def step_t_5(a_base, B, p1):
if p1 <= int(root(B, 5)):
### Посчет времени работы
start_time = time.time()
###
n_list = []
l = 5
if p1 % 4 == 3:
n_list = [p1]
q_3k4 = readfile("primes/4k+3.txt")
sign_p1 = []
for a in a_base:
sign_p1.append(numth.jacobi(a, p1))
for q in q_3k4:
if q % 24 == p1 % 24:
sign_q = []
for a in a_base:
sign_q.append(numth.jacobi(a, q))
if sign_q == sign_p1:
n_list.append(q)
# else:
# for p in primes:
###
total_time = "--- %s seconds ---\n" % (time.time() - start_time)
###
return np.array(n_list)
else:
print(f"Value Error: p1 > {int(root(B, 5))}")
def solve(ciphertexts, modulus):
C = chinese_remainder_theorem(list(zip(ciphertexts, modulus)))
M = int(root(C, 3))
M = long_to_bytes(M)
if b'flag' in M:
print(M.decode())
exit()
def hastads_broadcast_attack(e, pairs):
"""Hastad's Broadcast Attack
If we have e ciphertext of same plaintext with different N,
we can find the plaintext using Chinese Remainder Theorem.
"""
x, n = chinese_remainder_theorem(pairs)
return int(gmpy2.root(x, e))
def find_nearest_power(number):
gmpy2.get_context().precision = 10000
smallest_r = number
nearest_xy = 0
for i in range(2, int(math.log(number, 2))):
floor = int(gmpy2.root(mpfr(number), i))**i
if number - floor < smallest_r:
if floor > number:
print("error at %d" % i)
smallest_r = number - floor
nearest_xy = floor
return smallest_r
def Gen_k(a_base, t, B, X):
m = len(a_base)
T = Hash_Table()
a = bases[m]
for p in primes:
if p <= int(root(B / (a**(t - 2)), 2)):
factors = numth.factorization(p - 1)
nums = []
for i in range(len(factors)):
nums.append(Lambda_p(a_base, factors[i][0]))
lmd_p = Lambda_list(a_base, primes)
s = T.fetch(Sign(a_base, p))
k = np.prod(s) / s[-1] * p
k_list = s[:-1] + [p]
if k <= X:
pt = Rule_out_k(a_base, k)
else:
pt = Sieving(a_base, k_list, B)
if p <= int(root(B / (a**(t - 3)), 3)):
T.insert(Sign(a_base, p), p, lmd_p)
return
def t_2(a_base, B, primes_list):
clearfile(f"res/jae/2/{a_base}/spsp_{B}.txt")
spsp = []
### Посчет времени работы
start_time = time.time()
###
i = 1
for p in primes_list:
if p < int(root(B, 2)):
if p > a_base[-1]:
lmd_p = Lambda_p(a_base, p)
lmd = numth.lcm(lmd_p, 2)
for k in range(int(1 + (p - 1) / lmd),
int((B - p) / (p * lmd)) + 1, 1):
q = 1 + k * lmd
if p * q <= B: # and p * q > B // 100:
if numth.is_prime(q) and q > p:
if q + 1 == 2 * p:
if check_signs(a_base, [p, q]) and psp_2(
a_base, [p, q]):
item = Signature(Sign(a_base, p), [p, q])
s = f"{i} {np.prod(item.primes)} {item.primes} {item.sign}\n"
writefile(
f"res/jae/2/{a_base}/spsp_{B}.txt", s)
i += 1
spsp.append(item)
else:
continue
else:
P = p * (1 + k * lmd)
if psp(a_base, P) and check_signs(
a_base, [p, q]):
item = Signature(Sign(a_base, p), [p, q])
s = f"{i} {np.prod(item.primes)} {item.primes} {item.sign}\n"
writefile(
f"res/jae/2/{a_base}/spsp_{B}.txt", s)
i += 1
spsp.append(item)
# else:
# break
###
total_time = "--- %s seconds ---\n" % (time.time() - start_time)
###
writefile(f"res/jae/2/{a_base}/spsp_{B}.txt", total_time)
return spsp
def _keylessDecryption_broadcast_msg(path):
n_1, n_2, n_3, e, key_S_1, key_S_2, key_S_3, iv_1, kol1 = asnGenerator.decode(
path)
#n_2, e_2, key_S_2, iv_2, kol2 = asnGenerator.decode("wallpapers2.jpg.ecrypted")
#n_3, e_3, key_S_3, iv_3, kol3 = asnGenerator.decode("wallpapers3.jpg.ecrypted")
m = (n_1, n_2, n_3)
a = (key_S_1, key_S_2, key_S_3)
x = crt(m, a)
#print("x ==== ", x)
print("\n\nX = ", x)
#print("x^(1/3) = ", pow(x,1/3)+1)
gmpy2.get_context().precision = 200
m = int(gmpy2.root(x, 3))
print("m = ", m)
decryptedKey_S = m.to_bytes(16, 'big')
print('Dec Key s = ', decryptedKey_S)
print("IV = ", iv_1)
b = bytearray()
with open('~tmp' + path, 'rb') as file:
data = file.read()
#print('Cipher:\n')
#print(data)
print('Decrypted:\n')
decryptedText = AES_data_Decryption(data, decryptedKey_S, iv_1)
#print("kol = ",kol1)
#print("len(cip) = ", len(decryptedText))
kol2 = len(decryptedText)
i = 0
while i < kol1:
b.append(decryptedText[i])
i = i + 1
#pad(data,AES.block_size), decryptedKey_S, iv_fromCipher)
#decryptedText = unpad(decryptedText, AES.block_size)
#print(decryptedText)
os.remove('~tmp' + path)
output = open(path + ".decrypted", 'wb')
output.write(b) #decryptedText)
output.close()
def main():
global lock
lock = threading.Lock()
jobs = []
procs = 5
for i in range(procs):
process = threading.Thread(target=list_append)
jobs.append(process)
for j in jobs:
j.start()
for j in jobs:
j.join()
C = chinese_remainder_theorem(keys)
M = int(root(C, n_items))
print(n_to_bytes(M))
def main():
