def relaxedSign(message, pub, priv):
H = challenge43.hash(message)
(p, q, g, y) = pub
k = random.randint(1, q-1)
x = priv
r = pow(g, k, p) % q
kInv = challenge39.invmod(k, q)
s = (kInv * (H + x * r)) % q
return (r, s)
def relaxedSign(message, pub, priv):
H = challenge43.hash(message)
(p, q, g, y) = pub
k = random.randint(1, q-1)
x = priv
r = pow(g, k, p) % q
kInv = challenge39.invmod(k, q)
s = (kInv * (H + x * r)) % q
return (r, s)
def verifySignatureHash(H, signature, pub):
(r, s) = signature
(p, q, g, y) = pub
if r <= 0 or r >= q or s <= 0 or s >= q:
return False
w = challenge39.invmod(s, q)
u1 = (H * w) % q
u2 = (r * w) % q
v = ((pow(g, u1, p) * pow(y, u2, p)) % p) % q
return v == r
def verifySignatureHash(H, signature, pub):
(r, s) = signature
(p, q, g, y) = pub
if r <= 0 or r >= q or s <= 0 or s >= q:
return False
w = challenge39.invmod(s, q)
u1 = (H * w) % q
u2 = (r * w) % q
v = ((pow(g, u1, p) * pow(y, u2, p)) % p) % q
return v == r
def signHashWithK(H, pub, priv, k):
(p, q, g, y) = pub
x = priv
r = pow(g, k, p) % q
if r == 0:
return None
kInv = challenge39.invmod(k, q)
s = (kInv * (H + x * r)) % q
if s == 0:
return None
return (r, s)
def relaxedVerifySignature(message, signature, pub):
H = challenge43.hash(message)
(r, s) = signature
(p, q, g, y) = pub
if r < 0 or r >= q or s < 0 or s >= q:
return False
w = challenge39.invmod(s, q)
u1 = (H * w) % q
u2 = (r * w) % q
v = ((pow(g, u1, p) * pow(y, u2, p)) % p) % q
return v == r
def signHashWithK(H, pub, priv, k):
(p, q, g, y) = pub
x = priv
r = pow(g, k, p) % q
if r == 0:
return None
kInv = challenge39.invmod(k, q)
s = (kInv * (H + x * r)) % q
if s == 0:
return None
return (r, s)
def relaxedVerifySignature(message, signature, pub):
H = challenge43.hash(message)
(r, s) = signature
(p, q, g, y) = pub
if r < 0 or r >= q or s < 0 or s >= q:
return False
w = challenge39.invmod(s, q)
u1 = (H * w) % q
u2 = (r * w) % q
v = ((pow(g, u1, p) * pow(y, u2, p)) % p) % q
return v == r
def checkForCommonK(pub, msg1, msg2):
(p, q, g, y) = pub
(_, s1, r1, m1) = msg1
(_, s2, r2, m2) = msg2
ds = (s1 - s2) % q
dm = (m1 - m2) % q
dsInv = challenge39.invmod(ds, q)
k = (dm * dsInv) % q
priv1 = challenge43.extractKey(m1, r1, s1, k, pub)
priv2 = challenge43.extractKey(m2, r2, s2, k, pub)
if priv1 == priv2 and challenge43.areValidKeys(pub, priv1) and challenge43.areValidKeys(pub, priv2):
return (k, priv1)
return (None, None)
def checkForCommonK(pub, msg1, msg2):
(p, q, g, y) = pub
(_, s1, r1, m1) = msg1
(_, s2, r2, m2) = msg2
ds = (s1 - s2) % q
dm = (m1 - m2) % q
dsInv = challenge39.invmod(ds, q)
k = (dm * dsInv) % q
priv1 = challenge43.extractKey(m1, r1, s1, k, pub)
priv2 = challenge43.extractKey(m2, r2, s2, k, pub)
if priv1 == priv2 and challenge43.areValidKeys(
pub, priv1) and challenge43.areValidKeys(pub, priv2):
return (k, priv1)
return (None, None)
def extractKey(H, r, s, k, pub):
(p, q, g, y) = pub
rInv = challenge39.invmod(r, q)
return (rInv * (s * k - H)) % q
c0 = challenge39.encryptnum(pub0, plainnum)
c1 = challenge39.encryptnum(pub1, plainnum)
c2 = challenge39.encryptnum(pub2, plainnum)
n0 = pub0[1]
n1 = pub1[1]
n2 = pub2[1]
ms0 = n1 * n2
ms1 = n0 * n2
ms2 = n0 * n1
N = n0 * n1 * n2
r0 = (c0 * ms0 * challenge39.invmod(ms0, n0))
r1 = (c1 * ms1 * challenge39.invmod(ms1, n1))
r2 = (c2 * ms2 * challenge39.invmod(ms2, n2))
r = (r0 + r1 + r2) % N
def floorRoot(n, s):
b = n.bit_length()
p = math.ceil(b / s)
x = 2**p
while x > 1:
y = (((s - 1) * x) + (n // (x**(s - 1)))) // s
