def _after_pq(public_key, secret_key):
p = secret_key.p
q = secret_key.q
secret_key.n = public_key.n = n = p * q
secret_key.n_half = public_key.n_half = n / 2
t, secret_key.invpmq, secret_key.invqmp = gmpy.gcdext(p, q)
secret_key.nsq = public_key.nsq = nsq = n * n
secret_key.qsq = qsq = q * q
secret_key.psq = psq = p * p
t, secret_key.invpsqmqsq, secret_key.invqsqmpsq = gmpy.gcdext(psq, qsq)
secret_key.ordpsq = p * p - p
secret_key.ordqsq = q * q - q
# Calculate Carmichael's function.
secret_key.lm = lm = gmpy.lcm(p - 1, q - 1)
def generate_keys_gmp(bit_length, generate=generate_g_fast):
"""Generating paillier public and secret keys
@type bit_length: int
@type generate: callable
@param generate: a callable which returns a generator g in B
@rtype: tuple(PublicKey, SecretKey)
"""
secret_key = SecretKeyGMP(bit_length)
public_key = PublicKeyGMP(bit_length)
secret_key.p = p = find_random_prime(bit_length / 2)
while 1:
secret_key.q = q = find_random_prime(bit_length / 2)
if p != q:
break
secret_key.n = public_key.n = n = p * q
secret_key.n_half = public_key.n_half = n / 2
t, secret_key.invpmq, secret_key.invqmp = gmpy.gcdext(p, q)
secret_key.nsq = public_key.nsq = nsq = n * n
secret_key.qsq = qsq = q * q
secret_key.psq = psq = p * p
t, secret_key.invpsqmqsq, secret_key.invqsqmpsq = gmpy.gcdext(psq, qsq)
secret_key.ordpsq = p * p - p
secret_key.ordqsq = q * q - q
# Calculate Carmichael's function.
secret_key.lm = lm = gmpy.lcm(p - 1, q - 1)
# Generate a generator g in B.
public_key.g = secret_key.g = g = generate(secret_key)
secret_key.denominv = gmpy.invert(L(crt_pow(g, lm, secret_key), n), n)
return public_key, secret_key
def egcd(x, y):
"""
Calculate Extended GCD
Args:
x : integer
y : integer
Return:
a, b : A Integer satisfy ax + by = gcd(x, y)
g : gcd(x, y)
"""
g, a, b = map(int, gmpy.gcdext(x, y))
return (a, b, g)
def common_modulus_attack(c1, c2, e1, e2, n):
gcd, s1, s2 = gcdext(e1, e2)
if s1 < 0:
s1 = -s1
c1 = invert(c1, n)
if s2 < 0:
s2 = -s2
c2 = invert(c2, n)
v = pow(c1, s1, n)
w = pow(c2, s2, n)
m = (v * w) % n
return m
def common_modules_attack(c1, c2, e1, e2, n):
gcd, s1, s2 = gmpy.gcdext(e1, e2)
if s1 < 0:
s1 = -s1
c1 = gmpy.invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = gmpy.invert(c2, n)
v = pow(c1, s1, n)
w = pow(c2, s2, n)
x = (v * w) % n
return x
def chinese_remainder(pairs):
N = 1
for a, n in pairs:
N *= n
result = 0
for a, n in pairs:
m = N // n
d, r, s = gmpy.gcdext(n, m)
if d != 1:
raise ValueError("Input not pairwise co-prime")
result += a * s * m
return result % N, N
def common_mode_attack(n, e1, e2, c1, c2):
print("[*] Try common mode attack")
_, s1, s2 = gmpy.gcdext(e1, e2)
if s1 < 0:
s1 = -s1
c1 = gmpy.invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = gmpy.invert(c2, n)
m = (pow(c1, s1, n) * pow(c2, s2, n)) % n
print("[*] Maybe success")
print("[!] flag:", long_to_bytes(m))
return 1
def apply(self, ns, evaluation):
'ExtendedGCD[ns___Integer]'
ns = ns.get_sequence()
result = 0
coeff = []
for n in ns:
value = n.get_int_value()
if value is None:
return
new_result, c1, c2 = gcdext(result, value)
result = new_result
coeff = [c * c1 for c in coeff] + [c2]
return Expression('List', Integer(result), Expression('List', *(Integer(c) for c in coeff)))
def attack(n, e1, e2, c1, c2):
rst = gcdext(e1, e2)
s1 = rst[1]
s2 = rst[2]
if s1 < 0:
s1 = -s1