n= 691611766208546073444876122261067788277978858453710639029761974358666489171591889808344592871468081368348731289584873825685836699513369087940744233044470468106283756269016888690397802087612562650740690626844050981638158798650899164329024889012339813251634342169796374490173324858177655412520581064091323105709703802894635752243504165527728325493775585018099572491218738859140069209745383085972126419677929983854492018948495162457428459536088314487922683148031388611849013227501962458386817851194913551405843074740308192841259015955432216658418219471365781271743026881045054161177699500233983945284463060091084401032681620162554495490307966608011765399197534175588394769839991952726269105973546086964385977836193216093842605576347580465390858378577913173391209728199847916944392685608959720919745441534152140791433228642857247821519585327091864890122871765266988285510728943279970135846908966516130597249552710186071954611133294079017500030355232895541367427153922527925908108643934213023557398363684188823565535815365161748782796247844503993809352854741573950620787090272760236473228652960605730173150252619759400890068298838592790770868307280012495168740250977525199965477849089021924445456338550258621310346872587368865023459114279L
e1= 2623119
e2= 2611101
c1= 632613645684838434911920364870092246688638723680203743297038042884981435531349983627632652213126007404455112992754038899192740232209237012089852184466576496173356903126767617531366105427616049893559911396536574555008451239827427140619373005107923039458285095437111146013805698400274937791209388463040761234346114146112603113513874269976957472698342250573902102976387047390228485927254752372525379266486917620487089416581168720140744193600912161065888758451629009978676721731074043142666019127528370181044741033938879227651226413524178992155234346229899043794846119210274959231350300191718278291314079326011260972911790929707654859407903619102516710246683375658271085356783673232677699444921875427077745087507202504075374873842972977165904031632108921391219453633100007509368853543202918527396858214941532156620908283394786740941868393377733920317480973184132461984594109692489226477402338664642727766514992506288377119275635222078018270479534265371971469799345627297451492177595572561618185463142728664331779856911512823762928116551034186671353283417747535010208121962539603383913657773795358612010178381857101029638404248669376029927680328805839410427459248430136708902815920536603541943356116875656311481908672896225539754812052984
c2= 473583830101449207063655453483957320801977763405664178108962387145963115641321631378723122470718049239150183483107837540062110255460217493574236417576528210993551734521104360323008425196350719034294427914294044848231276934402896045785500160974092767601908407706594433190832523140982335688121038712802163776950422665847149664034820576774873956120202470663588902529914328392634164212558025176982387474287314624421143326789371057668708456922968762564019631616913937820209470604081356673188045257490667304640155390478645279862586730343779998826931285683980941686981775369499484033439920659579124275957233449431588512697916708510428626881790592757578867152025501459202793986322020476004209777449674143157280081483085868896558215825742742029607229809248023263081810931655981810534293127835168642962477010095223356972141559004635008185531900175232541978761179342338914489553003329293031284557554252476291770973145365678145226167965362251186233138510776436645583796590010200995100899736056399413460647507781994189935869541735701599175369334170081795310585938471394672279359692859881857399434361716843681313191143289947464231132723256066979526475873327590657111481299295002695482778491520250596998683754980263059514032256777144682239680031331
s = egcd(e1, e2)
s1 = s[1]
s2 = s[2]
if s1<0:
s1 = - s1
c1 = modinv(c1, n)
elif s2<0:
s2 = - s2
c2 = modinv(c2, n)
m = (pow(c1,s1,n)*pow(c2,s2,n))%n
gmpy2.get_context().precision=2000
m = gmpy2.root(m,3)
print str(hex(int(str(m)[:-2])))[2:-1].decode('hex')
def encodeToAxis(word_list):
word_values = [1]
used_words = []
for word in word_list:
if used_words == []:
used_words.append(word)
continue
curr_value = 0
for i in range(len(used_words)):
curr_value += word_values[i] * sum_of_words[used_words[i]]
word_values.append(curr_value + 1)
used_words.append(word)
for i, value in enumerate(word_values):
word_values[i] = float(gmpy2.root(value, 750))
value_dict = {}
for i in range(len(used_words)):
value_dict[used_words[i]] = word_values[i]
return value_dict
else:
ponderacion = int(fecha_fin_list[0])
n_ponderacion += ponderacion
lista_precios.append(precio_promedio**ponderacion)
else:
ponderacion = 5
lista_precios.append(precio_promedio**ponderacion)
n_ponderacion += ponderacion
print("Producto: " + ine_product, end="")
for i in range(blank_spaces - len(ine_product)):
print(" ", end="")
for price in lista_precios:
prom_geo_hist *= price
try:
prom_geo_hist = gmpy2.root(prom_geo_hist, n_ponderacion)
except (ValueError, ZeroDivisionError):
prom_geo_hist = None
wsresumen.cell(row=row, column=column).value = float(
prom_geo_hist) if prom_geo_hist is not None else prom_geo_hist
try:
print("Promedio geométrico: %d" % prom_geo_hist)
except TypeError:
print("Promedio geométrico: 0")
row += 1
column += 1
if wsresumen.cell(row=8, column=column).value is None:
break
print("Guardando los cambios en el documento excel.")
