def c_s_k_ske(self,x2): self.x121=gmpy2.powmod(x2,self.k11,self.p) if(gmpy2.is_even(self.x121)): self.e2=gmpy2.sub(self.x121,1) else: self.e2=self.x121 self.d2=gmpy2.divm(1,self.e2,gmpy2.sub(self.p,1))
def c_s_k_sbox(self,x2): self.x21=gmpy2.powmod(x2,self.k1,self.p) if(gmpy2.is_even(self.x21)): self.e1=gmpy2.sub(self.x21,1) self.x(self.e1) else: self.e1=self.x21 self.x(self.e1) self.d1=gmpy2.divm(1,self.e1,gmpy2.sub(self.p,1))
def weiner(N,e): for c in cf2cvg(f2cf(e,N)): k = c.numerator if k == 0: continue d = c.denominator phi = (e*d - 1) / k b = N - phi + 1 det = b*b - 4*N if det < 0: continue root = g.mpz(g.sqrt(det)) if g.is_square(det) and g.is_even(b + root): p = (b + root) / 2 q = (b - root) / 2 if checkFactors(p,q,N): return (p,q,d) raise Exception("Invalid result generated")
def wiener_attack(N, e): """Perform Wiener's attack. :param N: RSA public key N. :param e: RSA public key e. """ convergents = cf_convergents(cf(e, N)) for k,d in convergents: if k == 0 or (e * d - 1) % k != 0: continue phi = (e * d - 1) / k c = N - phi + 1 # now p,q can be the root of x**2 - s*x + n = 0 det = c * c - 4 * N if not det >= 0: continue s, r = gmpy2.isqrt_rem(det) if r == 0 and gmpy2.is_even(c + s): return (d, (c + s) / 2,(c - s) / 2) # Failed return None
def wiener_attack(N, e): """Perform Wiener's attack. :param N: RSA public key N. :param e: RSA public key e. """ convergents = cf_convergents(cf(e, N)) for k, d in convergents: if k == 0 or (e * d - 1) % k != 0: continue phi = (e * d - 1) // k c = N - phi + 1 # now p,q can be the root of x**2 - s*x + n = 0 det = c * c - 4 * N if not det >= 0: continue s, r = gmpy2.isqrt_rem(det) if r == 0 and gmpy2.is_even(c + s): return (d, (c + s) // 2, (c - s) // 2) # Failed return None