def test_pollard_rho(self): q = gmpy2.mpz(getPrime(512)) p = gmpy2.mpz(getPrime(20)) if p > q : p , q = q , p n = p * q self.assertEqual((p, q), number.pollard_rho(n))
def gen_dh(): p, a = number.getPrime(64), number.getPrime(32) g = choice([2, 3, 5, 7, 11, 13, 17, 23]) A = pow(g, a, p) if A < 2 or A > p - 1 or pow(A, (p - 1) // 2, p) != 1: return gen_dh() return p, g, A, a
def create_rsa_keys(bits_length=512, e=65537): """ 产生有关 RSA 的一切参数, 包括 p, q, n ,phi_n, d, e 本来想用 pycrypto 库的 RSA 来生成的, 但是这个库至少要求 1024bits, 还是自己手搓吧 :param bits_length: p 和 q 的位长度限制 :param e: 指定的 e :return: dict(), RSA 的一切参数作为字典返回 """ rsa = dict() while True: p = gmpy2.mpz(getPrime(bits_length)) q = gmpy2.mpz(getPrime(bits_length)) n = p * q phi_n = (p - 1) * (q - 1) if gmpy2.gcd(e, phi_n) == 1: break rsa["p"] = p rsa["q"] = q rsa["n"] = n rsa["phi"] = phi_n rsa["d"] = gmpy2.invert(e, rsa["phi"]) rsa["e"] = e return rsa
def generatePuzzle( self, message, modulus=const.PUZZLE_MODULUS_LENGTH): """Generates a new time-lock puzzle by locking the given message and using the given modulus. The new puzzle is then returned.""" assert (len(message) * 8) < const.PUZZLE_MODULUS_LENGTH if (modulus % 8) != 0: raise ValueError("Modulus must be divisible by 8.") puzzle = {} while True: # Generate random primes and add `n' (= p * q) to the puzzle. p = number.getPrime(modulus / 2) q = number.getPrime(modulus / 2) n = p * q puzzle["n"] = n # Use phi_n as a shortcut to ``encrypt'' the message. phi_n = (p - 1) * (q - 1) e = pow(2, self.t, phi_n) b = pow(self.a, e, n) Ck = (int(message.encode("hex"), 16) + b) % n puzzle["Ck"] = Ck # Make sure that the puzzle is always of the same size. if len(util.dump(puzzle["n"])) == \ len(util.dump(puzzle["Ck"])) == (modulus / 8): return puzzle
def gen(factor_length=2048, random_function=_random.read, all_values=False): """Return an RSA keypair Returned keys are two dictionaries, public (with keys n and e) and private (with keys n and d) Will use the provided random_function to get random bytes. If all_values is True, the private key will also include e, p, q, and phi. """ # Choose p and q and calculate n and phi p, q = getPrime(factor_length, random_function), getPrime(factor_length, random_function) n = p * q phi = n - p - q + 1 # Select e if phi > 65537: # 65537 is a good value for e, so use it as long as it's in the acceptable range 1 < e < phi e = 65537 else: # Otherwise pick the largest acceptable value try: e = next(filter( lambda x: (_gcd(x, phi) == 1) and (pow(x, 2, phi) != 1), range(phi - 1, 1, -1) )) except StopIteration: raise ValueError("No valid choice for e") # Compute d d = _mmi(e, phi) # Return keys public = {'n': n, 'e': e} private = {'n': n, 'd': d} if all_values: private.update({'e': e, 'p': p, 'q': q, 'phi': phi}) return public, private
def makepuzzle(t): # Init PyCrypto RNG rnd = randpool.RandomPool() # Generate 512-bit primes p = number.getPrime(512, rnd.get_bytes) q = number.getPrime(512, rnd.get_bytes) n = p * q phi = (p - 1) * (q - 1) # AES key --- this is what we will encode into the puzzle solution key = number.getRandomNumber(128, rnd.get_bytes) # Need a random starting value for the puzzle, between 1 and n a = number.getRandomNumber(4096, rnd.get_bytes) a = a % n # *** puzzle shortcut *** # fast way to compute (a^2)^t (if you know phi) e = pow(2, t, phi) b = pow(a, e, n) # So b = (a^2)^t, and we encode the key into this solution ck = (key + b) % n return (key, (n, a, t, ck))
def generate(bits, randfunc=None, progress_func=None): obj = Paillierobj() # Generate the prime factors of n if progress_func: progress_func("p,q\n") p = q = 1L assert bits % 2 == 0, "Not an even number of bits" while number.size(p * q) < bits: p = number.getPrime(bits >> 1, randfunc) q = number.getPrime(bits >> 1, randfunc) obj.p = p obj.q = q obj.n = p * q obj.n_sq = obj.n * obj.n if progress_func: progress_func("l\n") obj.l = number.LCM(obj.p - 1, obj.q - 1) if progress_func: progress_func("g\n") obj.g = obj._getRandomMult() * obj.n + 1 # TODO: check gExp = L(pow(obj.g, obj.l, obj.n_sq), obj.n) while not number.GCD(gExp, obj.n) == 1: obj.g = obj._getRandomMult() * obj.n + 1 # TODO: check gExp = L(pow(obj.g, obj.l, obj.n_sq), obj.n) obj.m = number.inverse(gExp, obj.n) assert bits <= 1 + obj.size(), "Generated key is too small" return obj