def _introot_gmpy(n, r=2):
if n < 0:
return None if r & 1 == 0 else -_introot_gmpy(-n, r)
return gmpy.root(n, r)[0]
if len(result) % 2 == 1:
result = '0' + result
return unhexlify(result)
def rsaPQ(c, p, q, e):
n = p * q
lambdaN = lcm(p - 1, q - 1)
d = modinv(e, lambdaN)
m = gmpy2.powmod(c, d, n)
result = format(m, 'x')
if len(result) % 2 == 1:
result = '0' + result
return unhexlify(result)
c = 19822919015216334606838147187844513303693151208933506237526243552791188358629927692564408308978667119010159015296389932255536038955462235588806834753957336725477679078308906619631832105515338709749280989968720700332965342664066727614684756288508336906873455402456724514409665063815883721368701414406637816503663069123152206187184332623963069223822592231181833565768221494006940826588467135926385229969814176675741364321794933093636886431505483774320087319252360432547660217288865770681157259876645827929973083604127379805176764472579255503056330078196468565478521112670467341060668527514751961549049873342692541606355
n = 31325016658297791169480146120150580664219873287421481080616514285705723444552690019413852971465151239826845324148227005504609963845765999280375945496745984700803995327426374755551653914842855856840873315380063944650694450432809712755761825613156119793152817878840392132906780617084024598234526140691477142470141549753066179951124472530113331326979879457581531345151803316432362920688290775743184527050943053649567601887797197755209287963264926465811140120495354841559998192053880422049607850758298738351886072262621692207202148055748922934409275716858927938602120378874645091397627068099133689377435543763129394494299
#p =
#q =
e = 65537
phi2d = 35906402511629257796873331657505713118658548928050971233624880390783608596696326954825632282869296602503506026224317700039936367304295793184619402438417258383719085966506311310962530256051162208791981402840855755528166814248646279836402945873499153624688740477810213128587258701444773118521965801623894073525113745206969653164649471755397819151217316846808139426381244899197410808004893311138089359750966674814512836216536006682471192475385232771846152596445095336059765670795032572594251794907179806180719654128026352708960205125585943113889680588589333301354560543641230664866892752046821466026179340210792546176562
phi = (phi2d * e - 2) // 2 // 37561
a = 1
b = n - phi + 1
p = -(-b + int(gmpy2.root(pow(b, 2) - 4 * a * n, 2))) // 2
q = n // p
print(p)
print(p * q - n)
print(rsaPQ(c, p, q, e))
def sub_sub_sure_factors(f, u, curve_parameter):
'''Finds all factors that can be found using ECM with a smoothness bound of u and sigma and give curve parameters. If that fails, checks for being a prime power and does Fermat factoring as well.
Yields factors.'''
while not (f & 1):
yield 2
f >>= 1
while not (f % 3):
yield 3
f = f // 3
if isprime(f):
yield f
return
log_u = math.log(u)
u2 = int(_7_OVER_LOG_2 * u * log_u / math.log(log_u))
primes = []
still_a_chance = True
log_mo = math.log(f + 1 + sqrt(f << 2))
g = gcd(curve_parameter, f)
if g not in (1, f):
for factor in sub_sub_sure_factors(g, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(f//g, u, curve_parameter):
yield factor
return
g2 = gcd(curve_parameter**2 - 5, f)
if g2 not in (1, f):
for factor in sub_sub_sure_factors(g2, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(f // g2, u, curve_parameter):
yield factor
return
if f in (g, g2):
yield f
while still_a_chance:
p1 = get_points([curve_parameter], f)
for prime in primes:
p1 = multiply(p1, prime, f)
if not isinstance(p1, list):
if p1 != f:
for factor in sub_sub_sure_factors(p1, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(f//p1, u, curve_parameter):
yield factor
return
else:
still_a_chance = False
break
if not still_a_chance:
break
prime = 1
still_a_chance = False
while prime < u2:
prime = next_prime(prime)
should_break = False
for _ in range(int(log_mo / math.log(prime))):
p1 = multiply(p1, prime, f)
if not isinstance(p1, list):
if p1 != f:
for factor in sub_sub_sure_factors(p1, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(f//p1, u, curve_parameter):
yield factor
return
else:
still_a_chance = True
primes.append(prime)
should_break = True
break
if should_break:
break
for i in range(2, int(math.log(f) / LOG_2) + 2):
r = root(f, i)
if r[1]:
for factor in sub_sub_sure_factors(r[0], u, curve_parameter):
for _ in range(i):
yield factor
return
a = 1 + sqrt(f)
bsq = a * a - f
iter = 0
while bsq != sqrt(bsq)**2 and iter < 3:
a += 1
iter += 1
bsq += a + a - 1
if bsq == sqrt(bsq)**2:
b = sqrt(bsq)
for factor in sub_sub_sure_factors(a - b, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(a + b, u, curve_parameter):
yield factor
return
yield f
return
def step_t_3(a_base, B):
clearfile(f"res/jnd/3/{a_base}/spsp_{B}.txt")
clearfile(f"res/jnd/3/{a_base}/n_list_{B}.txt")
n_list = []
### Посчет времени работы
start_time = time.time()
###
# equal_2_list = parsefile(f"res/jnd/2/{a_base}/n_list_{B}.txt")
# упорядочены по возрастанию p1, где p1<p2
# if len(equal_2_list) != 0:
# for i in range(len(equal_2_list)):
# p1 = equal_2_list[i].primes[0]
# p2 = equal_2_list[i].primes[1]
# b = int(p1 * p2)
for p1 in primes:
p1 = int(p1)
print(p1)
if p1 <= int(root(B, 3)): # and b * p2 < B:
if p1 > a_base[-1]:
print(p1)
s = ""
if len(a_base) > 6:
a_base = a_base[:6]
leg1 = []
for a in a_base:
leg1.append(numth.jacobi(a, p1))
p2_3k4 = readfile("primes/4k+3.txt")
p2_1k4 = readfile("primes/4k+1.txt")
p2_5k8 = readfile("primes/8k+5.txt")
p2_1k8 = readfile("primes/8k+1.txt")
if p1 % 4 == 3:
print(f"p1 34 {p1}")
for p2 in p2_3k4:
if p2 > p1 and p2 < B and p2 < B: # на всякий случай проверим
print(f"p2 34 {p2}")
leg2 = []
b = int(p1 * p2)
for a in a_base:
leg2.append(numth.jacobi(a, p2))
if leg1 == leg2: # Prop.2 inverse is true
if b < 2 * 10**6: # a trick
gcd_23 = int(
gcd(2**(b - 1) - 1, 3**(b - 1) - 1))
