def getStrongPrime(N): """ Génère un nombre premier p de N bits de tel sorte que : (p-1)/2 = q et q aussi premier """ p = getPrime(N) while not miller_rabin((p - 1) // 2): p = getPrime(N) return p
def generate_primes(bitsize): while True: p = number.getPrime(bitsize, randfunc=Random.get_random_bytes) q = number.getPrime(bitsize, randfunc=Random.get_random_bytes) ## Make sure the big primes are not equal + ensure if (p != q) and ((p % 4) == 3) and ((q % 4) == 3): return (p, q)
def Keys(): p = number.getPrime(64, randfunc=Cryptodome.Random.get_random_bytes) q = number.getPrime(64, randfunc=Cryptodome.Random.get_random_bytes) e = number.getPrime(128, randfunc=Cryptodome.Random.get_random_bytes) N = p * q PHI = (p - 1) * (q - 1) d = modinv(e, PHI) return [str(e), str(d), str(N)]
def keygen(security_param=2048): p = number.getPrime(security_param // 2) q = number.getPrime(security_param // 2) key_encryptor = KeyEncryptor.get_instance() key_coder = RabinKeyCoder() public_key = key_coder.encode_public_key(p * q) private_key = key_encryptor.encrypt(key_coder.encode_private_key(p, q)) return public_key, private_key
def gen_key(prime_size = 1024): p = getPrime(prime_size) q = getPrime(prime_size) n = p * q g = n + 1 phi = (p - 1) * (q - 1) l = phi mu = inverse(phi, n) return (n, g), (l, mu)
def __init__(self, key_length): self.e=3 o=0 while gcd(self.e, o)!=1: p, q = getPrime(key_length//2), getPrime(key_length//2) o = nok(p-1, q-1) self.n=p*q self._d=invmod(self.e, o)
def __init__(self, key_length): self.e = 3 euler = 0 while greatest_common_divisor(self.e, euler) != 1: p, q = getPrime(key_length // 2), getPrime(key_length // 2) euler = (p - 1) // greatest_common_divisor((p - 1), (q - 1)) * (q - 1) self.n = p * q self.mod = inversion_by_mod(self.e, euler)
def main_RSA(): # /!\ ec.H returns a 256-bit hash, n & nf have to be at least that large. ## Alice's key p = getPrime(1<<8) q = getPrime(1<<8) e = 65537 # public d = invmod(e,(p-1)*(q-1)) # private n = p*q # modulus msg = b'Everybody knows the captain lied' h = ec.H(msg) sig = pow(h,d,n) # sign assert pow(sig,e,n)==h # verify ## Attack # we want to find e such s^e = h mod nf, for some nf = pf*qf # i.e. s^e = h mod pf and s^e = h mod qf print('Sieving...', end=' ', flush=True) Primes = sieve(1<<14) print('ok.') pf,Pf = gen_smooth_prime(Primes, sig,h, 1<<8) Primes = [r for r in Primes if r not in Pf] # filter out primes from pf-1 qf,Qf = gen_smooth_prime(Primes, sig,h, 1<<8) nf = pf*qf # /!\ pf-1 and qf-1 are not coprime: they have a factor 2 in common. # The congruential system will have a solution iff they are # compatible on that factor, i.e. e_pf = e_qf mod 2 # where e_pf is such that # sig^((pf-1)//2 * e_pf) = h^((pf-1)//2) mod pf # with sig and h primitive roots mod pf. # But if e_pf = 0 mod 2, then h^((pf-1)//2) = 1 mod pf, # contradicting the fact that h is a primitive root. # Hence the only possibility is # e_pf = 1 mod 2 and similarly e_qf = 1 mod 2 # They are always compatible and there exists a unique solution # e mod (pf-1)*(qf-1)//2 print('DL solving...', end=' ', flush=True) epf,emodp = DL_solve(sig,h, pf,Pf) eqf,emodq = DL_solve(sig,h, qf,Qf[1:]) # skip 2 ef,emod = CRT_combine(epf,emodp, eqf,emodq) assert emodp==pf-1 and emodq==(qf-1)//2 and emod==(pf-1)*(qf-1)//2 print('ok.') # Forged key: (ef,df,nf) df = invmod(ef, (pf-1)*(qf-1)) # private key (unused here) print('Verifying with forged RSA key...', end=' ', flush=True) assert pow(sig,ef,nf)==h # verify print('ok.')
