def recover_nonce():
infile = "p44-input.txt" if len(sys.argv) == 1 else sys.argv[1]
r = 0
s = 0
signed = []
with open(infile) as fh:
for i, line in enumerate(fh.readlines()):
line = line[:-1]
if i % 4 == 0:
message = s2b(line)
elif i % 4 == 1:
s = int(line)
elif i % 4 == 2:
r = int(line)
signed.append(Signature(message, r, s))
found_key = False
for i, z1 in enumerate(signed):
for j, z2 in enumerate(signed):
if i == j or z1.r != z2.r:
continue
m1, s1 = H(z1.m), z1.s
m2, s2 = H(z2.m), z2.s
k = ((m1-m2) * invmod((s1-s2)%Q, Q)) % Q
x = ((z1.s*k - m1) * invmod(z1.r, Q)) % Q
_sig = sign(PrivateKey(x), z1.m)
key_digest = sha1(bytes(hex(x)[2:], 'utf8')).hexdigest()
if key_digest == 'ca8f6f7c66fa362d40760d135b763eb8527d3d52':
return x
else:
raise Exception("Failed to find key!")
def sign_bad(privkey, message, p=P, q=Q, g=G):
m = b2i(message)
k = randint(1, q - 1)
r = pow(g, k, p) % q
s = (invmod(k, q) * (H(message) + privkey.x * r)) % q
return Signature(message, r, s)
def verify(pubkey, sig, p=P, q=Q, g=G):
m = b2i(sig.m)
w = invmod(sig.s, q)
u_1 = (H(sig.m) * w) % q
u_2 = (sig.r * w) % q
v = ((pow(g, u_1, p) * pow(pubkey.y, u_2, p)) % p) % q
return v == sig.r
def main():
import os
from Crypto.PublicKey.pubkey import getStrongPrime
S = getStrongPrime(512) % N
C1 = (pow(S, E, N) * C) % N
P1 = submit(C1)
P = (P1 * invmod(S, N)) % N
print(i2s(P))
def sign(privkey, message, p=P, q=Q, g=G):
s = 0
while s == 0:
r = 0
while r == 0:
k = randint(1, q-1)
r = pow(g, k, p) % q
s = (invmod(k, q) * (H(message) + privkey.x * r)) % q
return Signature(message, r, s)
def generate_keypair_num(bits, e=E):
while True:
p = getStrongPrime(bits)
q = getStrongPrime(bits)
n = p * q
et = (p - 1) * (q - 1)
if gcd(et, e) == 1:
break
d = invmod(e, et)
return ((e, n), (d, n))
def main():
msg1 = b'Hello, world'
msg2 = b'Goodbye, world'
pubkey, privkey = generate_keypair()
z = 9001
r = pow(pubkey.y, z, P) % Q
s = r * invmod(z, Q) % Q
sig1 = Signature(msg1, r, s)
z = 31337
r = pow(pubkey.y, z, P) % Q
s = r * invmod(z, Q) % Q
sig2 = Signature(msg2, r, s)
print(sig1)
print(sig2)
if verify(pubkey, sig2, g=P + 1) and verify(pubkey, sig2, g=P + 1):
print("Valid signatures")
else:
print("Invalid signatures")
def main():
KEY_SIZE = 512
msg = b"SUPER FSCKING SECRET SAUCE"
pubkeys = [generate_keypair_bytes(KEY_SIZE, e=3)[0] for i in range(3)]
cts = [b2i(encrypt_bytes(k, msg)) for k in pubkeys]
moduli = [b2i(i[1]) for i in pubkeys]
crt = 0
# calculate T_0, T_1, T_2
for i in range(3):
m_s = reduce(operator.mul,
[moduli[j] if i != j else 1 for j in range(3)], 1)
crt += (cts[i] * m_s * invmod(m_s, moduli[i]))
# mod the result by n_0*n_1*n_2 then calc cube root it
n_012 = reduce(operator.mul, [m for m in moduli], 1)
crt = crt % n_012
plaintext = root3(crt)
print("Decrypted the message!:", i2s(plaintext))
def bruteforce():
message = b"For those that envy a MC it can be hazardous to your health\n"
message += b"So be friendly, a matter of life and death, "
message += b"just like a etch-a-sketch\n"
sig = Signature(m=message,
r=548099063082341131477253921760299949438196259240,
s=857042759984254168557880549501802188789837994940)
for k in range(2**16):
x = ((sig.s * k - H(message)) * invmod(sig.r, q)) % q
s = sign(PrivateKey(x), message)
if verify(pubkey, s):
_x = hex(x)[2:]
fingerprint = sha1(s2b(_x)).hexdigest()
print("Found key!")
print("x = %s" % _x)
print("fingerprint: %s" % fingerprint)
break
else:
raise Exception("Failed to find key")