factor_list = numth.factorization(gcd_23)
for i in range(len(factor_list)):
p3 = factor_list[i][0]
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(
a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1),
[p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
else:
p_exist = np.array([p1, p2])
p3_list = next_p(p_exist, a_base,
B) # ищем подходящие p3
if isinstance(p3_list,
list) and len(p3_list) != 0:
for p3 in p3_list:
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(
a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1),
[p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# continue # новый item из equal_2_list
# else:
# continue
for p2 in p2_1k4:
print(f"p2 14 to mu {p2}")
if Mu_p(a_base, p2) == 4:
pass # переход к mu=4
elif p1 % 8 == 5:
print(f"p1 58 {p1}")
for p2 in p2_5k8:
if p2 > p1 and p2 < B:
print(f"p2 58 {p2}")
if len(a_base) > 5:
a_base = a_base[:5]
leg2 = []
b = int(p1 * p2)
for a in a_base:
leg2.append(numth.jacobi(a, p2))
if leg1 == leg2:
p_exist = np.array([p1, p2])
p3_list = next_p(p_exist, a_base, B)
print(p3_list, type(p3_list))
if isinstance(p3_list,
list) and len(p3_list) != 0:
for p3 in p3_list:
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(
a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1),
[p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# continue
# else:
# continue
for p2 in p2_1k8:
if p2 > p1 and p2 < B:
print(f"p2 18 {p2}")
if p2 % 16 == 9:
print(f"p2 916 {p2}")
leg2 = []
b = int(p1 * p2)
for a in a_base:
leg2.append(numth.jacobi(a, p2))
if np.prod(
leg2
) == 1 and p2 > p1: # если все 1, то произведение 1
p_exist = np.array([p1, p2])
p3_list = next_p(p_exist, a_base, B)
if isinstance(p3_list,
list) and len(p3_list) != 0:
for p3 in p3_list:
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(
a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1),
[p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
else:
continue
else:
continue
elif p2 % 16 == 1:
print(f"p2 116 to mu {p2}")
if Mu_p(a_base, p2) == 4:
pass # переход к mu=4
for p2 in p2_3k4:
if p2 > p1 and p2 < B: # в тексте этого нет, но на всякий случай проверим
print(f"p2 34 {p2}")
b = int(p1 * p2)
p_exist = np.array([p1, p2])
p3_list = next_p(p_exist, a_base, B)
# print(f"p3 list {p3_list}")
if isinstance(p3_list, list) and len(p3_list) != 0:
for p3 in p3_list:
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(
a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1),
[p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# continue
elif p1 % 8 == 1:
print(f"p1 18 {p1} p2 any {p2}")
e, f = Val(2, p1 - 1), Val(2, Lambda_p(a_base, p1))
if len(a_base) > 5:
a_base = a_base[:5]
for p2 in primes:
if p2 > p1 and p2 < B and e == f:
if p2 % (2**(e + 1)) == (1 + 2**e) % (2**(
e + 1)): # !!!! СКОБКИ???
leg2 = []
b = int(p1 * p2)
for a in a_base:
leg2.append(numth.jacobi(a, p2))
if leg1 == leg2:
p_exist = np.array([p1, p2])
p3_list = next_p(p_exist, a_base, B)
if isinstance(p3_list,
list) and len(p3_list) != 0:
for p3 in p3_list:
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(
a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1),
[p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
else:
continue
else:
continue
elif p2 % (2**(e + 2)) == 1:
if Mu_p(a_base, p2) == 4:
pass # переход к mu=4
elif p2 % (2**(e + 2)) != 1 and p2 % (2**(
e + 2)) == (1 + 2**(e + 1)) % 2**(
e + 2): # !!!! СКОБКИ???
leg2 = []
b = int(p1 * p2)
for a in a_base:
leg2.append(numth.jacobi(a, p2))
if np.prod(leg2) == 1:
p_exist = np.array([p1, p2])
p3_list = next_p(p_exist, a_base, B)
if isinstance(p3_list,
list) and len(p3_list) != 0:
for p3 in p3_list:
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(
a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1),
[p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
else:
continue
else:
continue
elif p2 > p1 and p2 < B and f < e:
if p2 % 2**f == p1:
if f == e - 1 and Mu_p(
a_base,
p1) == 2: # это есть условие выше
p_exist = np.array([p1, p2])
p3_list = next_p(p_exist, a_base, B)
b = int(p1 * p2)
if isinstance(p3_list,
list) and len(p3_list) != 0:
for p3 in p3_list:
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(
a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1),
[p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
else:
continue
else:
continue
else:
continue
# p1 is any in primes
mu_4 = readfile(f"lib/mu/{a_base}/mu_4.txt")
for p2 in mu_4:
if p2 > p1 and p2 < B: # если p2 mu=4, то не обязательно чтобы и p1 mu=4
print(f"p2 mu4 {p2}")
p_exist = np.array([p1, p2])
p3_list = next_p(p_exist, a_base, B)
b = int(p1 * p2)
if isinstance(p3_list, list) and len(p3_list) != 0:
for p3 in p3_list:
if p3 * b <= B: # and p3 * b > B // 100:
if p3 > p2:
print(f"p3 {p3}")
signss = check_signs(a_base, [p1, p3])
if signss:
item = Signature(
Sign(a_base, p1), [p1, p2, p3])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# continue
writefile(f"res/jnd/3/{a_base}/n_list_{B}.txt", s)
else:
continue
else:
break
i = 1
spsp = []
ss = ""
for item in n_list:
prod = np.prod(item.primes)
if psp(a_base, prod):
ss += f"{i} {prod} {item.primes} {item.sign}\n"
i += 1
spsp.append(item)
###
total_time = "--- %s seconds ---\n" % (time.time() - start_time)
###
ss += f"{total_time}\n"
writefile(f"res/jnd/3/{a_base}/spsp_{B}.txt", ss)
return np.array(spsp)
c = 2039130155866184490894181588949291569587424373754875837330412835527276040280846677481047284126316137541961805207979583672570357348995401556991229785828117383170279052532972654304372432603436204862621797 import gmpy2 from binascii import * gmpy2.get_context().precision = 800000 possible = int(gmpy2.root(c, 3)) print(hex(possible))
# -*- coding: utf-8 -*-
import gmpy2
import binascii
"""
OK no more extra bits of information for you. Good luck trying to solve this one. Just a public key and a ciphertext so should be impossible.