def __genDHParams__(self): ''' Generates DH parameters ''' self.DH_PRIME = getPrime(self.DH_PARAM_SIZE,Random.new().read) self.DH_PRIVATE = getPrime(self.DH_PARAM_SIZE,Random.new().read) self.DH_GENERATOR = getPrime(self.DH_PARAM_SIZE,Random.new().read) self.DH_PUBLIC = pow(self.DH_GENERATOR,self.DH_PRIVATE,self.DH_PRIME)
def generate_keys(bits=512): p = getPrime(bits//2) q = getPrime(bits//2) n = p*q lmbda = (p-1)*(q-1) g = n+1 mu = modinv(((p-1)*(q-1)), n) return Key(n, g, lmbda, mu)
def __init__(self): self.p = number.getPrime(128) self.gamma = self.gamma_gen() self.alpha = self.alpha_gen() self.x = number.getPrime(128) self.y = self.exponentation(self.x) self.U = number.getPrime(128) self.Z = self.exponentation(self.U)
def generate_public_key(bits_length=512, e=3): # 注意验证p和q的合法性, 要求与3互质 while True: p = getPrime(bits_length) q = getPrime(bits_length) if gmpy2.gcd(p, e) == 1 and gmpy2.gcd(q, e) == 1: return gmpy2.mpz(p) * gmpy2.mpz(q), e
def generate_keys(nbits): p = cry.getPrime(nbits//2) q = cry.getPrime(nbits//2) n = p*q g = n+1 l = (p-1)*(q-1) mu = gmpy.invert(((p-1)*(q-1)), n) return (n, g, l, mu)
def __init__(self, p=None, g=None, x=None, s=None): self.bits = 512 self.p = p or number.getPrime(self.bits + 1) self.g = g or number.getPrime(512) self.x = x or number.getPrime(512) self.A = pow(self.g, self.x, self.p) self.s = s or None self.S = None self.pub = (self.A, self.g, self.p)
def __init__(s, numBits, e): s.e = e coprime = False while (not coprime): p = number.getPrime(numBits) q = number.getPrime(numBits) et = (p-1) * (q-1) s.d = number.inverse(s.e, et) coprime = s.d != 1 s.n = p * q
def calibrate_speed(): p = number.getPrime(MOD_BITS/2, rnd.get_bytes) q = number.getPrime(MOD_BITS/2, rnd.get_bytes) N = p*q bignum = number.getRandomNumber(MOD_BITS, rnd.get_bytes) start = time.time() trials = 100 for i in range(trials): bignum = pow(bignum, 2, N) return int(trials/(time.time() - start))
def __init__(self, modsize=1024): phiN = 0 while gcd(65537, phiN) != 1: p, q = number.getPrime(modsize), number.getPrime(modsize) N, phiN = p * q, (p-1) * (q-1) e = 65537 d = mod_inv(e, phiN) self.n, self.e, self.d = N, e, d
def rabin_key_generator(): while True: p = number.getPrime(100) if (p+1)%4 == 0: break while True: q = number.getPrime(100) if (q+1)%4 == 0: break n = p*q; return [n,p,q]
def support(): p = number.getPrime(100) q = number.getPrime(100) n = p*q; euler_n = (p-1)*(q-1) while True: e = random.randint(2,euler_n) if(gcd(e,euler_n) == 1): d = multiplicative_inverse(e,euler_n) break return [e,d,n]
def test_wiener(self): q = gmpy2.mpz(getPrime(512)) p = gmpy2.mpz(getPrime(512)) if q > p : p , q = q , p n = p * q phi = (p - 1) * (q - 1) d = gmpy2.iroot(n, 5)[0] while gmpy2.gcd(d, phi) != 1 : d -= 1 e = gmpy2.invert(d , phi) self.assertEqual((d, p, q), number.wiener_attack(n, e))
def key_generator(): p = number.getPrime(1024) print p q = 91 while True: r = number.getPrime(100) euler_n = p-1 print r if(order(r,p) == euler_n): e1 = r break print e1
def generate_n_with_seed(seed): """ Generates an n value for use in the RSA protocol using the given parameter as the seed for the random number generator. Returns the tuple (p, q, n) where p, q are the prime factors of n. """ random.seed(seed) p = number.getPrime(512, randfunction) q = number.getPrime(512, randfunction) n = p * q return (p, q, n)
