def crt(remainders, moduli, coprime = True):
"""Chinese Remainder Theorem.
:param remainders: list of remainders.
:param moduli: list of modulies.
:param coprime: (optional) set ``False`` if modulies are not coprimes.
"""
assert(has_gmpy2)
assert(len(remainders) == len(moduli))
if not coprime:
v, m = remainders[0], moduli[0]
for u, n in zip(remainders, moduli)[1:]:
g, s, t = gmpy2.gcdext(m, n)
assert(v % g == u%g)
v += s * m / g * (u - v)
m *= n / g
return (v % m, m)
p = reduce(lambda x, y : x * y, moduli)
v = 0
for u, m in zip(remainders, moduli):
e = p / m
g, s, t = gmpy2.gcdext(e, m)
v += e * (u * s % m)
return (v % p, p)
def gmgj(n, c1, c2, e1, e2):
s = gmpy2.gcdext(e1, e2)
s1 = s[1]
s2 = -s[2]
c2 = gmpy2.invert(c2, n)
m = (pow(c1, s1, n) * pow(c2, s2, n)) % n
print(libnum.n2s(m))
def main():
IP = sys.argv[1] if len(sys.argv) > 1 else '0.0.0.0'
PORT = 7702
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
sock.settimeout(30)
sock.connect((IP, PORT))
file = sock.makefile('rwb')
print(file.readline().strip().decode())
print(file.readline().strip().decode())
sender_n, sender_e = literal_eval(read_data(file))
receiver_n, receiver_e = literal_eval(read_data(file))
assert sender_n == receiver_n
n = sender_n
message1 = int(read_data(file))
message2 = int(read_data(file))
message3 = int(read_data(file))
g, x, y = gcdext(sender_e, receiver_e)
if g > 1:
return main()
flag = int((pow(message1, x, n) * pow(message3, y, n)) % n)
print(flag.to_bytes((n.bit_length() + 7) // 8, 'big').strip(b'\x00'))
return
def decrypt(ct, pk, sk):
c, s = ct
N = pk
p, q = sk
h = len(bin(len(bin(N)[2:]))[2:]) - 1
if len(bin(c)[2:]) % h != 0:
c = '0' * (h - len(bin(c)[2:]) % h) + bin(c)[2:]
else:
c = bin(c)[2:]
t = len(c) // h
d_p = (((p + 1) // 4)**(t + 1)) % (p - 1)
d_q = (((q + 1) // 4)**(t + 1)) % (q - 1)
u_p = pow(s, d_p, p)
u_q = pow(s, d_q, q)
_, r_p, r_q = gmpy2.gcdext(p, q)
C = [c[h * i: h * i + h] for i in range(t)]
pt_list = []
for xorkey in range(2**h):
s_0 = (u_q * r_p * p + u_p * r_q * q) % N
M = []
for i in range(t):
s_i = pow(s_0, 2, N)
k = bin(s_i)[2:][-h:]
m = bin(int(C[i], 2) ^ int(k, 2) & xorkey)[2:].zfill(h)
M.append(m)
s_0 = s_i
pt = long_to_bytes(int(''.join(M), 2))
pt_list.append(pt)
return pt_list
def chinrest(aas, ns):
count = len(aas)
m = 1
ms = [1] * count
ees = [mpz(0)] * count
# product of all ns
for i in range(0, count):
m = gmpy2.mul(m, ns[i])
# products of all but one ns
for i in range(0, count):
ms[i] = gmpy2.div(m, ns[i])
# extended euclid to get the factors
for i in range(0, count):
ggtn, r, s = gmpy2.gcdext(mpz(ns[i]), mpz(ms[i]))
ees[i] = gmpy2.mul(s, ms[i])
# calculating x
x = 0
for i in range(0, count):
x = gmpy2.add(x, gmpy2.mul(aas[i], ees[i]))
# making x positive. just in case
x = gmpy2.t_mod(mpz(x), mpz(m))
while x < 0:
x = gmpy2.t_mod(mpz(x + m), mpz(m))
return m, x
def attack(c1, c2, e1, e2, n):