def gen_key(size=1<<10): e = 3 # we always want e = 3 here p = getPrime(size>>1) while (p-1)%e == 0: # gcd(e, p-1) != 1 p = getPrime(size>>1) q = getPrime(size>>1) while (q-1)%e == 0: # gcd(e, q-1) != 1 q = getPrime(size>>1) n = p*q phi = (p-1)*(q-1) d = pow(e, -1, phi) K = (e, n) k = (d, n) return (k, K)
def __init__(self): self.n = getPrime(8*8, randfunc=get_random_bytes) self.m = int.from_bytes(get_random_bytes(8), byteorder="big") % self.n self.c = int.from_bytes(get_random_bytes(8), byteorder="big") % self.n self.state = int.from_bytes(get_random_bytes(8), byteorder="big") % self.n for _ in range(randint(128, 1024)): self.state = self.next()
def generate(): f = True n_length = int(input("\nIntroduce the length of your key (2048 bytes common and faster / 4096 bytes safest): ")) while f: e = 65537 p = num.getPrime(n_length//2) q = num.getPrime(n_length//2) n = p*q phi = (p-1)*(q-1) if phi % e == 0: pass else: break #print(f"Your p number is: {p}\nYour q number is: {q}\nYour modulus is: {n}\nPhi is: {phi}") d = euclidean(phi, e) #print(f"Your e number is {e}") #print(f"Your d number is {d}") m = randint(5000,9000) c = (m**e) % n dec = fast_exp(c,d,n) if dec != m: print("ALERT, SOMETHING WENT WRONG, GENERATE YOUR KEYS AGAIN") return 0 rsaKey = RSA.construct((n, e)) pubKey = rsaKey.export_key() pubKey = pubKey.decode('ascii') comps = [n, e, d] privrsaKey = RSA.construct(comps); privKey = privrsaKey.export_key() privKey = privKey.decode('ascii') print("This are your keys: \n") print(f"\n{pubKey}") print(f"\n{privKey}") do = input("\n\nDo you wish to export them?\n Introduce y (yes) or n (no): ") while (do != 'y') and (do != 'n'): do = input("\n\nDo you wish to export them?") if do == 'y': text_file = open("pubKey.txt", 'wt') text_file.write(pubKey) text_file.close() text_file = open("privKey.txt", 'wt') text_file.write(privKey) text_file.close() if do == 'n': return 0
def RandomPrime( bits, prime=0 ): #this function returns a random prime that is larger than 258 while prime < 258: # While prime isn't large enough for RSA... prime = number.getPrime( 1024) # Change prime to random value created through getPrime return (prime) # Return that prime
def test_getPrime(self): """Util.number.getPrime""" self.assertRaises(ValueError, number.getPrime, -100) self.assertRaises(ValueError, number.getPrime, 0) self.assertRaises(ValueError, number.getPrime, 1) bits = 4 for i in range(100): x = number.getPrime(bits) self.assertEqual(x >= (1 << bits - 1), 1) self.assertEqual(x < (1 << bits), 1) bits = 512 x = number.getPrime(bits) self.assertNotEqual(x % 2, 0) self.assertEqual(x >= (1 << bits - 1), 1) self.assertEqual(x < (1 << bits), 1)
def blum_blum_generator(): p = number.getPrime(512) while p % 4 != 3: p = number.getPrime(512) q = number.getPrime(512) while q % 4 != 3: q = number.getPrime(512) n = p * q l = pow(2, 10) s = int(time.time()) x = [pow(s, 2) % n] output = chr(x[0] % 2 + ord("0")) for i in range(1, l): x.append(pow(x[i - 1], 2) % n) output += chr(x[i] % 2 + ord("0")) return output
def gen_key(size=1 << 10): e = 3 # we always want e = 3 here n = 0 while n.bit_length() < size: p = getPrime(size >> 1) while (p - 1) % e == 0: # gcd(e, p-1) != 1 p = getPrime(size >> 1) q = getPrime(size >> 1) while (q - 1) % e == 0: # gcd(e, q-1) != 1 q = getPrime(size >> 1) n = p * q phi = (p - 1) * (q - 1) #d = pow(e, -1, phi) d = inverse(e, phi) K = PubKey(e, n) k = PrivKey(d, n) return (k, K)