def main(): verify() usage = """ ** ** ** ********** /** /** /** /////**/// /** * /** ***** /** ***** ****** ********** /** ****** /** *** /** **///** /** **///** **////**//**//**//** /** **////** /** **/**/**/******* /**/** // /** /** /** /** /** /** /** /** /**** //****/**//// /**/** **/** /** /** /** /** /** /** /** /**/ ///**//****** ***//***** //****** *** /** /** /** //****** // // ////// /// ///// ////// /// // // // ////// ** ** ****** ********** ******** ******* ******** ** /** /** **////**/////**/// /**///// /**////** **////// **** /** /** ** // /** /** /** /** /** **//** /**********/** /** /******* /******* /********* ** //** /**//////**/** /** /**//// /**///** ////////** ********** /** /**//** ** /** /** /** //** /**/**//////** /** /** //****** /** /** /** //** ******** /** /** // // ////// // // // // //////// // // ******** **//////** ** // ****** ********** ***** /** //////** //**//**//** **///** /** ***** ******* /** /** /**/******* //** ////** **////** /** /** /**/**//// //******** //******** *** /** /**//****** //////// //////// /// // // ////// """ print usage print "This is a RSA Decryption System" print "Please enter Your team token: " token = raw_input() try: flag = get_flag(token) assert len(flag) == 38 except: print "Token error!" m_exit(-1) p=getPrime(2048) q=getPrime(2048) n = p * q e, d = get_ed(p, q) print "n: ", hex(n) print "e: ", hex(e) flag = bytes_to_long(flag) enc_flag = pow(flag, e, n) print "Your flag is: ", hex(enc_flag)
def gen_keys(): p = pycrypto.getPrime(PRIME_SIZE) q = pycrypto.getPrime(PRIME_SIZE) n = p * q l = ((p-1) * (q-1))//pycrypto.GCD(p-1,q-1) while True: g = pycrypto.getRandomInteger(PRIME_SIZE * 4) % (n * n) if pycrypto.GCD(g,n) == 1: c = (pow(g, l, n * n) - 1)//n if pycrypto.GCD(c, n) == 1: mu = pycrypto.inverse(c, n) break return PublicKey(n,g), PrivateKey(l, mu)
def rsa_genkeys(bits, e): bits = bits / 2 et = e while GCD(e, et) != 1: if bits < 512: #getStrongPrime won't accept bits < 512 p, q = getPrime(bits), getPrime(bits) else: p, q = getStrongPrime(bits, e), getStrongPrime(bits, e) et = (p-1) * (q-1) n = p * q d = invmod(e, et) return (e,n), (d,n)
def testkey (self, key, randfunc, verbose=0): plaintext="Hello" # Generate maximum-size plaintext maxplain = (key.size() // 8) * '\377' if key.can_encrypt(): if verbose: print ' Encryption/decryption test' K=number.getPrime(10, randfunc) ciphertext=key.encrypt(plaintext, K) self.test_val('key.decrypt(ciphertext)', plaintext) ciphertext=key.encrypt(maxplain, K) self.test_val('key.decrypt(ciphertext)', maxplain) if key.can_sign(): if verbose: print ' Signature test' K=number.getPrime(30, randfunc) signature=key.sign(plaintext, K) self.test_bool('key.verify(plaintext, signature)') self.test_bool('key.verify(plaintext[:-1], signature)', want_true=0) # Change a single bit in the plaintext badtext=plaintext[:-3]+chr( 1 ^ ord(plaintext[-3]) )+plaintext[-3:] self.test_bool('key.verify(badtext, signature)', want_true=0) if verbose: print ' Removing private key data' pubonly=key.publickey() self.test_bool('pubonly.verify(plaintext, signature)') # Test blinding if key.can_blind(): if verbose: print ' Blinding test' K=number.getPrime(30, randfunc) B="garbage" blindedtext=key.blind(plaintext, B) signature=key.sign(blindedtext, K) unblindedsignature=(key.unblind(signature[0], B),) self.test_bool('key.verify(plaintext, unblindedsignature)') self.test_val('key.sign(plaintext, K)', unblindedsignature) # Change a single bit in the blinding factor badB=B[:-3]+chr( 1 ^ ord(B[-3]) )+B[-3:] badunblindedsignature=(key.unblind(signature[0], badB),) self.test_false('key.verify(badtext, badunblindedsignature)') badblindedtext=key.blind(plaintext, badB) badsignature=key.sign(blindedtext, K) badunblindedsignature2=(key.unblind(signature[0], B),) self.test_false('key.verify(badtext, badunblindedsignature2)')
def makepuzzle(t): # Generate 512-bit primes p = number.getPrime(MOD_BITS/2, rnd.get_bytes) q = number.getPrime(MOD_BITS/2, rnd.get_bytes) N = p*q totient = (p-1)*(q-1) key = number.getRandomNumber(AES_BITS, rnd.get_bytes) a = number.getRandomNumber(MOD_BITS, rnd.get_bytes) % N e = pow(2, t, totient) b = pow(a, e, N) cipher_key = (key + b) % N return (key, {'N': N, 'a': a, 'steps': t, 'cipher_key': cipher_key})