# WRITE YOUR CODE HERE!
s = gmpy2.gcdext(e1, e2)
s1 = s[1]
s2 = s[2]
tmp1 = gmpy2.powmod(c1, s1, n)
tmp2 = gmpy2.powmod(c2, s2, n)
return (tmp1 * tmp2) % n
def CRT(items): N = reduce(lambda x, y: x * y, (i[1] for i in items)) result = 0 for a, n in items: m = N // n d, r, s = gmpy2.gcdext(n, m) result += a * s * m return result % N, N
def CRT(c, n):
M = functools.reduce(lambda x,y: x*y, n)
total = 0
for ci,ni in zip(c,n):
Mi = M // ni
# gmpy2.gcdext(Mi, ni) == (result, a, b)
total += (gmpy2.gcdext(Mi, ni)[1] % ni) * Mi * ci
return total % M
def common_modulus(n, c1, e1, c2, e2):
s = gmpy2.gcdext(e1, e2)
m1 = gmpy2.powmod(c1, s[1], n)
m2 = gmpy2.powmod(c2, s[2], n)
m = (m1 * m2) % n
unhexlify = binascii.unhexlify(hex(m)[2:])
print(unhexlify)
return unhexlify
def egcd(a, b):
"""extended gcd
:return: g, x, y such that x * a + y * b == g and x > 0
"""
g, x, y = map(int, gmpy2.gcdext(a, b))
x %= (b // g)
y = (g - x * a) // b
return g, x, y
def CRT(items):
N = reduce(lambda x, y: x * y, (i[1] for i in items))
result = 0
for a, n in items:
m = N / n
d, r, s = gmpy2.gcdext(n, m)
if d != 1: raise Exception("Input not pairwise co-prime")
result += a * s * m
return result % N, N
def CTR(a, m):
result = 0
M = 1
for t in m:
M = M * t
for i in range(0, len(a)):
s = gmpy2.gcdext(M / m[i], m[i])
result = result + a[i] * (M / m[i]) * s[1]
return result % M
def work(c1, c2, e1, e2, n):
gcd, s, t = gmpy2.gcdext(e1, e2)
if s < 0:
s = -s
c1 = gmpy2.invert(c1, n)
if t < 0:
t = -t
c2 = gmpy2.invert(c2, n)
return gmpy2.powmod(c1, s, n) * gmpy2.powmod(c2, t, n) % n
def crt(residues, moduli):
# 中国剩余定理实现参考: https://en.wikipedia.org/wiki/Chinese_remainder_theorem#A_constructive_algorithm_to_find_the_solution
x = 0
N = moduli[0] * moduli[1] * moduli[2]
for i in range(3):
(_, r, s) = gmpy2.gcdext(moduli[i], N // moduli[i])
e = s * N // moduli[i]
x += residues[i] * e
return x % N
def generate_key(self):
bits = self._n.bit_length()
while True:
e = getrandbits(bits) % self._phi
g, d, _ = gcdext(e, self._phi)
if g == 1 and d.bit_length() == e.bit_length():
break
return e, d
def sameModula(n, e1, e2, c1, c2):
g, x1, x2 = gm.gcdext(e1, e2)
if x1 < 0:
c1 = gm.invert(c1, n)
x1 = -x1
if x2 < 0:
c2 = gm.invert(c2, n)
x2 = -x2
p = gm.powmod(c1, x1, n) * gm.powmod(c2, x2, n) % n
return p
def share_N(N, e1, e2, c1, c2):
gcd, s, t = gmpy2.gcdext(e1, e2)
if s < 0:
s = -s
c1 = gmpy2.invert(c1, N)
if t < 0:
t = -t
c2 = gmpy2.invert(c2, N)
plain = gmpy2.powmod(c1, s, N) * gmpy2.powmod(c2, t, N) % N
log.info('Here are your plain text: \n' + libnum.n2s(plain))
def crt(residues, moduli):
# 中国剩余定理实现参考: https://en.wikipedia.org/wiki/Chinese_remainder_theorem#A_constructive_algorithm_to_find_the_solution
x = 0
N = moduli[0] * moduli[1] * moduli[2]
for i in range(3):
(_, r, s) = gmpy2.gcdext(moduli[i], N // moduli[i])
e = s * N // moduli[i]
