g, p)
for x1 in xrange(0, B):
if x1 % 10000 == 0:
print('add: ' + str(x1))
#val = (h / g**x1) % p
#val = (h * (g ** -x1)) % p
#val = (h / numbthy.powmod( g, x1, p )) % p
#val = (h * numbthy.powmod(g, -x1, p)) % p
val = (h * numbthy.powmod(inv_g, x1, p)) % p
w5hash[val] = x1
def search_hash():
''' search for g ** B ** x in hash for x = 0 ... B
'''
#g_B = numbthy.powmod(g, B, p)
for x0 in xrange(0, B):
if x0 % 10000 == 0:
print('search: ' + str(x0))
#val = (g ** (B * x0)) % p
val = numbthy.powmod(g, B * x0, p)
#val = numbthy.powmod(g_B, x0, p)
if w5hash.has_key(val):
print "x0:", x0
print "x1:", w5hash[val]
return (x0, w5hash[val])
# their ciphertext. They have to be of equal length. Note that
# you can just use long integers instead of strings (recommended).
# send the pair of messages:
# Create two new messages, one has a value of 1, the other has a value of -1
message0 = ''
message1 = ''
start = random.randint(1, key.p)
p_minus = (key.p-1)/2
# Make sure we don't "GAME" the guessing game
while not message0:
ans = numbthy.powmod(start, p_minus, key.p)
if ans == 1:
message0 = start
start = random.randint(1, key.p)
message1 = key.g
# List of messages
mesgList = [message0, message1]
pcl.dump(mesgList, p1.stdin)
p1.stdin.flush()
# now get the challenge ciphertext.
ct = pcl.load(p1.stdout)
def build_table():
for x1 in xrange(0, B + 1):
val = (h * invmod(powmod(g, x1, p), p)) % p
table[val] = x1
# TODO: you need to find two messages that you can distinguish via
# their ciphertext. They have to be of equal length. Note that
# you can just use long integers instead of strings (recommended).
m1 = '' # a message with 1
m2 = '' # a message with -1
print key.g
start = random.randint(1, key.p)
p_minus = (key.p-1)/2
# ensure I am not cheating
while not m1:
ans = numbthy.powmod(start, p_minus, key.p)
if ans == 1:
m1 = start
print 'm1 got something ', m1
start = random.randint(1, key.p)
# Thanks to Linda reminding wes wrote this in his note!
m2 = key.g
# send the pair of messages:
#mesgList = ["message0", "message1"]
mesgList = [m1, m2]
print 'm1 is: ', m1
print 'm2 is: ', m2
import numbthy hashtable = dict() p = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084171 g = 11717829880366207009516117596335367088558084999998952205599979459063929499736583746670572176471460312928594829675428279466566527115212748467589894601965568 h = 3239475104050450443565264378728065788649097520952449527834792452971981976143292558073856937958553180532878928001494706097394108577585732452307673444020333 G = numbthy.powmod(g,2**20,p) print "after" g_inverse = 1 def inverse(a,n): t = 0 r = n newt = 1 newr = a while newr != 0: quotient = r // newr t,newt = newt , t - quotient * newt r,newr = newr, r - quotient * newr if r > 1: print "a not invertible" if t < 0: t = t + n return t if __name__ == "__main__": g_inverse = inverse(g,p) var = h print "q" for x1 in xrange(1,2**20+1): var *= g_inverse var = var%p hashtable[var] = x1
p = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084171
g = 11717829880366207009516117596335367088558084999998952205599979459063929499736583746670572176471460312928594829675428279466566527115212748467589894601965568
h = 3239475104050450443565264378728065788649097520952449527834792452971981976143292558073856937958553180532878928001494706097394108577585732452307673444020333
B = 2**20
import sys
from numbthy import invmod, powmod
d = {}
for x1 in xrange(B + 1):
v = (h * invmod(powmod(g, x1, p), p)) % p
d[v] = x1
g_b = powmod(g, B, p)
for x0 in xrange(B + 1):
v = powmod(g_b, x0, p)
if not v in d:
continue
x1 = d[v]
print(x0 * B + x1) % p
break
print "Done"
def right(x):
return numbthy.powmod(g, B * x, p)
def left(x):
return gmpy2.divm(h, numbthy.powmod(g, x, p), p)
def right(x0):
return gmpy2.mpz(numbthy.powmod(g, B * x0, p))
p = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084171
g = 11717829880366207009516117596335367088558084999998952205599979459063929499736583746670572176471460312928594829675428279466566527115212748467589894601965568
h = 3239475104050450443565264378728065788649097520952449527834792452971981976143292558073856937958553180532878928001494706097394108577585732452307673444020333
B = 2**20
import sys
from numbthy import invmod,powmod
d = {}
for x1 in xrange(B + 1):
v = (h * invmod(powmod(g, x1, p), p)) % p
d[v] = x1
g_b = powmod(g, B, p)
for x0 in xrange(B + 1):
v = powmod(g_b, x0, p)
if not v in d:
continue
x1 = d[v]
print (x0 * B + x1) % p
break
print "Done"
