def GetCiphertexts(publicKey):
plaintexts = set()
ciphertexts = []
while len(plaintexts) < 5:
plaintexts.add(random.randint(0, 50))
for pt in plaintexts:
ciphertexts.append(rsa.Encrypt(publicKey, pt))
print('My random messages:', plaintexts)
return ciphertexts
return k.to_bytes((k.bit_length() + 7) // 8, byteorder='big')
if __name__ == '__main__':
# Generate pair, "give" the private key to the oracle.
publicKey, privateKey = rsa.GenerateRSAPair(1024)
oracle = ParityOracle(privateKey)
# Get the secret text, transform it into a number (the byte order
# is not important as long as you always use the same), and encrypt
# it with the public key.
secretText = base64.b64decode(
'VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='
)
secret = int.from_bytes(secretText, byteorder='big')
ciphernum = rsa.Encrypt(publicKey, secret)
lowerBound = 0
upperBound = privateKey[1] # i.e. n
e, n = publicKey
m = utils.modexp(2, e, n)
c = ciphernum
while lowerBound != upperBound:
c = (c * m) % n
if oracle.IsEven(c):
upperBound -= (upperBound - lowerBound) // 2
else:
lowerBound += (upperBound - lowerBound) // 2
#coding=UTF-8
import sys
import rsa
import genkey
savedStdout = sys.stdout #保存标准输出流
with open('out.txt', 'w+') as file:
sys.stdout = file #标准输出重定向至文件
dist = genkey.GenerateKey(1024)
print(dist)
print("nlen: ", len(str(bin(dist["n"]))))
M = "I Love You! 我爱你 Я люблю тебя. " * 1
C = rsa.Encrypt(dist, M, "UTF-8")
Mr = rsa.Decrypt(dist, C, "UTF-8")
print(C)
print(Mr)
break
ri += 1
else:
sNext = FindConformingBaseStep(s1 + 1, oracle, pubKey, c0)
Mi = ComputeNextIntervals(Mi, sNext, n)
i += 1
def GetRSAPair():
E = 65537
N = 808869223985516960368876661325421342956188747444816787075452418831756698052319507647734290271914602491649041286040478024422708306710833911490677450264937182027085317649671212985695037997277298077927635573086873269508490390058295009
D = 140059019390384766868578243629108463919111798007290246726768604740875764980052821654736846758406501809286865747806379397671201970191042812009276850902545401782571583052833853265766251205525586634281761444346304515174630341474737089
return (E, N), (D, N)
if __name__ == '__main__':
pubKey, privKey = GetRSAPair()
oracle = ParityOracle(privKey)
message = b'We did it! We did it!'
print('[**] Encrypting message:', message)
ciphernum = rsa.Encrypt(pubKey, BytesToInteger(PKCS1_ENCODE(message)))
plaintextBytes = IntegerToBytes(Attack(ciphernum, pubKey, oracle))
while len(plaintextBytes) < KEY_BYTESIZE:
plaintextBytes = b'\x00' + plaintextBytes
recoveredPlaintext = PKCS1_DECODE(plaintextBytes)
print('[**] Recovered plaintext:', recoveredPlaintext)
# Using the Chinese Remainder Theorem we can decompose C and N.
r0 = C[0] * n12 * rsa.invmod(n12, N[0])
r1 = C[1] * n02 * rsa.invmod(n02, N[1])
r2 = C[2] * n01 * rsa.invmod(n01, N[2])
res = r0 + r1 + r2
res = res % n012
# Compute the cube root and round to the nearest integer.
return round(res**(1.0 / 3.0))
if __name__ == '__main__':
publicKey1, _ = rsa.GenerateRSAPairBroadcast(31, 7)
publicKey2, _ = rsa.GenerateRSAPairBroadcast(17, 13)
publicKey3, _ = rsa.GenerateRSAPairBroadcast(37, 11)
# We encrypt the same plaintext with three different public keys, all
# of which use E=3 internally.
num = 42
c1 = rsa.Encrypt(publicKey1, num)
c2 = rsa.Encrypt(publicKey2, num)
c3 = rsa.Encrypt(publicKey3, num)
recoveredPt = BreakRSA([c1, c2, c3],
[publicKey1[1], publicKey2[1], publicKey3[1]])
if recoveredPt == num:
print('[**] Correct!')
else:
print('[!!] Failed.')