def rightHand(x): aux = numbthy.powmod(g, B, p); aux = numbthy.powmod(aux, x, p); aux = aux % p; if(aux < 0): raise NameError('Aux less than zero.'); return aux
def main(): g_to_b = powmod(G, 1048576, P) g_invert = invmod(G, P) map = {} time_start = time.time() calc_1 = powmod(H * G, 1, P) for i in range(1048576 + 1): calc_1 = powmod(calc_1 * g_invert, 1, P) map[calc_1] = i time_end = time.time() sys.stdout.write('\n\n') sys.stdout.write('Left side complete...\n') sys.stdout.write('Time: %0.3f ms\n' % ((time_end - time_start) * 1000.0)) sys.stdout.flush() time_start = time.time() calc_0 = invmod(g_to_b, P) for j in range(1048576 + 1): calc_0 = powmod(calc_0 * g_to_b, 1, P) if calc_0 in map: calc = (j * 1048576) + map[calc_0] sys.stdout.write('\n\n') sys.stdout.write('Successfully found x with a value of %s\n' % calc) sys.stdout.flush() break time_end = time.time() sys.stdout.write('Time: %0.3f ms\n' % ((time_end - time_start) * 1000.0)) sys.stdout.flush()
def find_x(): for x0 in xrange(0, B + 1): val = powmod(g, x0 * B, p) if val in table: x1 = table[val] break print "x = " + str(x0 * B + x1)
def leftHand(x): aux = numbthy.powmod(g, x, p); [m, aux, y] = numbthy.xgcd(aux, p); aux = (aux * h) % p; aux = aux % p; if(aux < 0): raise NameError('Aux less than zero.'); return aux;
def get_discrete_log(p, g, h): lhs_values = {} for x1 in range(0, B + 1): if x1 % 20000 == 0: print('(LHS) storing x1={}'.format(x1)) lhs = (numbthy.invmod(numbthy.powmod(g, x1, p), p) * h) % p if lhs not in lhs_values: lhs_values[lhs] = x1 x0_found, x1_found, x_found = None, None, None for x0 in range(0, B + 1): if x0 % 10000 == 0: print('(RHS) checking x0={}'.format(x0)) rhs = numbthy.powmod(g, B * x0, p) if rhs in lhs_values: x0_found, x1_found = x0, lhs_values[rhs] x_found = (x0_found * B + x1_found) % p print('Found. x0={}, x1={}, x={}'.format(x0_found, x1_found, x_found)) break assert x_found, 'Failed to find discrete log. May not exist?' return x_found
def main(): print( 'Building hash...' ) build_hash() print( 'Searching hash...' ) result = search_hash() print( 'Calculating x...' ) x = find_x(result) print( x ) print "g^x % p", numbthy.powmod(g, x, p) print " h", h
def main(): print('Building hash...') build_hash() print('Searching hash...') result = search_hash() print('Calculating x...') x = find_x(result) print(x) print "g^x % p", numbthy.powmod(g, x, p) print " h", h
def get_discrete_log(p, g, h): lhs_values = {} for x1 in range(0, B + 1): if x1 % 20000 == 0: print('(LHS) storing x1={}'.format(x1)) lhs = (numbthy.invmod(numbthy.powmod(g, x1, p), p) * h) % p if lhs not in lhs_values: lhs_values[lhs] = x1 x0_found, x1_found, x_found = None, None, None for x0 in range(0, B + 1): if x0 % 10000 == 0: print('(RHS) checking x0={}'.format(x0)) rhs = numbthy.powmod(g, B * x0, p) if rhs in lhs_values: x0_found, x1_found = x0, lhs_values[rhs] x_found = (x0_found * B + x1_found) % p print('Found. x0={}, x1={}, x={}'.format( x0_found, x1_found, x_found)) break assert x_found, 'Failed to find discrete log. May not exist?' return x_found
def build_hash(): ''' Build a hash of h/g**x for x = 0 ... B ''' inv_g = invmodp( g, p ) for x1 in xrange(0, B): if x1 % 10000 == 0: print('add: ' + str(x1)) #val = (h / g**x1) % p #val = (h * (g ** -x1)) % p #val = (h / numbthy.powmod( g, x1, p )) % p #val = (h * numbthy.powmod(g, -x1, p)) % p val = (h * numbthy.powmod(inv_g, x1, p)) % p w5hash[val] = x1
def search_hash(): ''' search for g ** B ** x in hash for x = 0 ... B ''' #g_B = numbthy.powmod(g, B, p) for x0 in xrange(0, B): if x0 % 10000 == 0: print('search: ' + str(x0)) #val = (g ** (B * x0)) % p val = numbthy.powmod(g, B * x0, p) #val = numbthy.powmod(g_B, x0, p) if w5hash.has_key(val): print "x0:", x0 print "x1:", w5hash[val] return ( x0, w5hash[val] )
def build_hash(): ''' Build a hash of h/g**x for x = 0 ... B ''' inv_g = invmodp(g, p) for x1 in xrange(0, B): if x1 % 10000 == 0: print('add: ' + str(x1)) #val = (h / g**x1) % p #val = (h * (g ** -x1)) % p #val = (h / numbthy.powmod( g, x1, p )) % p #val = (h * numbthy.powmod(g, -x1, p)) % p val = (h * numbthy.powmod(inv_g, x1, p)) % p w5hash[val] = x1