x += residues[i] * e
return x % N
def attack_com_mode(n, c1, c2, e1, e2):
# g为e1和e2的最大公约数
g, s, t = gmpy2.gcdext(e1, e2)
m = pow(c1, s, n) * pow(c2, t, n) % n
y, b = gmpy2.iroot(m, g)
k = 2
while not b:
att_m = m + k * n
y, b = gmpy2.iroot(att_m, g)
k += 1
return y
def decrypt(ct, p, q):
N = p*q
x_p = pow(ct, (p + 1) // 4, p)
x_q = pow(ct, (q + 1) // 4, q)
_, a, b = gcdext(p, q)
x1 = (x_p*b*q + x_q*a*p) % N
x2 = (x_p*b*q - x_q*a*p) % N
for pt in (x1, N-x1, x2, N-x2):
if int(bin(pt)[-8:], 2) == ord('X'):
return pt
def common_modulus_attack(c1, c2, e1, e2, n):
_, s1, s2 = gmpy2.gcdext(e1, e2)
if s1 < 0:
s1 = -s1
c1 = gmpy2.invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = gmpy2.invert(c2, n)
c1s1 = pow(c1, s1, n)
c2s2 = pow(c2, s2, n)
m = (c1s1 * c2s2) % n
return m
def common_modulus(n, e1, e2, c1, c2):
"""
ref:
∵gcd(e1,e2)==1,∴由扩展欧几里得算法,存在e1*s1+e2*s2==1
∴m==m^1==m^(e1*s1+e2*s2)==((m^e1)^s1)*((m^e2)^s2)==(c1^s1)*(c2^s2)
"""
assert (libnum.gcd(e1, e2) == 1)
_, s1, s2 = gmpy2.gcdext(e1, e2)
# 若s1<0,则c1^s1==(c1^-1)^(-s1),其中c1^-1为c1模n的逆元。
m = pow(c1, s1, n) if s1 > 0 else pow(gmpy2.invert(c1, n), -s1, n)
m *= pow(c2, s2, n) if s2 > 0 else pow(gmpy2.invert(c2, n), -s2, n)
return m % n
def common_modulus_attack(c1, c2, e1, e2, n):
gcd, s1, s2 = gmpy2.gcdext(e1, e2)
if s1 < 0:
s1 = -s1
c1 = gmpy2.invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = gmpy2.invert(c2, n)
v = pow(c1, s1, n)
w = pow(c2, s2, n)
m = (v * w) % n
return m
def common_modulus_attack(modulus, exp1, exp2, msg1, msg2):
"""
Perform RSA Common Modulus Attack, given the modulus, two exponents
and two ciphertexts as integers.
Returns the plaintext as an integer.
"""
g, s, t = gmpy2.gcdext(exp1, exp2)
if g != 1:
print("Error: GCD of the two exponents is not 1!")
exit(1)
tmp1 = gmpy2.powmod(msg1, s, modulus)
tmp2 = gmpy2.powmod(msg2, t, modulus)
return int(gmpy2.mod(tmp1 * tmp2, modulus))
def demsn(e, c, n=[]):
for i in n:
for j in n:
if not (i == j):
pub_p = gmpy2.gcdext(i, j)
if not (pub_p[0] == 1) & (i > j):
print(i, j, p[0])
a = i, p = pub_p[0]
q = a / p
n = p * q
phi = (p - 1) * (q - 1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
print(hex(m))
def crt(a, m):
'''
Input: [a_1, ... a_n], [m_1, ..., m_n]
x = a_1 (mod m_1)
x = a_2 (mod m_2)
...
x = a_n (mod m_n)
Output: x
'''
prod, total = functools.reduce(lambda x, y: x * y, m), 0
for ai, mi in zip(a, m):
Mi = prod // mi
total += ai * Mi * (gmpy2.gcdext(Mi, mi)[1] % mi)
return total % prod
def common_modulus_attack(c1, c2, e1, e2, n):
# original source: http://inaz2.hatenablog.com/entry/2016/01/15/011138
gcd, s1, s2 = gmpy2.gcdext(e1, e2)
if s1 < 0:
s1 = -s1
c1 = gmpy2.invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = gmpy2.invert(c2, n)
v = pow(c1, s1, n)
w = pow(c2, s2, n)
m = (v * w) % n
return m
def crt(remainders, moduli, coprime = True):
"""Chinese Remainder Theorem.