def keygen(security_param = 2048): p = number.getPrime(security_param // 2) q = number.getPrime(security_param // 2) n = p*q phi = (p - 1)*(q - 1) e = randint(0, phi) while number.GCD(e, phi) != 1: e = randint(0, phi) key_coder = RsaKeyCoder() public_key = key_coder.encode_public_key(e, n) key_encryptor = KeyEncryptor.get_instance() d = number.inverse(e, phi) private_key = key_encryptor.encrypt(key_coder.encode_private_key(d, n)) return public_key, private_key
def encrypt(x): """ docstring """ k = Crypto_Number.getPrime(bits-1,randfunc=Crypto_Rand.get_random_bytes) y1 = pow(alpha,k,p) y2 = (x*pow(beta,k))%p return y1,y2
def ChooseKeys(choice=1,file=Private_file,file2=Public_file): """ This function generate pubic key and private key """ p,q = None,None if choice == 1: # Auto generate p, q then calculate n, totient (Choice 1) p = Crypto_Number.getPrime(bits, randfunc=Crypto_Rand.get_random_bytes) q = p while q == p: q = Crypto_Number.getPrime(bits, randfunc=Crypto_Rand.get_random_bytes) else: # Auto calculate n, totient (Choice 2) p = int(input("p = ")) q = p while p == q: q = int(input("q = ")) n = p * q totient = (p - 1) * (q - 1) # generate e e = ChooseE(totient) # calculate d d = Module.egcd(e,totient) # save to file ## Private key try: with open(file,'w+') as pri_file: pri_file.write(str(n)+'\n') pri_file.write(str(d)+'\n') pri_file.close() except IOError or FileExistsError or FileNotFoundError: print("Can't write to file!!!") print(traceback.format_exc()) # for debug ## Public key try: with open(file2, 'w+') as pub_file: pub_file.write(str(n)+'\n') pub_file.write(str(e)+'\n') pub_file.close() except IOError or FileExistsError or FileNotFoundError: print("Can't write to file!!!") print(traceback.format_exc())
def _generate_prime(self) -> int: """ Helper function to generate a prime number from the instance variable n_bits, raises an error if this is not set. n_bits is either set when an instance is initialized or when a prime is loaded from binary data. """ if self.n_bits is None: raise ValueError("n_bits is not specified, cannot generate prime. Either specify n_bits or use read " "function to import prime from file") print(f"Generating prime with {self.n_bits} bits...") return number.getPrime(self.n_bits)
def rsa(m): p, q = 0, 0 while not (q < p < 2 * q): p = number.getPrime(514) q = number.getPrime(514) n = p * q e = 65537 v_phi = (p - 1) * (q - 1) g, x, y = euclid_extins(e, v_phi) d = x % v_phi c = pow(m, e, n) start_time = time.time() dec = pow(c, d, n) elapsed_time = time.time() - start_time print("Mesaj: " + str(m)) print("Mesaj criptat: " + str(c)) print("Mesaj decriptat: " + str(dec)) print("Timp de executie pentru decriptarea obisnuita: ") print("%s secunde" % elapsed_time) start_time = time.time() dec_crt = rsa_crt_dec(d, p, q, c) elapsed_time = time.time() - start_time print("\nMesaj decriptat cu CRT: " + str(dec_crt)) print("Timp de executie pentru decriptarea cu TCR: ") print("%s secunde" % elapsed_time) d = n while math.gcd(d, v_phi) != 1 or 81 * (d**4) >= n: d = number.getRandomNBitInteger(32) g, x, y = euclid_extins(d, v_phi) e = x % v_phi print("Actual p and q: " + str(p) + " " + str(q)) print("Actual d: " + str(d)) wiener_attack(n, e)