c1 = invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = invert(c2, n)
m = pow(c1, s1) * pow(c2, s2)
return m
def common(c1, c2, e1, e2, n):
"""
Common Modulus Attack
@param c int: cipher
@param e int: public exponent
@param n int: modulus
@return m int: plain text
"""
gcd, s1, s2 = gmpy.gcdext(e1, e2)
if s1 < 0:
s1 = -s1
c1 = gmpy.invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = gmpy.invert(c2, n)
v = pow(c1, s1, n)
w = pow(c2, s2, n)
m = (v * w) % n
return m
def flip_iv(oldplain, newplain, iv):
flipmask = xor_str(oldplain, newplain)
return xor_str(iv, flipmask)
def gcd(a, b):
while b:
a, b = b, a % b
return a
nthroot = lambda a, r: int(gmpy.root(a, r)[0])
modinv = lambda a, m: int(gmpy.invert(a, m))
egcd = lambda x, y: map(int, gmpy.gcdext(x, y))
def str2num(s):
return int(s.encode('hex'), 16)
def num2str(n):
h = hex(n)
if h[-1] == "L": h = h[:-1]
return h[2:].decode('hex')
randstr = lambda n: ''.join(
[random.choice(string.ascii_letters + string.digits) for i in range(n)])
def str2intnew(mystr):
res = ''
for char in mystr:
res = res + str(ord(char))
return res
def str_int(s):
a=0
for i in range(0,len(s)):
a=a+ord(s[i])*256**i
return a
N = gmpy.mpz(1234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234717283950617286419848309592787370341273747873748589842596504841720640394292494902982398728707626152070858561887866820294694355043665630787554216250435696249211077918492329836269203487802969283814463105539751494270071615655993342320948911726155780461076389165979343111846372150233530706650782398611627761941453287668879721303235540318234064753133821318150932201158894328482335388315649950679451828519628822971)
r = int(gmpy.ceil(gmpy.sqrt(N)))
p = gmpy.mpz(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723116269)
q = gmpy.mpz(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723109959)
e = 65537L
phi = (p-1)*(q-1)
d = gmpy.gcdext(e, phi)[1]
if d < 0:
d = d + phi
val = getpass('factor 1')
username = pow(gmpy.mpz(int(val[0])), e, N)
username = 418296719726
password = pow(gmpy.mpz(username), d, N)
print password
def str_int(s):
a = 0
for i in range(0, len(s)):
a = a + ord(s[i]) * 256**i
return a
N = gmpy.mpz(
1234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234717283950617286419848309592787370341273747873748589842596504841720640394292494902982398728707626152070858561887866820294694355043665630787554216250435696249211077918492329836269203487802969283814463105539751494270071615655993342320948911726155780461076389165979343111846372150233530706650782398611627761941453287668879721303235540318234064753133821318150932201158894328482335388315649950679451828519628822971
)
r = int(gmpy.ceil(gmpy.sqrt(N)))
p = gmpy.mpz(
1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723116269
)
q = gmpy.mpz(
1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723109959
)
e = 65537L
phi = (p - 1) * (q - 1)
d = gmpy.gcdext(e, phi)[1]
if d < 0:
d = d + phi
val = getpass('factor 1')
username = pow(gmpy.mpz(int(val[0])), e, N)
username = 418296719726
password = pow(gmpy.mpz(username), d, N)
print password
def extended_euclid(a, m):
return [int(x) for x in gmpy.gcdext(a, m)]
import gmpy
def int2string(i):
ihex = hex(i)[2:-1]
if len(ihex) % 2 != 0:
ihex = '0' + ihex
return ihex.decode('hex')
nthroot = lambda a, r: int(gmpy.root(a, r)[0])
modinv = lambda a, m: int(gmpy.invert(a, m))
egcd = lambda x, y: map(int, gmpy.gcdext(x, y))