"""
n = 23516695565660963250242846975094031309572348962900032827958534374248114661507001374384417953124930587796472484525315334716723068326965228898857733318407681656604325744994115789416012096318656034667361976251100005599211469354510367804546831680730445574797161330145320706346512982316782618118878428893337849886890813813050423818145497040676697510093220374542784895778086554812954376689653727580227087363619223145837820593375994747273662064715654881379557354513619477314410917942381406981452545764657853425675230343749326640073923166795823683203941972393206970228647854927797483660176460658959810390117898333516129469397
e = 3
c = 145069245024457407970388457302568525045688441508350620445553303097210529802020156842534271527464635050860748816803790910853366771838992303776518246009397475087259557220229739272919078824096942593663260736405547321937692016524108920147672998393440513476061602816076372323775207700936797148289812069641665092971298180210327453380160362030493
# e small exponent attack to solve
# since e is so small, and message likely much smaller than our N, we can easily compute the plaintext by taking the cube root of c
# enc_text = pt^3 mod N
# pt = root(ct,3)
gmpy2.get_context().precision = 200000
m = int(gmpy2.root(c, e))
print(binascii.unhexlify(hex(int(m))[2:]).decode('utf-8'))
def step_t_2(a_base, B, primes_list):
clearfile(f"res/jnd/2/{a_base}/spsp_{B}.txt")
clearfile(f"res/jnd/2/{a_base}/n_list_{B}.txt")
n_list = []
### Посчет времени работы
start_time = time.time()
###
for p1 in primes_list:
p1 = int(p1)
if p1 < int(root(B, 2)):
if p1 > a_base[-1]:
s = ""
if p1 < 10**6:
gcd_23 = int(gcd(2**(p1 - 1) - 1, 3**(p1 - 1) - 1))
factors = sorted(numth.factorization(gcd_23))
for i in range(len(factors)):
p2 = factors[i][0]
if p2 * p1 <= B: # and p1 * p2 > B // 100:
if p2 > p1: # В дальнейшем для того, чтобы числа в интервалах не повторялись
signss = check_signs(a_base, [p1, p2])
if signss:
item = Signature(Sign(a_base, p1),
[p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# break
elif p1 > 10**8:
lmd_p = Lambda_p(a_base, p1) # lmd_p = p1-1
p2 = 1
while p2 <= p1: # and p1 * p2 > B // 100: # к условию, что p2>p1
p2 += lmd_p
while p2 * p1 <= B: # and p1 * p2 > B // 100:
signss = check_signs(a_base, [p1, p2])
if signss:
item = Signature(Sign(a_base, p1), [p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(Signature(item.sign, [p1, p2]))
p2 += lmd_p
else: # между 10**6..10**8
if len(a_base) > 6:
a_base = a_base[:6]
lmd_p = Lambda_p(a_base, p1)
leg1 = []
for a in a_base:
leg1.append(numth.jacobi(a, p1))
if p1 % 4 == 1:
p2_4k3 = readfile("primes/4k+3.txt")
p2_4k1 = readfile("primes/4k+1.txt")
for p2 in p2_4k3:
if p1 * p2 <= B: # and p1 * p2 > B // 100:
if p2 % lmd_p == 1 and p2 > p1:
leg2 = []
for a in a_base:
leg2.append(numth.jacobi(a, p2))
signss = check_signs(a_base, [p1, p2])
if leg1 == leg2 and signss:
item = Signature(
Sign(a_base, p1), [p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# break
for p2 in p2_4k1:
if p1 * p2 <= B: # and p1 * p2 > B // 100:
if p2 % lmd_p == 1 and p2 > p1:
leg2 = []
for a in a_base:
leg2.append(numth.jacobi(a, p2))
signss = check_signs(a_base, [p1, p2])
if np.prod(
leg2
) == 1 and signss: # если все 1, то произведение 1
item = Signature(
Sign(a_base, p1), [p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# break
elif p1 % 8 == 5:
p2_8k5 = readfile("primes/8k+5.txt")
p2_8k1 = readfile("primes/8k+1.txt")
for p2 in p2_8k5:
if p1 * p2 <= B: # and p1 * p2 > B // 100:
if p2 % lmd_p == 5 and p2 > p1:
leg2 = []
for a in a_base:
leg2.append(numth.jacobi(a, p2))
signss = check_signs(a_base, [p1, p2])
if leg1 == leg2 and signss:
item = Signature(
Sign(a_base, p1), [p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# break
for p2 in p2_8k1:
if p1 * p2 <= B: # and p1 * p2 > B // 100:
if p2 % lmd_p == 1 and p2 > p1:
leg2 = []
for a in a_base:
leg2.append(numth.jacobi(a, p2))
signss = check_signs(a_base, [p1, p2])
if np.prod(leg2) == 1 and signss:
item = Signature(
Sign(a_base, p1), [p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# break
elif p1 % 8 == 1:
sign = Sign([2], p1)[0]
e, f = Val(2, p1 - 1), Val(2, sign)
for p2 in primes:
if p1 * p2 <= B: # and p1 * p2 > B // 100:
if p2 > p1 and e == f:
if p2 % (2**(e - 1)) == 2**e % (2**(
e - 1)) and p2 % lmd_p == 1:
leg2 = []
for a in a_base:
leg2.append(numth.jacobi(a, p2))
signss = check_signs(a_base, [p1, p2])
if leg1 == leg2 and signss:
item = Signature(
Sign(a_base, p1), [p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
elif p2 % 2**(e +
1) == 1 and p2 % lmd_p == 1:
leg2 = []
for a in a_base:
leg2.append(numth.jacobi(a, p2))
signss = check_signs(a_base, [p1, p2])
if np.prod(leg2) == 1 and signss:
item = Signature(
Sign(a_base, p1), [p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