def find_generator_and_safe_prime(bits, gen_max_bits = False): stdout.write('Trying to find prime p ') while(1): stdout.write('.') q = number.getPrime(bits-1) # zeby pomnozona przez 2 byla na pewno mniejsza od p, (+1 pomijam, zakladam ze nie przekroczy) p = (q << 1) + 1 if number.isPrime(p): print '\n' + str(number.size(p)) + ' bits prime p found' p_sub_1 = p - 1 stdout.write('Trying to find generator g ') while(1): if gen_max_bits: # generator moze miec dowolna liczbe bitow g = number.getRandomNBitInteger(bits) if g >= p: continue else: g = number.getRandomRange(2, p) if pow(g, 2, p) == 1 or pow(g, q, p) == 1: stdout.write('.') continue print '\n' + str(number.size(g)) + ' bits generator g found' return p, g
def _alice_dh_values(self): pool = self._get_random_pool() g = 5 p = getPrime(PRIME_BITS, pool.get_bytes) a = self._get_dh_secret(pool) A = self.modExp(g, a, p) return a, g, p, A
def get_keys(): d = 0 e = 3 while d == 0: p = number.getPrime(1024) q = number.getPrime(1024) n = p * q et = (p - 1) * (q - 1) try: d = invmod(e, et) except ValueError: pass return [e, n], [d, n]
def gen(weight): m = getPrime(ceil(log2(weight))) g = randint(10, 1000) c = phi(m) while True: ex = False for q in prime_factors(c): a = powmod(g, c // q, m) if a == 1: ex = True break if not ex: break else: g += 1 return g, m
def produceKeys(): # generator g , initially it was 2 g = 10 # Prime q q = number.getPrime(64) ## Key generation: #Private signing key x # x <- Secret Key x = randint(1, q - 1) # calculate public verification key y y = pow(g, x, q) return x, y, g, q
def getprimeover(N): """Return a random N-bit prime number using the System's best Cryptographic random source. Use GMP if available, otherwise fallback to PyCrypto """ if HAVE_GMP: randfunc = random.SystemRandom() r = gmpy2.mpz(randfunc.getrandbits(N)) r = gmpy2.bit_set(r, N - 1) return int(gmpy2.next_prime(r)) elif HAVE_CRYPTO: return number.getPrime(N, os.urandom) else: randfunc = random.SystemRandom() n = randfunc.randrange(2**(N-1), 2**N) | 1 while not is_prime(n): n += 2 return n
def generate_n(): lis_prima = [] while len(lis_prima) < 99: tmp = getPrime(512) if tmp not in lis_prima: lis_prima.append(tmp) lis_n = [] for i in range(0, len(lis_prima) - 1, 2): p = lis_prima[i] q = lis_prima[i + 1] n = p * q lis_n.append(n) rand = random.randint(0, 97) lis_n.append(lis_prima[rand] * lis_prima[98]) random.shuffle(lis_n) return lis_n
def test_to_reg(): for i in range(num_data_to_mont): n = 32 prime = num.getPrime(n) Px = randint(0, 2**32) Py = randint(0, 2**32) Px = Px % prime Py = Py % prime print("Prime:", prime) print("Px:", Px) print("Py:", Py) px_mont, Px_step = to_mont(Px, prime) py_mont, Py_step = to_mont(Py, prime) print("px_mont:", px_mont) print("py_mont:", py_mont) px_reg, _ = to_reg(px_mont, prime) py_reg, _ = to_reg(py_mont, prime) print("px_reg:", px_reg) print("py_reg:", py_reg) print("Is the transformation correct?", px_reg == Px and py_reg == Py)
def get_next_prime(start): # Returns prime p such that start <= p start_bytes = long_to_bytes(start) assert start_bytes[0] & 0x80 == 0x80, "Prime must have MSB set" def randfunc(n): #print(f"randfunc({start:x}, {n})") if n == len(start_bytes) - 1: # Starting bytes, big-endian, from which it iterates up return start_bytes[1:] if n == 1: # Bottom bits of top byte (it gets shifted right 1 and or'ed with 0x80) return bytes([(start_bytes[0] << 1) & 0xfe]) if n == 65: # Presumably Miller-Rabin return get_random_bytes(1) * 65 return getPrime(len(start_bytes) * 8, randfunc)