def search_hash(): ''' search for g ** B ** x in hash for x = 0 ... B ''' #g_B = numbthy.powmod(g, B, p) for x0 in xrange(0, B): if x0 % 10000 == 0: print('search: ' + str(x0)) #val = (g ** (B * x0)) % p val = numbthy.powmod(g, B * x0, p) #val = numbthy.powmod(g_B, x0, p) if w5hash.has_key(val): print "x0:", x0 print "x1:", w5hash[val] return (x0, w5hash[val])
# their ciphertext. They have to be of equal length. Note that # you can just use long integers instead of strings (recommended). # send the pair of messages: # Create two new messages, one has a value of 1, the other has a value of -1 message0 = '' message1 = '' start = random.randint(1, key.p) p_minus = (key.p-1)/2 # Make sure we don't "GAME" the guessing game while not message0: ans = numbthy.powmod(start, p_minus, key.p) if ans == 1: message0 = start start = random.randint(1, key.p) message1 = key.g # List of messages mesgList = [message0, message1] pcl.dump(mesgList, p1.stdin) p1.stdin.flush() # now get the challenge ciphertext. ct = pcl.load(p1.stdout)
def build_table(): for x1 in xrange(0, B + 1): val = (h * invmod(powmod(g, x1, p), p)) % p table[val] = x1
# TODO: you need to find two messages that you can distinguish via # their ciphertext. They have to be of equal length. Note that # you can just use long integers instead of strings (recommended). m1 = '' # a message with 1 m2 = '' # a message with -1 print key.g start = random.randint(1, key.p) p_minus = (key.p-1)/2 # ensure I am not cheating while not m1: ans = numbthy.powmod(start, p_minus, key.p) if ans == 1: m1 = start print 'm1 got something ', m1 start = random.randint(1, key.p) # Thanks to Linda reminding wes wrote this in his note! m2 = key.g # send the pair of messages: #mesgList = ["message0", "message1"] mesgList = [m1, m2] print 'm1 is: ', m1 print 'm2 is: ', m2
import numbthy hashtable = dict() p = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084171 g = 11717829880366207009516117596335367088558084999998952205599979459063929499736583746670572176471460312928594829675428279466566527115212748467589894601965568 h = 3239475104050450443565264378728065788649097520952449527834792452971981976143292558073856937958553180532878928001494706097394108577585732452307673444020333 G = numbthy.powmod(g,2**20,p) print "after" g_inverse = 1 def inverse(a,n): t = 0 r = n newt = 1 newr = a while newr != 0: quotient = r // newr t,newt = newt , t - quotient * newt r,newr = newr, r - quotient * newr if r > 1: print "a not invertible" if t < 0: t = t + n return t if __name__ == "__main__": g_inverse = inverse(g,p) var = h print "q" for x1 in xrange(1,2**20+1): var *= g_inverse var = var%p hashtable[var] = x1
p = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084171 g = 11717829880366207009516117596335367088558084999998952205599979459063929499736583746670572176471460312928594829675428279466566527115212748467589894601965568 h = 3239475104050450443565264378728065788649097520952449527834792452971981976143292558073856937958553180532878928001494706097394108577585732452307673444020333 B = 2**20 import sys from numbthy import invmod, powmod d = {} for x1 in xrange(B + 1): v = (h * invmod(powmod(g, x1, p), p)) % p d[v] = x1 g_b = powmod(g, B, p) for x0 in xrange(B + 1): v = powmod(g_b, x0, p) if not v in d: continue x1 = d[v] print(x0 * B + x1) % p break print "Done"
def right(x): return numbthy.powmod(g, B * x, p)
def left(x): return gmpy2.divm(h, numbthy.powmod(g, x, p), p)
def right(x0): return gmpy2.mpz(numbthy.powmod(g, B * x0, p))
p = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084171 g = 11717829880366207009516117596335367088558084999998952205599979459063929499736583746670572176471460312928594829675428279466566527115212748467589894601965568 h = 3239475104050450443565264378728065788649097520952449527834792452971981976143292558073856937958553180532878928001494706097394108577585732452307673444020333 B = 2**20 import sys from numbthy import invmod,powmod d = {} for x1 in xrange(B + 1): v = (h * invmod(powmod(g, x1, p), p)) % p d[v] = x1 g_b = powmod(g, B, p) for x0 in xrange(B + 1): v = powmod(g_b, x0, p) if not v in d: continue x1 = d[v] print (x0 * B + x1) % p break print "Done"