elif p2 > p1 and f < e and p1 * p2 <= B: # and p1 * p2 > B // 100:
signss = check_signs(a_base, [p1, p2])
if p2 % lmd_p == 1 and signss:
item = Signature(
Sign(a_base, p1), [p1, p2])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
# else:
# break
writefile(f"res/jnd/2/{a_base}/n_list_{B}.txt", s)
else:
continue
i = 1
spsp = []
ss = ""
for item in n_list:
prod = np.prod(item.primes)
if psp(a_base, prod):
ss += f"{i} {prod} {item.primes} {item.sign}\n"
i += 1
spsp.append(item)
###
total_time = "--- %s seconds ---\n" % (time.time() - start_time)
###
ss += f"{total_time}\n"
writefile(f"res/jnd/2/{a_base}/spsp_{B}.txt", ss)
return np.array(spsp)
import gmpy2
n = 29331922499794985782735976045591164936683059380558950386560160105740343201513369939006307531165922708949619162698623675349030430859547825708994708321803705309459438099340427770580064400911431856656901982789948285309956111848686906152664473350940486507451771223435835260168971210087470894448460745593956840586530527915802541450092946574694809584880896601317519794442862977471129319781313161842056501715040555964011899589002863730868679527184420789010551475067862907739054966183120621407246398518098981106431219207697870293412176440482900183550467375190239898455201170831410460483829448603477361305838743852756938687673
e = 3
c = 2205316413931134031074603746928247799030155221252519872649651160278476902145087143487410518148797849017656369316341655241171591967799156330520717647775870050832989405039500714403825189288474886866683126666398914647066914847128627018357093
gmpy2.get_context().precision = 2000
print gmpy2.root(c, e)
print(
hex(13016382529449106065894479374027604750406953699090365388202878069532790348997757
)[2:-1]).decode('hex')
# picoCTF{n33d_a_lArg3r_e_6eb35d6d}
def sqrt(n):
return root(n, 2)[0]
while a > 1:
q = a // b
a, b = b, a % b
x0, x1 = x1 - q * x0, x0
if x1 < 0: x1 += b0
return x1
C1 = get_value(ct1, 'bin')
C2 = get_value(ct2, 'bin')
C3 = get_value(ct3, 'bin')
C4 = get_value(ct4, 'bin')
C5 = get_value(ct5, 'bin')
ciphertexts = [C1, C2, C3, C4, C5]
N1 = get_value(md1, 'b64')
N2 = get_value(md2, 'b64')
N3 = get_value(md3, 'b64')
N4 = get_value(md4, 'b64')
N5 = get_value(md5, 'b64')
modulus = [N1, N2, N3, N4, N5]
result = (chinese_remainder(modulus, ciphertexts))
M = int(root(result, exp))
print(M.bit_length())
print(M)
M = M.to_bytes((M.bit_length() + 7) // 8, byteorder='big')
print(M)
#!/usr/bin/python3 from Crypto.Util.number import * import binascii import gmpy2 ct = "05c61636499a82088bf4388203a93e67bf046f8c49f62857681ec9aaaa40b4772933e0abc83e938c84ff8e67e5ad85bd6eca167585b0cc03eb1333b1b1462d9d7c25f44e53bcb568f0f05219c0147f7dc3cbad45dec2f34f03bcadcbba866dd0c566035c8122d68255ada7d18954ad604965" ct = bytes_to_long(binascii.unhexlify(ct)) gmpy2.get_context().precision=200000 pt = gmpy2.root(ct,3) # e = 3 message = binascii.unhexlify(hex(int(pt))[2:]) print(message)
def step_t_4(a_base, B):
clearfile(f"res/jnd/4/{a_base}/spsp_{B}.txt")
clearfile(f"res/jnd/4/{a_base}/n_list_{B}.txt")
n_list = []
### Посчет времени работы
start_time = time.time()
###
equal_3_list = parsefile(f"res/jnd/3/{a_base}/n_list_{B}.txt")
# упорядочены по возрастанию p1, где p1<p2
if len(equal_3_list) != 0:
for i in range(len(equal_3_list)):
p1 = equal_3_list[i].primes[0]
p2 = equal_3_list[i].primes[1]
p3 = equal_3_list[i].primes[2]
b = int(p1 * p2 * p3)
if p1 <= int(root(B, 4)) and b * p3 < B:
s = ""
if p1 % 4 == 3: # Вместо сигнатур вычисляется символ Лежандра
p4_3k4 = readfile("primes/4k+3.txt")
for p4 in p4_3k4:
if p4 * b <= B: # and p4 * b > B // 100:
if p4 > p3:
f"p4 {p4}"
signss = check_signs(a_base, [p1, p4])
if signss:
item = Signature(Sign(a_base, p1),
[p1, p2, p3, p4])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
else:
p_exist = np.array([p1, p2, p3])
p4_list = next_p(p_exist, a_base, B)
if isinstance(p4_list, list):
for p4 in p4_list:
if p4 * b <= B: # and p4 * b > B // 100:
if p4 > p3:
f"p4 {p4}"
signss = check_signs(a_base, [p1, p4])
if signss:
item = Signature(
Sign(a_base, p1), [p1, p2, p3, p4])
s += f"{item.primes} {signss} {item.sign}\n"
n_list.append(item)
writefile(f"res/jnd/4/{a_base}/n_list_{B}.txt", s)
else:
continue
i = 1
spsp = []
ss = ""
for item in n_list:
prod = np.prod(item.primes)
if psp(a_base, prod):
ss += f"{i} {prod} {item.primes} {item.sign}\n"
i += 1
spsp.append(item)
###
total_time = "--- %s seconds ---\n" % (time.time() - start_time)
###
ss += f"{total_time}\n"
writefile(f"res/jnd/4/{a_base}/spsp_{B}.txt", ss)
return np.array(spsp)
def sub_sub_sure_factors(f, u, curve_parameter):
'''Finds all factors that can be found using ECM with a smoothness bound of u and sigma and give curve parameters. If that fails, checks for being a prime power and does Fermat factoring as well.