def __init__(self, N=2048, p=None, h=sha256, g=None): ''' N: key length p: N-bit prime number h: hash function g: generator g < p of the multiplicative group of integers modulo p, Zp* ''' # for parameter generation # 1. Choose a key length N # this will be passed or defaulted to 2048 # 2. Choose a cryptographic hash function h with output length L bits. If L>N, only the leftmost N bits of the hash output are used. # this will be defaulted to SHA256 # 3. Choose a generator g < p such that g belongs to GF(p) # and because p is prime so g will be any number from {1...p-1} self.N = N self.p = p or num.getPrime(self.N) # print("is p prime:", num.isPrime(self.p)) self.h = h self.g = g or self.rand_g()
def Setup(candidate_p_count=1, verbose=False): bitSizeP = 2048 bitSizeQ = 224 isPFound = False # Generate q and p: while isPFound == False: q = number.getPrime(bitSizeQ, os.urandom) p = 0 maxP = (2**bitSizeP) - 1 k = (maxP - 1) // q candidates = [] while k > 1: k = k - 1 p = (k * q) + 1 if number.isPrime(p): isPFound = True candidates.append(p) if len(candidates) >= candidate_p_count: break p = random.choice(candidates) # Generate g: g = 1 exponent = (p - 1) // q while g == 1: alpha = random.randint(1, p - 1) g = pow(alpha, exponent, p) if verbose: print("q: %d \n\np: %d \n\ng: %d" % (q, p, g)) return q, p, g
def __init__(self, bitsize: int = 1024): self.e = 3 self.bitsize = bitsize p, q = getPrime(bitsize // 2), getPrime(bitsize // 2) while int.bit_length(p * q) != bitsize: p, q = getPrime(bitsize // 2), getPrime(bitsize // 2) phi, self.N = (p - 1) * (q - 1), p * q while gcd(phi, self.e) != 1: p, q = getPrime(bitsize // 2), getPrime(bitsize // 2) phi, self.N = (p - 1) * (q - 1), p * q self._d = invmod(self.e, phi)
def setup(): global prime, poly if os.path.exists('prime'): with open('prime') as f: prime = ast.literal_eval(f.read()) else: with open('prime', 'w+') as f: prime = getPrime(8*len(flag)) f.write(str(prime)) if os.path.exists('poly'): with open('poly') as f: poly = ast.literal_eval(f.read()) assert poly[0] == bytes_to_long(flag.encode()), "secrets don't match up" else: with open('poly', 'w+') as f: poly = [0] * K for i in range(1, K): poly[i] = random.randrange(1, prime) poly[0] = bytes_to_long(flag.encode()) f.write(str(poly))
def __init__(self, isClients: bool = False, rsa: object = None): """ Init Args: isClients (bool): If this is from a client rsa (RSA): A rsa instance from pycryptodome, not required Attributes: _rsa (RSA): The rsa instance _pkcs (PKCS): The pkcs instance """ if rsa is None: self._rsa = _RSA.generate( CONSTS["CLIENT_RSA"] if isClients else CONSTS["SERVER_RSA"], e=getPrime(CONSTS["RSA_PRIME"] )) # If no rsa was passed, generate new one else: self._rsa = rsa # Save rsa if it was already created self._pkcs = _PKCS.new( self._rsa, hashAlgo=_SHA256) # Save PKCS for RSA using SHA256
def generatePG(self): ''' 采用素数库生成一个GENBIT位的素数,尝试寻找原根。 最大生成MAXROUND次,超过即失败。 ''' i = 0 print('Start to generate P and G...') while (i < self.MAXROUND): print('Round:', i) p = number.getPrime(self.GENBIT) rt = self.getPrimitiveRoot(p) if rt: print('Success!', p, rt) self.P = p self.G = rt return True else: print('Time out!', p) i += 1 print('Failed...') return False
def negotiate_key2(request): """ 实现 DH 密钥交换 API 的第二步,这一步会生成服务器端的秘密信息,计算会话密钥后存入 session :param request: data 内容被认为是十六进制的 g^speer % p :return: 返回的 data 中是十六进制的 g^sthis % p """ try: data = int(request.json.get("data"), 16) DH_g, DH_p = request.session.get('DH_g'), request.session.get('DH_p') assert DH_p is not None and DH_g is not None except TypeError: return json_response_zh(get_json_ret(40)) except ValueError: return json_response_zh(get_json_ret(41)) except AssertionError: return json_response_zh(get_json_ret(42)) secret = getPrime(64) request.session['shared_secret'] = pow(data, secret, DH_p) return json_response_zh( get_json_ret(0, data=hex(pow(DH_g, secret, DH_p))[2:]))
def badRandomAttack(ex, c, e, n, start=0): if start == 0: print ex for i in range(start, 32768): if i % 100 == 0: print i random.seed(i) p = number.getPrime(512, randfunction) q = n // p if q * p == n: if start == 0: print "found at", i totient = (p - 1) * (q - 1) d = calcD(totient, e) mi = pow(c, d, n) assert pow(mi, e, n) == c m = decode(mi, n) print ex print m return if start != 0: print ex print "------" return