:param remainders: list of remainders.
:param moduli: list of modulies.
:param coprime: (optional) set ``False`` if modulies are not coprimes.
"""
if not coprime:
iternums = iter(zip(remainders, moduli))
v, m = next(iternums)
for u, n in iternums:
g, s, t = gmpy2.gcdext(m, n)
assert(v % g == u%g)
v += s * m // g * (u - v)
m *= n // g
return (v % m, m)
p = reduce(lambda x, y : x * y, moduli)
v = 0
for u, m in zip(remainders, moduli):
e = p // m
g, s, t = gmpy2.gcdext(e, m)
v += e * (u * s % m)
return (v % p, p)
def crt(remainders, moduli, coprime=True):
"""Chinese Remainder Theorem.
:param remainders: list of remainders.
:param moduli: list of modulies.
:param coprime: (optional) set ``False`` if modulies are not coprimes.
"""
if not coprime:
iternums = iter(zip(remainders, moduli))
v, m = next(iternums)
for u, n in iternums:
g, s, t = gmpy2.gcdext(m, n)
assert (v % g == u % g)
v += s * m // g * (u - v)
m *= n // g
return (v % m, m)
p = reduce(lambda x, y: x * y, moduli)
v = 0
for u, m in zip(remainders, moduli):
e = p // m
g, s, t = gmpy2.gcdext(e, m)
v += e * (u * s % m)
return (v % p, p)
def main():
print 'Challenge 1'
A = isqrt(N1) + 1
x = isqrt(A * A - N1)
p = A - x
q = A + x
phiN = mpz(p - 1) * mpz(q - 1)
print 'p: ', p
print 'q: ', q
print 'Check: ', p * q == N1
print
print 'Challenge 2'
A0 = isqrt(N2) + 1
AN = A0 + 2**20
for A in range(A0, AN):
x = isqrt(A * A - N2)
p = A - x
q = A + x
if (p * q == N2):
break
print 'p: ', p
print 'q: ', q
print 'Check: ', p * q == N2
print
print 'Challenge 3'
N3_p = 24 * N3
A = isqrt(24 * N3) + 1
x = isqrt(A * A - N3_p)
p_p = A - x
q_p = A + x
p = p_p / 6
q = q_p / 4
print 'p: ', p
print 'q: ', q
print 'Check: ', p * q == N3
print
print 'Challenge 4'
e = mpz('65537')
[g, d, dummy] = gcdext(e, phiN)
m = gmpy2.powmod(c, d, N1)
m = hex(m)
m = m[-56:]
print m
print unhexlify(m)
def attack4(N, e, c):
"""Given RSA modulus N with |p-q|<2N^(1/4)
public exponent e,
and ciphertext c
Note: e.d=1 mod(phi(N))
"""
p, q = attack1(N)
phi = (p - 1) * (q - 1)
#print(p*q)
g, s, t = gcdext(e, phi)
d = s
m = pow(c, d, N)
print("Decrypted message ", m)
print("Hex encoding", hex(m))
def Common_Mode_Attack(M):
e1, e2, N, = get_key() #生成公钥
# M = input("请输入待加密明文:")
M = convert_to_int(M) #将输入ascii码转换为数字
C1 = []
C2 = []
for number in M:
C1.append(fast_power(number, e1, N))
C2.append(fast_power(number, e2, N))
#分别用e1和e2对同一段明文加密
print('N:', N)
print('C1:', ''.join(map(str, C1)))
print('C2:', ''.join(map(str, C2)))
print('e1:', e1)
print('e2:', e2)
print('开始计算使得e1*s1+e2*s2=1成立的s1与s2')
s = gcdext(e1, e2)
s1 = s[1]
s2 = s[2]
#扩展欧几里得算法,找出使e1*s1+e2*s2=1成立的s1和s2
print('\n经过计算后')
print('s1=', s1)
print('s2=', s2)
M1 = []
if s1 < 0:
t = s1
s1 = -s1
C11 = []
for i in range(len(C1)):
C11.append(invert(C1[i], N)) #invert()为求模逆的函数
M1.append(pow(C11[i], s1, N) * pow(C2[i], s2, N) % N)
print('由于s1<0,求得C1模N逆为', ''.join(map(str, C11)))
elif s2 < 0:
s2 = -s2
C22 = []
for i in range(len(C2)):
C22.append(invert(C2[i], N))
M1.append(pow(C1[i],s1,N) * pow(C22[i], s2, N) % N)
print('由于s2<0,求得C2模N逆为', ''.join(map(str, C22)))
#根据s1和s2的正负,判断是否对c1或c2进行模逆操作
M2 = convert_to_ascii(M1) #将得到的数字转变为ascii码
print('攻击后得到原文:', M2)
return e1, e2, t, s2, M2, N
def key_gen(self, bits, prime_numbers=4):
delta = randint(5, 15)
bit_prime = int(bits // prime_numbers)
P = [next_prime(number.getPrime(bit_prime) + 1)]
for i in range(1, prime_numbers):
P.append(next_prime(P[i - 1] * delta))
n = self.__compute_module(P)
phi = self.__compute_phi(P)
for d_next in count(int(pow(P[0] // 2, 0.5)), -1):
g, e, __ = gcdext(d_next, phi)
if (1 < e < n) and (g == 1) and (gcd(phi, e) == 1):
d = d_next
break
self.public_key = (e, n)
