Exemple #1
0
def main() -> None:
    oracle = m47.RSAPaddingOracle(size=768)
    m = m42.pkcs1v15_pad(data=b"kick it, CC",
                         bits=oracle.pubkey.modulus.bit_length(),
                         block_type=2)
    c = m39.encrypt(m, oracle.pubkey)

    m_int = m47.attack(oracle, c)
    m_prime = b"\x00" + m39.to_bytes(m_int)
    print(m47.pkcs1v15_unpad(m_prime))
    assert m == m_prime
Exemple #2
0
def parity_oracle_attack(c: int, oracle: RSAParityOracle) -> bytes:
    """Binary search to decrypt via parity oracle"""
    n = oracle.pubkey.modulus
    coefficient = m39.encrypt_int(2, oracle.pubkey)
    a, b = 0, 1

    # We operate in the interval [0, 1] instead of [0, n] to avoid
    # dealing with large floating point division.

    for i in range(1, n.bit_length() + 1):
        c = (coefficient * c) % n
        interval_width = b - a
        a *= 2
        b *= 2
        if not oracle.is_even(c):
            a += interval_width
        else:
            b -= interval_width
        print(m39.to_bytes(n * b // 2**i))

    return m39.to_bytes(n * b // 2**n.bit_length())
Exemple #3
0
def recover_message(c: int, server: DecryptionServer) -> bytes:
    """Recover plaintext via homeomorphic transformation"""
    e, n = server.public_key
    # We use a random number so we can perform repeated decryptions
    s = randint(2, 4096)

    c_prime = pow(s, e, n) * c % n
    p_prime = m39.to_int(server.decrypt(c_prime))

    s_inverse = m39.invmod(s, n)
    p = p_prime * s_inverse % n

    return m39.to_bytes(p)
Exemple #4
0
def main() -> None:
    m = b"I am a JavaScript programmer"

    k = []
    c = []
    for _ in range(3):
        k_i, c_i = generate_key_and_encrypt(m)
        k.append(k_i)
        c.append(c_i)

    m_prime = m39.to_bytes(broadcast_attack(k, c))
    assert m == m_prime
    print(m_prime.decode())