def elgamal_gen_key(bits): # Prime number p while True: q = number.getPrime(bits - 1) p = 2 * q + 1 if number.isPrime(p): break # Primitive element g while True: g = number.getRandomRange(3, p) # Primitive element judgment if pow(g, 2, p) == 1: continue if pow(g, q, p) == 1: continue break # Secret value x x = number.getRandomRange(2, p - 1) # Public value y y = pow(g, x, p) return (p, g, y), x
def paramGen_old(): with open('/dev/urandom', 'rb') as f: salt = f.read(12) with open('./salt.bin', 'wb') as f: f.write(salt) # Invalid DSA with gen_smooth_prime(128, 8) q = Integer(gen_smooth(128, 8)) p, g = map(Integer, gen_dsa_from_q(768, q)) c = Integer.random(exact_bits=q.size_in_bits() + 64) x = c % (q - 1) + 1 y = pow(g, x, p) key_dict = {'y': y, 'g': g, 'p': p, 'q': q, 'x': x} dsa = myDSA(key_dict, salt) with open('./vuln_pub.pem', 'w') as f: f.write(dsa.export_key('pub')) with open('./vuln_priv.pem', 'w') as f: f.write(dsa.export_key('priv')) # Valid DSA q = Integer(getPrime(128)) p, g = map(Integer, gen_dsa_from_q(768, q)) c = Integer.random(exact_bits=q.size_in_bits() + 64) x = c % (q - 1) + 1 y = pow(g, x, p) key_dict = {'y': y, 'g': g, 'p': p, 'q': q, 'x': x} dsa = myDSA(key_dict, salt) with open('./pub.pem', 'w') as f: f.write(dsa.export_key('pub')) with open('./priv.pem', 'w') as f: f.write(dsa.export_key('priv'))
def setup(self, security) -> list: # Pick p, q primes such that p | q - 1, that is equvalent to # say that q = r*p + 1 for some r p = number.getPrime(security, Random.new().read) print("PEDERSEN. p = ", p) r = 1 while True: q = r * p + 1 if number.isPrime(q): print("PEDERSEN. q = ", q) break r += 1 # Compute elements of G = {i^r mod q | i in Z_q*} G = [] last_i = 0 ctr_i = 0 for i in range(1, q): i = randint(2, q) if i != last_i: aux = i**r % q # Z_q* if aux != 1: G.append(aux) last_i = i ctr_i += 1 if ctr_i == 2: break # Since the order of G is prime, any element of G except 1 is a generator g = G[0] print("PEDERSEN. g = ", g) h = G[1] print("PEDERSEN. h = ", h) # g and h are elements of G such that nobody knows math.log(h, g) (log of h base g) return [q, g, h]
def run(): choose=getPrime(512) ps=gen512num() print "gen over" bchoose=bin(choose)[2:] r=0 bchoose = "0"*(512-len(bchoose))+bchoose for i in range(512): if bchoose[i]=='1': r=r^ps[i] flag=open("flag","r").read() key=long_to_bytes(int(hashlib.md5(long_to_bytes(choose)).hexdigest(),16)) aes_obj = AES.new(key, AES.MODE_ECB) ef=aes_obj.encrypt(flag).encode("base64") open("r", "w").write(str(r)) open("ef","w").write(ef) gg="" for p in ps: gg+=str(p)+"\n" open("ps","w").write(gg)
def encrypt_flag(plaintext_bytes): while True: p = number.getPrime(4096) if p % 4 != 3: continue q = p + 2 while True: if number.isPrime(q) and q % 4 == 3: break q += 2 break n = int(p * q) e = 0xcbfe plaintext_bytes += b'\x00' plaintext = 0 while plaintext * 3 <= n: plaintext = int.from_bytes(plaintext_bytes, 'big') plaintext_bytes += bytes([random.getrandbits(8)]) ciphertext = encrypt(plaintext, n, e) open('ciphertext', 'w').write(str(ciphertext)) public_key = str(n) + ":" + str(e) open('public_key', 'w').write(public_key)
class gdh: g = 2 p = number.getPrime(2048) privateKeys = [] publicKeys = [] complementKeys = [] ids = [] secretKey = 0 central_node = 0 def insertNewUser(self): n_users = len(gdh.privateKeys) if (n_users >= 1): exp_new = randint(1, int(gdh.p - 1)) gdh.privateKeys[0] = (gdh.privateKeys[0] * exp_new) % gdh.p gdh.publicKeys[0] = pow(gdh.publicKeys[0], exp_new, gdh.p) for i in range(0, n_users): if (i != gdh.central_node): gdh.complementKeys[i] = pow(gdh.complementKeys[i], exp_new, gdh.p) secretKey = pow(gdh.complementKeys[0], gdh.privateKeys[0], gdh.p) gdh.privateKeys.append(randint(1, int(gdh.p - 1))) gdh.publicKeys.append(pow(gdh.g, gdh.privateKeys[n_users], gdh.p)) gdh.complementKeys.append(secretKey) gdh.ids.append(id_queue[0]) id_queue.append(id_queue[0] + 1) id_queue.popleft() for i in range(0, n_users + 1): if (i != n_users): gdh.complementKeys[i] = pow(gdh.complementKeys[i], gdh.privateKeys[n_users], gdh.p) else: gdh.privateKeys.append(randint(1, int(gdh.p - 1))) gdh.publicKeys.append(pow(gdh.g, gdh.privateKeys[n_users], gdh.p)) gdh.complementKeys.append(1) gdh.ids.append(id_queue[0]) id_queue.append(id_queue[0] + 1) id_queue.popleft()