if y >= x:
return x
x = y
def decryptOnce(ciphertext):
sha1 = hashlib.sha1()
sha1.update(ciphertext)
digest = sha1.digest()
if digest in decryptedHashes:
raise ValueError('Already decrypted')
decryptedHashes.add(digest)
return challenge39.decryptbytes(priv, ciphertext)
if __name__ == '__main__':
plaintext = b'secret text'
ciphertext = encrypt(plaintext)
plaintext2 = decryptOnce(ciphertext)
if plaintext2 != plaintext:
raise ValueError(plaintext2 + b' != ' + plaintext)
(e, n) = pub
s = random.randint(2, n - 1)
c = challenge39.bytestonum(ciphertext)
c2 = (pow(s, e, n) * c) % n
ciphertext2 = challenge39.numtobytes(c2)
plaintext3 = decryptOnce(ciphertext2)
p3 = challenge39.bytestonum(plaintext3)
p4 = (p3 * challenge39.invmod(s, n)) % n
plaintext4 = challenge39.numtobytes(p4)
if plaintext4 != plaintext:
raise ValueError(plaintext4 + b' != ' + plaintext)
if r < 0 or r >= q or s < 0 or s >= q:
return False
w = challenge39.invmod(s, q)
u1 = (H * w) % q
u2 = (r * w) % q
v = ((pow(g, u1, p) * pow(y, u2, p)) % p) % q
return v == r
if __name__ == '__main__':
(p, q, g) = (0x800000000000000089e1855218a0e7dac38136ffafa72eda7859f2171e25e65eac698c1702578b07dc2a1076da241c76c62d374d8389ea5aeffd3226a0530cc565f3bf6b50929139ebeac04f48c3c84afb796d61e5a4f9a8fda812ab59494232c7d2b4deb50aa18ee9e132bfa85ac4374d7f9091abc3d015efc871a584471bb1, 0xf4f47f05794b256174bba6e9b396a7707e563c5b, 0x5958c9d3898b224b12672c0b98e06c60df923cb8bc999d119458fef538b8fa4046c8db53039db620c094c9fa077ef389b5322a559946a71903f990f1f7e0e025e2d7f7cf494aff1a0470f5b64c36b625a097f1651fe775323556fe00b3608c887892878480e99041be601a62166ca6894bdd41a7054ec89f756ba9fc95302291)
pub, priv = challenge43.genKeys(p, q, 0)
message1 = b'Hello, world'
signature1 = relaxedSign(message1, pub, priv)
message2 = b'Goodbye, world'
signature2 = relaxedSign(message2, pub, priv)
print(message1, signature1, relaxedVerifySignature(message1, signature1, pub))
print(message2, signature2, relaxedVerifySignature(message2, signature2, pub))
print(relaxedVerifySignature(message1, signature2, pub))
print(relaxedVerifySignature(message2, signature1, pub))
pub, priv = challenge43.genKeys(p, q, p+1)
(_, _, _, y) = pub
z = 2
invZ = challenge39.invmod(2, q)
r = ((y**z) % p) % q
s = (r * invZ) % q
signature = (r, s)
print(signature)
print(message1, challenge43.verifySignature(message1, signature, pub))
print(message2, challenge43.verifySignature(message2, signature, pub))
def extractKey(H, r, s, k, pub):
(p, q, g, y) = pub
rInv = challenge39.invmod(r, q)
return (rInv * (s * k - H)) % q
c0 = challenge39.encryptnum(pub0, plainnum)
c1 = challenge39.encryptnum(pub1, plainnum)
c2 = challenge39.encryptnum(pub2, plainnum)
n0 = pub0[1]
n1 = pub1[1]
n2 = pub2[1]
ms0 = n1 * n2
ms1 = n0 * n2
ms2 = n0 * n1
N = n0 * n1 * n2
r0 = (c0 * ms0 * challenge39.invmod(ms0, n0))
r1 = (c1 * ms1 * challenge39.invmod(ms1, n1))
r2 = (c2 * ms2 * challenge39.invmod(ms2, n2))
r = (r0 + r1 + r2) % N
def floorRoot(n, s):
b = n.bit_length()
p = math.ceil(b/s)
x = 2**p
while x > 1:
y = (((s - 1) * x) + (n // (x**(s-1)))) // s
if y >= x:
return x
x = y
return 1
if r < 0 or r >= q or s < 0 or s >= q:
return False
w = challenge39.invmod(s, q)
u1 = (H * w) % q
u2 = (r * w) % q
v = ((pow(g, u1, p) * pow(y, u2, p)) % p) % q
return v == r
if __name__ == '__main__':