def keygen_dh(key_size, use_group, dh_group, dh_mod_size, dh_p, dh_g): if use_group == True: dh_p = modp_groups[dh_group]['p'] dh_g = modp_groups[dh_group]['g'] dh_mod_size = size(dh_p) else: # check parameters, assign defaults if necessary if dh_p != None: dh_mod_size = size(dh_p) # print('###########:', key_size, dh_mod_size, flush = True) # generate new safe prime to define finite field # This is pretty efficient if dh_p == None: dh_p = 0 count = 0 while not isPrime(dh_p): count += 1 q = getPrime(dh_mod_size - 1) dh_p = (2 * q) + 1 #print('Fresh q:', count, q, flush = True) #print('Fresh p:', count, dh_p, flush = True) #define new generator for the finite field if dh_g == None: dh_g = 2 generator_found = False count2 = 0 while (generator_found == False) and (dh_g < dh_p): count2 += 1 generator_found = True #print('&&&&&&&&&&:', count2, 1) if pow(dh_g, 2, dh_p) == 1: generator_found = False #print('&&&&&&&&&&:', count2, 2) if generator_found == True and pow(dh_g, q, dh_p) == 1: generator_found = False #print('&&&&&&&&&&:', count2, 3) if generator_found == False: dh_g += 1 #print('&&&&&&&&&&:', count2, 4) #print('Fresh g:', count2, dh_g) #DH Group Parameters have now been established #generate new exponent (secret key derivation value) dh_x = getRandomNBitInteger(key_size) #generate dh_X = dh_g ** dh_x (mod dh_p) (public key derivation value) dh_X = pow(dh_g, dh_x, dh_p) #first value must remain secret, the rest is public return (dh_x, dh_X, dh_g, dh_p)
def jacobi_generator(): false_pos_prob = 0.000000000000000000000001 p = number.getPrime(512) while not (number.isPrime(p, false_pos_prob)) or p % 4 != 3: p = number.getPrime(512) q = number.getPrime(512) while not (number.isPrime(q, false_pos_prob)) or q % 4 != 3: q = number.getPrime(512) n = p * q l = pow(2, 10) a = int(time.time() * 1000) while math.gcd(a, n) != 1: a = int(time.time()) output = "" for i in range(1, l): jacobi_symbol = jacobi(a + i, n) if jacobi_symbol == 0: return "error" if jacobi_symbol == -1: jacobi_symbol = 0 output += chr(jacobi_symbol + ord("0")) return output
def main(): # p = 329263086039022862010758005107860925059 # q = 312629737368228721811040745580846410531 # e = 17684950237965090779 p = getPrime(KEY_SIZE) q = getPrime(KEY_SIZE) e = getPrime(E_SIZE) print(f'p: {p}, q: {q}, e: {e}') print() public_key, private_key = generate_keypair(p, q, e) print(f'pub_key: {public_key}') print(f'pri_key: {private_key}') print() msg = b'easy rsa!' ciphertext = encrypt(public_key, msg) print(f'ciphertext: {ciphertext}') plaintext = decrypt(private_key, ciphertext) print(f'plaintext: {plaintext}')
def generate_keypair(p, q, e=0): assert p != q assert isPrime(p) and isPrime(q) n = p * q phi = (p - 1) * (q - 1) if not e: e = getPrime(E_SIZE) assert e < phi # e & phi co-prime g, _, _ = egcd(e, phi) assert g == 1 d = modular_inverse(e, phi) # Public key: (n, e), Private key: (n, d) return ((n, e), (n, d))
def test(tcount, bits=256): n = getPrime(int(bits / 8)) #n = rsa.get_prime(bits / 8, 20) p = randint(1, n) p1 = (randint(1, n), randint(1, n)) q = curve_q(p1[0], p1[1], p, n) p2 = mulp(p, q, n, p1, randint(1, n)) c1 = [randint(1, n) for i in range(tcount)] c2 = [randint(1, n) for i in range(tcount)] c = list(zip(c1, c2)) t = time.time() for i, j in c: from_projective( addf(p, q, n, mulf(p, q, n, to_projective(p1), i), mulf(p, q, n, to_projective(p2), j)), n) t1 = time.time() - t t = time.time() for i, j in c: muladdp(p, q, n, p1, i, p2, j) t2 = time.time() - t return tcount, t1, t2