self.secret_key = (d, n)
import gmpy2, binascii
N = 968303207185607392933798782387689522656147561712795299283882287440997111985337043607347852676675972362918419582716466493901827460706450708953088746657795254328535683015238473202723829157430427867421087226189467195646844668802837819623414935635764658530099227590830741510249221895574884771436827770318305551317176839494597881542410308108175111834839215570956517340899194288784858826431213509713952528866287993390613948062491441610747107348648602379185114554723774040662560407455840832110271813933032624805073788024993067973148443925303253795470847563536231692617336003345253420781728080545107013979989225215051608062044642404350318860297552684325830122651066498471494796197140830046228424107290568844093340204267361082742078820287806283549564233943675107998076566543352390069511549956964748416720763513751358887667167332126080075430087233981966806427580520370257808050907653401104327326631097877139317246068499669501296942050536122626128764679345686334508003799157031148558906404519754488943090430614449734145826672306815863417618237639635345018467258462900064790890385390508718602990300495726938127324285656651880960536234978827321187318512537049899040749483345012221361131129792213254633506153185302186568540749980375628514235030855807045314709882496753074374605804287524700316006092896795420448048753563680014346711220542647330945566829248331838201572696721484611259634434782075831402355726031168909134250473545733318680648535591393583591753681796583867361941369612638709097786386797652973805166862674686551290098101135899770942208220247225222462958306451292887778107274202080862990165408064372884914158792725013116440247234948462221463395579778209416361358418236648009499845276591742121866289571920719060295618309551857388542560147442529378101156132620061921583469878917947302508627776695573047820182057510772384875135795550437710313658255283287862276198618250884260442348343850066240114035518636573845052654416580159067713183299304803538785632234238046467384672538122045063632667757962772674939972792679509851714820791391542209183895101043149418861154827906828713093460640624918161442498432261330207213585143333235283987920999836862245963629061098253465280043891903366631221500293216287006734530837307036369234284523611530022158837165369780256375911835104289853776157817361701638375344905311830460059612259798600223588322136072986423796319913187356442617636479007538166981641749486826645166479345057550622122298936583765413411917302326827553940008588471939786317
e1 = 13218197 / 17
e2 = 13325773 / 17
c1 = 421111161283346431452404838872906910488956231402567019627078538397015129219548039141380131693083805603634832115136344104821561027925864923901767159809798556819390401416411855168293007844311613426948800208007055064348403326803934387258467126612219000171854953396242427891713082121012531213725355828779993888182933907101893044052692649728535361366924432892126370724588453260805681821935597271080255619110465374127164951502400983809536186925456642086304791751551216044579863129291165009342909475237361181743987301745314378124693429484474503217504889965795409106282650296184945237152875186651795552666842345066169360660546054986708172417429052514059615434084086154415920830883055729609108788179781445658162049137989591033198225687070565856609516100367268190340309308157085784134411282761584130225746032198957351227779773001865341915642873414205377145922729731246073639219795924517066513774579919237687232502798978463575009663263447306363691670476046609459059167879832079562689979943552446917015778003739858532004479603764374411135699895655736013845369551111690464128448955486337191304960262873891918387298