Yields factors.'''
while not (f & 1):
yield 2
f >>= 1
while not (f % 3):
yield 3
f /= 3
if isprime(f):
yield f
return
log_u = math.log(u)
u2 = int(_7_OVER_LOG_2 * u * log_u / math.log(log_u))
primes = []
still_a_chance = True
log_mo = math.log(f + 1 + sqrt(f << 2))
g = gcd(curve_parameter, f)
if g not in (1, f):
for factor in sub_sub_sure_factors(g, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(f/g, u, curve_parameter):
yield factor
return
g2 = gcd(curve_parameter**2 - 5, f)
if g2 not in (1, f):
for factor in sub_sub_sure_factors(g2, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(f / g2, u, curve_parameter):
yield factor
return
if f in (g, g2):
yield f
while still_a_chance:
p1 = get_points([curve_parameter], f)
for prime in primes:
p1 = multiply(p1, prime, f)
if not isinstance(p1, list):
if p1 != f:
for factor in sub_sub_sure_factors(p1, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(f/p1, u, curve_parameter):
yield factor
return
else:
still_a_chance = False
break
if not still_a_chance:
break
prime = 1
still_a_chance = False
while prime < u2:
prime = next_prime(prime)
should_break = False
for _ in xrange(int(log_mo / math.log(prime))):
p1 = multiply(p1, prime, f)
if not isinstance(p1, list):
if p1 != f:
for factor in sub_sub_sure_factors(p1, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(f/p1, u, curve_parameter):
yield factor
return
else:
still_a_chance = True
primes.append(prime)
should_break = True
break
if should_break:
break
for i in xrange(2, int(math.log(f) / LOG_2) + 2):
r = root(f, i)
if r[1]:
for factor in sub_sub_sure_factors(r[0], u, curve_parameter):
for _ in xrange(i):
yield factor
return
a = 1 + sqrt(f)
bsq = a * a - f
iter = 0
while bsq != sqrt(bsq)**2 and iter < 3:
a += 1
iter += 1
bsq += a + a - 1
if bsq == sqrt(bsq)**2:
b = sqrt(bsq)
for factor in sub_sub_sure_factors(a - b, u, curve_parameter):
yield factor
for factor in sub_sub_sure_factors(a + b, u, curve_parameter):
yield factor
return
yield f
return
e = 65537
def ComputeGCD(n1, n2):
if n2 == 0:
return n1
else:
return ComputeGCD(n2, n1 % n2)
p1 = ComputeGCD(n1, n2)
q1 = n1 // p1
phi1 = (p1 - 1) * (q1 - 1)
d1 = inverse(e, phi1)
pl1 = gmpy2.root(c1, e)
pl1 = pow(c1, d1, n1)
pl1_hex_converted = hex(pl1).split('x')[-1] # convert plaintext to hex
pl1_from_hex_to_ascii = bytearray.fromhex(
pl1_hex_converted).decode() # convert hex to ascii
print("plaintext1 = ", pl1_from_hex_to_ascii)
print(
"\n#####################################################################\n"
)
p2 = ComputeGCD(n2, n3)
q2 = n2 // p2
phi2 = (p2 - 1) * (q2 - 1)
d2 = inverse(e, phi2)
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def modinv(a, m):
gcd, x, y = egcd(a, m)
if gcd != 1:
return None # modular inverse does not exist
else:
return x % m
def int2Text(number, size):
"""Convert an integer into a text string"""
text = "".join(
[chr((number >> j) & 0xff) for j in reversed(range(0, size << 3, 8))])
return text.lstrip("\x00")
#crt
tb = c1 * (n2 * n3) * modinv(n2 * n3, n1)
tc = c2 * (n1 * n3) * modinv(n1 * n3, n2)
td = c3 * (n1 * n2) * modinv(n1 * n2, n3)
c = (tb + tc + td) % (n1 * n2 * n3)
root = int(gmpy2.root(c, 3))
print hex(root)[2:-1].decode('hex')
import gmpy2
from Crypto.Util.number import *
N1 = 60289643029222274358640373862109572905832367237826183141813583202829591109669612949524019698694013632009103378887037677183876999952454652728808888741248281997406751460346721080506423808100281915419838852944218937480402494149772589869774076589478083083904231331135422435887112387158083457945715084009855703843
N2 = 60289643029222274358640373862109572905832367237826183141813583202829591109669612949524019698694013632009103378887037677183876999952454652728808888741248281997406751460346721080506423808100281915419838852944218937480402494149772589869774076589478083083904231331135422435887112387158083457945715084009855703843
c1 = bytes_to_long(
"107792f625f117a5bdbb71ed276f0bf3f977401579e37b78c4663ce44e69eea72f4bcdb4eba81e6b1eee3c5ded268e40dc974e352e3d5762a94c3ab83677b40043226e12adcd57cd65e6098b79fe90b40091b353c4e827c29a5862ac311e315040687babdf339d699eebfdc8e7cf688dd4d2564b28402f039b7b768608197405"
.decode('hex'))
c2 = bytes_to_long(
"01c2deff9ab4282579bb1e9b2f8d8ce937d13c8f79bc4f3b9e7b2ec332bab4db7a7dd2437fae1c5ef72db26d792576b4872d3086b01386b56f82969399227ec2958400390a91c5e66df5456bbc10cab7316b55d601ea273f60e158636a38a9f50754db6d896000c5d51f614775a1918e2fbc98b9ae4d8c37ffe72a3d393cf192"
.decode('hex'))
e = 65537
tA = c1 * (N2 * N1) * gmpy2.invert(N2 * N1, N1)
tB = c2 * (N1 * N2) * gmpy2.invert(N1 * N2, N2)
c = (tA + tB) % (N1 * N2)
m = gmpy2.root(c, e)[0]
print m
q = a // b
a, b = b, a % b
x0, x1 = x1 - q * x0, x0
if x1 < 0:
x1 += b0
return x1
def get_value(filename):
with open(filename) as f:
value = f.readline()
return int(value, 10)
if __name__ == '__main__':
C1 = get_value(CIPHERTEXT_1)
C2 = get_value(CIPHERTEXT_2)
C3 = get_value(CIPHERTEXT_3)
ciphertexts = [C1, C2, C3]
N1 = get_value(MODULUS_1)
N2 = get_value(MODULUS_2)
N3 = get_value(MODULUS_3)
modulus = [N1, N2, N3]