def generate_function(self): p = number.getPrime(self.init_prime_size) self.p = p if p % 4 != 3: # print('p nie przytaje do 3 mod 4') return self.generate_function() a = self.getRandom(p) b = self.getRandom(p) self.a = a self.b = b x = self.getRandom(p) delta = lambda a, b: ((4 * pow(a, 3, p)) % p + (27 * pow(b, 2, p)) % p) % p if delta(a, b) == 0: print('delta == 0') return self.generate_function() if 1 != pow(self.eliptic_function(a, b, x, p), (p - 1) // 2, p): # print('f nie jest reszta kwadratowa p') return self.generate_function() y = pow(self.eliptic_function(a, b, x, p), (p + 1) // 4, p) if self.isQuatraticResidue(x) == False: print('This is not quadratic residue') return self.generate_function() if self.contains_point(x, y): self.a = a self.b = b self.p = p self.exampleX = x self.exampleY = y else: return self.generate_function()
def __init__(self, THRESHOLD, PARTIES): """ Shamir THRESHOLD size polynomial constructor """ assert THRESHOLD > 0 assert PARTIES > 0 assert PARTIES >= THRESHOLD self.THRESHOLD = THRESHOLD self.PARTIES = PARTIES self.BLOCK_SIZE = 30 # 30 bytes self.PRIME_SIZE = 32 # 32 bytes self.COOFICIENT_SIZE = self.PRIME_SIZE + 8 # Cooficients always 8 byte larger then PRIME self.SHADOW_SIZE = 32 # 32 bytes self.POLYNOMIAL_DEGREE = self.THRESHOLD - 1 self.P = number.getPrime(self.PRIME_SIZE * 8) self.POLYNOMIAL_COEFFICIENTS = [ int(urandom(self.COOFICIENT_SIZE).hex(), 16) for i in range(self.POLYNOMIAL_DEGREE) ]
def main(): msg = 'esto es facil de cifrar' print("Mensaje original :", msg) # q es p q = getPrime(100) # se genera q con numeros random grandes print("p numero primo usado : ", q) g = random.randint(2, q) # se genera g en base a q # key es a key = gen_key(q) # se crea la llave privada # K h = powerMod(g, key, q) #Se realiza la exponenciacion modular print("g usado : ", g) print("La llave privada (key) de Alice es: ", key) print("g**a usado : ", h) en_msg, p = encrypt(msg, q, h, g) # se encripta el mensaje con q, h, g print("Mensaje Cifrado :", en_msg) dr_msg = decrypt(en_msg, p, key, q) # se desencripta el mensaje con p, la llave y q dmsg = ''.join(dr_msg) # se concatena el mensaje y se imprime print("Mensaje Descifrado :", dmsg)
def __init__(self, sectors=10, key=None, prime=None, primebits=1024): """Initialization method :param sectors: the number of sectors to break each chunk into. this allows a trade off between communication complexity and storage complexity. increase the number of sectors to decrease the server storage requirement (tag size will decrease) but communication complexity will increase :param key: the key used for encryption and decryption of the state :param prime: the prime to determine the modular group :param primebits: optionally the number of bits to use for generation of a prime if prime is given as None """ if (key is None): self.key = Random.new().read(32) else: self.key = key if (prime is None): self.prime = number.getPrime(primebits) else: self.prime = prime self.sectors = sectors self.sectorsize = self.prime.bit_length() // 8