(p, q, g) = (0x800000000000000089e1855218a0e7dac38136ffafa72eda7859f2171e25e65eac698c1702578b07dc2a1076da241c76c62d374d8389ea5aeffd3226a0530cc565f3bf6b50929139ebeac04f48c3c84afb796d61e5a4f9a8fda812ab59494232c7d2b4deb50aa18ee9e132bfa85ac4374d7f9091abc3d015efc871a584471bb1, 0xf4f47f05794b256174bba6e9b396a7707e563c5b, 0x5958c9d3898b224b12672c0b98e06c60df923cb8bc999d119458fef538b8fa4046c8db53039db620c094c9fa077ef389b5322a559946a71903f990f1f7e0e025e2d7f7cf494aff1a0470f5b64c36b625a097f1651fe775323556fe00b3608c887892878480e99041be601a62166ca6894bdd41a7054ec89f756ba9fc95302291)
pub, priv = challenge43.genKeys(p, q, 0)
message1 = b'Hello, world'
signature1 = relaxedSign(message1, pub, priv)
message2 = b'Goodbye, world'
signature2 = relaxedSign(message2, pub, priv)
print(message1, signature1, relaxedVerifySignature(message1, signature1, pub))
print(message2, signature2, relaxedVerifySignature(message2, signature2, pub))
print(relaxedVerifySignature(message1, signature2, pub))
print(relaxedVerifySignature(message2, signature1, pub))
pub, priv = challenge43.genKeys(p, q, p+1)
(_, _, _, y) = pub
z = 2
invZ = challenge39.invmod(z, q)
r = ((y**z) % p) % q
s = (r * invZ) % q
signature = (r, s)
print(signature)
print(message1, challenge43.verifySignature(message1, signature, pub))
print(message2, challenge43.verifySignature(message2, signature, pub))
if __name__ == '__main__':
(p, q, g) = (
0x800000000000000089e1855218a0e7dac38136ffafa72eda7859f2171e25e65eac698c1702578b07dc2a1076da241c76c62d374d8389ea5aeffd3226a0530cc565f3bf6b50929139ebeac04f48c3c84afb796d61e5a4f9a8fda812ab59494232c7d2b4deb50aa18ee9e132bfa85ac4374d7f9091abc3d015efc871a584471bb1,
0xf4f47f05794b256174bba6e9b396a7707e563c5b,
0x5958c9d3898b224b12672c0b98e06c60df923cb8bc999d119458fef538b8fa4046c8db53039db620c094c9fa077ef389b5322a559946a71903f990f1f7e0e025e2d7f7cf494aff1a0470f5b64c36b625a097f1651fe775323556fe00b3608c887892878480e99041be601a62166ca6894bdd41a7054ec89f756ba9fc95302291
)
pub, priv = challenge43.genKeys(p, q, 0)
message1 = b'Hello, world'
signature1 = relaxedSign(message1, pub, priv)
message2 = b'Goodbye, world'
signature2 = relaxedSign(message2, pub, priv)
print(message1, signature1,
relaxedVerifySignature(message1, signature1, pub))
print(message2, signature2,
relaxedVerifySignature(message2, signature2, pub))
print(relaxedVerifySignature(message1, signature2, pub))
print(relaxedVerifySignature(message2, signature1, pub))
pub, priv = challenge43.genKeys(p, q, p + 1)
(_, _, _, y) = pub
z = 2
invZ = challenge39.invmod(2, q)
r = ((y**z) % p) % q
s = (r * invZ) % q
signature = (r, s)
print(signature)
print(message1, challenge43.verifySignature(message1, signature, pub))
print(message2, challenge43.verifySignature(message2, signature, pub))
return challenge39.encryptbytes(pub, plaintext)
def decryptOnce(ciphertext):
sha1 = hashlib.sha1()
sha1.update(ciphertext)
digest = sha1.digest()
if digest in decryptedHashes:
raise ValueError('Already decrypted')
decryptedHashes.add(digest)
return challenge39.decryptbytes(priv, ciphertext)
if __name__ == '__main__':
plaintext = b'secret text'
ciphertext = encrypt(plaintext)
plaintext2 = decryptOnce(ciphertext)
if plaintext2 != plaintext:
raise ValueError(plaintext2 + b' != ' + plaintext)
(e, n) = pub
s = random.randint(2, n - 1)
c = challenge39.bytestonum(ciphertext)
c2 = (pow(s, e, n) * c) % n
ciphertext2 = challenge39.numtobytes(c2)
plaintext3 = decryptOnce(ciphertext2)
p3 = challenge39.bytestonum(plaintext3)
p4 = (p3 * challenge39.invmod(s, n)) % n
plaintext4 = challenge39.numtobytes(p4)
if plaintext4 != plaintext:
raise ValueError(plaintext4 + b' != ' + plaintext)