C = chinese_remainder_theorem([(C1, N1), (C2, N2), (C3, N3)])
M = int(root(C, 3))
M = hex(M)[2:]
print(unhexlify(M).decode('utf-8'))
import gmpy2 from Crypto.Util.number import long_to_bytes gmpy2.get_context().precision = 2048 n = 86431753033855985150102208955150746586984567379198773779001331665367046453352820308880271669822455250275431988006538670370772552305524017849991185913742092236107854495476674896994207609393292792117921602704960758666683584350417558805524933062668049116636465650763347823718120563639928978056322149710777096619 e = 43593315545590924566741189956390609253174017258933397294791907025439424425774036889638411588405163282027748339397612059157433970580764560513322386317250465583343254411506953895016705520492303066099891805233630388103484393657354623514864187319578938539051552967682959449373268200012558801313113531016410903723 cipher = 6017385445033775122298094219645257172271491520435372858165807340335108272067850311951631832540055908237902072239439990174700038153658826905580623598761388867106266417340542206012950531616502674237610428277052393911078615817819668756516229271606749753721145798023983027473008670407713937202613809743778378902 pt = gmpy2.root(cipher, e) print(long_to_bytes(pt).decode()) # python3
try:
import gmpy2
except:
print("I will install gmpy2 module...")
print(
"################################# INSTALLING #################################"
)
install_gmpy2 = call("sudo apt-get install python3-gmpy2", shell=True)
print(
"################################# INSTALLED #################################"
)
from Crypto.Util.number import long_to_bytes
gmpy2.get_context().precision = 2048
n = 29331922499794985782735976045591164936683059380558950386560160105740343201513369939006307531165922708949619162698623675349030430859547825708994708321803705309459438099340427770580064400911431856656901982789948285309956111848686906152664473350940486507451771223435835260168971210087470894448460745593956840586530527915802541450092946574694809584880896601317519794442862977471129319781313161842056501715040555964011899589002863730868679527184420789010551475067862907739054966183120621407246398518098981106431219207697870293412176440482900183550467375190239898455201170831410460483829448603477361305838743852756938687673
e = 3
ciphertext = 2205316413931134031074603746928247799030155221252519872649602375643231006596573791863783976856797977916843724727388379790172135717557077760267874464115099065405422557746246682213987550407899612567166189989232143975665175662662107329564517
flag = gmpy2.root(ciphertext, e)
test_pl = pow(plaintext, e)
if (test_pl == ciphertext):
print("This vulnerability is working with these variables!\n")
print(long_to_bytes(flag).decode())
else:
print("This vulnerability is not working with these variables :(")
)
c2 = mpz(
4132099145786478580573701281040504422332184017792293421890701268012883566853254627860193724809808999005233349057847375798626123207766954266507411969802654226242300965967704040276250440511648395550180630597000941240639594
)
c3 = mpz(
43690392479478733802175619151519523453201200942800536494806512990350504964044289998495399805335942227586694852363272883331080188161308470522306485983861114557449204887644890409995598852299488628159224012730372865280540944897915435604154376354144428
)
#enter N here
n1 = mpz(
924506488821656685683910901697171383575761384058997452768161613244316449994435541406042874502024337501621283644549497446327156438552952982774526792356194523541927862677535193330297876054850415513120023262998063090052673978470859715791539316871
)
n2 = mpz(
88950937117255391223977435698486265468789676087383749025900580476857958577458361251855358598960638495873663408330100969812759959637583297211068274793121379054729169786199319454344007481804946263873110263761707375758247409
)
n3 = mpz(
46120424124283407631877739918717497745499448442081604908717069311339764302716539899549382470988469546914660420190473379187397425725302899111432304753418508501904277711772373006543099077921097373552317823052570252978144835744949941108416471431004677
)
#stage 1 - get temp variables
t1 = mpz(c1 * (n3 * n2) * gmpy2.invert((n3 * n2), n1))
t2 = mpz(c2 * (n1 * n3) * gmpy2.invert((n1 * n3), n2))
t3 = mpz(c3 * (n2 * n1) * gmpy2.invert((n2 * n1), n3))
c = (t1 + t2 + t3) % (n1 * n2 * n3)
answer = mpz(gmpy2.root(c, 3))
print("[+]Hex: \n\t" + hex(answer))
print("[+]Text: \n\t" + str(binascii.unhexlify(hex(answer)[2:])))
r, s, d = extended_gcd(n, m)
if d != 1:
raise "Input not pairwise co-prime"
result += a * s * m
# Make sure we return the canonical solution.
return result % N
def extended_gcd(a, b):
x, y = 0, 1
lastx, lasty = 1, 0
while b:
a, (q, b) = b, divmod(a, b)
x, lastx = lastx - q * x, x
y, lasty = lasty - q * y, y
return (lastx, lasty, a)
if __name__ == '__main__':
ciphertexts = [c1, c2, c3]
modulus = [n1, n2, n3]
C = chinese_remainder_theorem([(c1, n1), (c2, n2), (c3, n3)])
M = int(root(C, 3))
print(codecs.decode(hex(M).replace("0x", "").replace("L", ""), "hex"))
def sqrt(n):
return root(n, 2)[0]