def gen(self, k: int): # Pick p, q primes such that p | q - 1, that is equvalent to # say that q = r*p + 1 for some r #p is prime of length k p = number.getPrime(k) r = 1 while True: q = r * p + 1 if number.isPrime(q): break r += 1 # Compute elements of G = {i^r mod q | i in Z_q*} G = [] ctr = 0 self.t = q #Choose two random elements inside G last_i = 0 while True: i = random.randint(1, q) if i != last_i: aux = pow(i, r, q) if aux != 1: G.append(aux) ctr += 1 last_i = i if ctr == 2: break # Since the order of G is prime, any element of G except 1 is a generator self.g = G[0] self.sk = G[1] # pk= g^s self.pk = fastModularExponentation(self.g, self.sk, q)
def test(tcount, bits=256): n = getPrime(int(bits/8)) #n = rsa.get_prime(bits / 8, 20) p = randint(1, n) p1 = (randint(1, n), randint(1, n)) q = curve_q(p1[0], p1[1], p, n) p2 = mulp(p, q, n, p1, randint(1, n)) c1 = [randint(1, n) for i in range(tcount)] c2 = [randint(1, n) for i in range(tcount)] c = list(zip(c1, c2)) t = time.time() for i, j in c: from_projective(addf(p, q, n, mulf(p, q, n, to_projective(p1), i), mulf(p, q, n, to_projective(p2), j)), n) t1 = time.time() - t t = time.time() for i, j in c: muladdp(p, q, n, p1, i, p2, j) t2 = time.time() - t return tcount, t1, t2
def paramGen_new(): with open('/dev/urandom', 'rb') as f: salt = f.read(12) with open('./salt.bin', 'wb') as f: f.write(salt) for i in [1, 2]: # Valid DSA q = Integer(getPrime(128)) p, g = map(Integer, gen_dsa_from_q(768, q)) c = Integer.random(exact_bits=q.size_in_bits() + 64) x = c % (q - 1) + 1 y = pow(g, x, p) key_dict = {'y': y, 'g': g, 'p': p, 'q': q, 'x': x} dsa = myDSA(key_dict, salt) with open('./server_%d_pub.pem' % (i, ), 'w') as f: f.write(dsa.export_key('pub')) with open('./server_%d_priv.pem' % (i, ), 'w') as f: f.write(dsa.export_key('priv'))
def get_batch_z(self, ciphertext): y_u = [] for i in range(0, self.max_million): y_u.append(self.key.decrypt(ciphertext + i)) while True: p = number.getPrime(self.num_bits // 2) z_u = [y % p for y in y_u] # print(z_u); row = np.array(z_u).reshape((1, len(z_u))) col = np.transpose(row) diff = np.abs(row - col) diff = diff + np.eye(len(z_u)) * 3 if np.all(diff >= 2): break final_z_u = [] for i, z in enumerate(z_u): if i >= self.million: z = (z + 1) % p final_z_u.append(z) return p, final_z_u
def signString(self, raw): """ Sign a string using private key Arguments: - raw - string to be signed Returns: - wrapped, base-64 encoded string of signature Note - private key must already be present in the key object. Call L{importKey} for the right private key first if needed. """ # hash the key with MD5 m = MD5.new() m.update(raw) d = m.digest() #print "sign: digest" #print repr(d) # sign the hash with our current public key cipher self.randpool.stir() k = getPrime(128, self.randfunc) self.randpool.stir() s = self.k.sign(d, k) # now wrap into a tuple with the public key cipher tup = (self.algoPname, s) # and pickle it p = pickle.dumps(tup, True) # lastly, wrap it into our base64 w = self._wrap("Signature", p) return w
def generate_keys(self, key_size=1024): p = None while p is None: try: p = number.getPrime(key_size) except Exception as err: print(err) alpha = randrange(1, p) d = randrange(2, p - 1) beta = pow(alpha, d, p) self.keys = { "pub": { "p": p, "alpha": alpha, "beta": beta }, "priv": { "d": d } } return self.keys
def sign_ElGamal(msg, key_tuple, k=None): """Create an ElGamal signature. :Parameters: - `msg`: string of data signature applies to - `key_tuple`: tuple ElGamal key integers (p, g, x) (see `ElGamal key tuple`_) - `k`: integer (must be relatively prime to p-1) :Returns: tuple (integer, integer) ElGamal signature values (a, b) .. _ElGamal key tuple: ElGamal key tuple: - `p`: integer ElGamal prime - `g`: integer ElGamal random "g" value - `x`: integer ElGamal private key """ import Crypto.PublicKey.ElGamal as ELG if k is None: # generate our own prime k value (k relatively prime to p-1) import Crypto.Util.number as NUM import Crypto.Util.randpool as RND rnd = RND.RandomPool() q = key_tuple[0] # no restrictions on bit length for k, good enough? k = NUM.getPrime(8*len(STN.int2str(q)), rnd.get_bytes) elg = ELG.construct((key_tuple[0], key_tuple[1], 0, key_tuple[2])) return elg.sign(msg, k)