def test(tcount, bits=256): n = getPrime(int(bits/8)) #n = rsa.get_prime(bits / 8, 20) p = randint(1, n) p1 = (randint(1, n), randint(1, n)) q = curve_q(p1[0], p1[1], p, n) p2 = mulp(p, q, n, p1, randint(1, n)) c1 = [randint(1, n) for i in range(tcount)] c2 = [randint(1, n) for i in range(tcount)] c = list(zip(c1, c2)) t = time.time() for i, j in c: from_projective(addf(p, q, n, mulf(p, q, n, to_projective(p1), i), mulf(p, q, n, to_projective(p2), j)), n) t1 = time.time() - t t = time.time() for i, j in c: muladdp(p, q, n, p1, i, p2, j) t2 = time.time() - t return tcount, t1, t2
def initialization(nbit): p = number.getPrime(nbit, os.urandom) q = number.getPrime(nbit, os.urandom) n = p * q phi = (p - 1) * (q - 1) return n, phi
# Reconstruct the y-coordinate when curve parameters, x and the sign-bit of # the y coordinate are given: def y_from_x(x, p, q, n, sign): """Return the y coordinate over curve (p, q, n) for given (x, sign)""" # optimized form of (x**3 - p*x - q) % n a = (((x * x) % n - p) * x - q) % n if __name__ == "__main__": from Cryptodome.Random.random import randint from Cryptodome.Util.number import getPrime import time t = time.time() n = getPrime(int(256 / 8)) #n = rsa.get_prime(256 / 8, 20) tp = time.time() - t p = randint(1, n) p1 = (randint(1, n), randint(1, n)) q = curve_q(p1[0], p1[1], p, n) r1 = randint(1, n) r2 = randint(1, n) q1 = mulp(p, q, n, p1, r1) q2 = mulp(p, q, n, p1, r2) s1 = mulp(p, q, n, q1, r2) s2 = mulp(p, q, n, q2, r1) # s1 == s2 tt = time.time() - t def test(tcount, bits=256):
def getprimewithseed(self, bit, seed): random.seed(seed) return number.getPrime(bit, self._randfunc)
def __init__(self): self.p = number.getPrime(BITS) self.a = random.getrandbits(BITS) % self.p self.g = 2 self.bibsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.bibsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
from Cryptodome.Util.number import bytes_to_long, long_to_bytes import Crypto_module as Module from Crypto_module import clear from Cryptodome.Util import number as Crypto_Number from Cryptodome import Random as Crypto_Rand #Define bits = 10 p = Crypto_Number.getPrime(bits,randfunc=Crypto_Rand.get_random_bytes) alpha = 2 a = Crypto_Number.getRandomInteger(bits-1,randfunc=Crypto_Rand.get_random_bytes) beta = pow(alpha,a,p) #encrypt def encrypt(x): """ docstring """ k = Crypto_Number.getPrime(bits-1,randfunc=Crypto_Rand.get_random_bytes) y1 = pow(alpha,k,p) y2 = (x*pow(beta,k))%p return y1,y2 def Decrypt(y1,y2): """ docstring """ t1 = pow(y1,alpha,p) t2 = Module.egcd(t1,p) x = (y2*t2)%p
# Reconstruct the y-coordinate when curve parameters, x and the sign-bit of # the y coordinate are given: def y_from_x(x, p, q, n, sign): """Return the y coordinate over curve (p, q, n) for given (x, sign)""" # optimized form of (x**3 - p*x - q) % n a = (((x * x) % n - p) * x - q) % n if __name__ == "__main__": from Cryptodome.Random.random import randint from Cryptodome.Util.number import getPrime import time t = time.time() n = getPrime(int(256/8)) #n = rsa.get_prime(256 / 8, 20) tp = time.time() - t p = randint(1, n) p1 = (randint(1, n), randint(1, n)) q = curve_q(p1[0], p1[1], p, n) r1 = randint(1, n) r2 = randint(1, n) q1 = mulp(p, q, n, p1, r1) q2 = mulp(p, q, n, p1, r2) s1 = mulp(p, q, n, q1, r2) s2 = mulp(p, q, n, q2, r1) # s1 == s2 tt = time.time() - t def test(tcount, bits=256):