035244888743768954328136862535082300010994461970837930794524673040694310506226189740828318579439950518115967189869637345638498098713092489244636082588805772227797143449747153355341250697133905040459624514982099584435140538668878747129925880019957973864264834954951976218071371679757509297492047186840975743403271896047156768874314108910566561868784522463064748746223313798316236978642468003218086919263188950066989044210829301678555320837086377545741001736801163743516580353549217680694256032377932133575488109549594325464409000682442042651791171660390153162096538381581148625792618196174157168997050557100450557288143739840824092541232969307054965994887340364612034225310418659933594966854225109483090892335755747449339249960596843266176465016510244036725441439565001070917883074011690676911331738356675397441288471244334501091751395240775991013123686801229872759306547212076067886148629332008410208267030715989530663720054487572883736818402878156320070866728567321649066842627412668340251628750512807830348760198570727092664649603270152943231283098179852700308804060616603604109118233213539629764618927518884532667481665405755714542980086417296700138731812815602896287231173509006149715343922041354056256194681983557852276963918040964106582078239501915086320391282791023780691061950154312894926940866878046518974877055347229774579384836298084254309194742164500782
c2 = 905336011260893181451937420601175770518313987534058470576409049452599974940736949020892631904955374029696187995214208522797070994604711663756814784706053753391830801248808142181434422224620348115969075398677162880328104668870990618955018212918253536803780269490731174871303579036880145367252409300321511403369634435527150000969450834032455903281526350857234024199221097951905683106432984567192925721856154512618509568221546898136983740670694848845816274649037002810596080076911851084982546841069002779200879395931456796911067433329924739943299552475793965462348342813683729525726622940637841204356613245154725191731818570068876251576706021876289420301350487275708440713574921631267131651109260124766475594710481161866254565495750886839979733888772439130815149472846472765436552529628205718020374215877005469575372812773398343007234021177110808440750777736752300216949812950208548770769356889084232841311299404061610926387440620373137543532240294565244268885021138356121583352086433040479579285669028705571672002026293450745788592556823683194951826864141604029265650908715426822940827714455571796485962047146479512064410497475912291097113335318214286537554114706858926411912595063427662813512257156617697572638072509013871077829931469009241562237896598800666350337578826848041056097241547835195327840625894306586665539851835002956883837883293039313345815320389859457247452362675082429215289259947007386622301346393036750250168159297672722825807855637539796284414040339895615478904699195785762873300869004533530925681372154050324943727448464697359515536114806520493724557784204316395281200493439754546212305945038548703862153513568552164320556554039878316192239576925690599059819274827811660423411125130527352853059068829976616766635622188402967122171283526317336114731850274527784991508989562864331372520028706424190362623058696630974348010681878756845430600722349325469186628612347668798617024215127322351935893754437838675067920448401031834465304168738463170328598024532652790234530162187677742373772610227011372650971705426850962132725369442443471111605896253734934335599889785048210986345764273409091402794347076211775580564523705131025788768349950799136508286891544854890654019681560870443838699627458034827040931554727774022911060988866035389927962128604944287104134091087855031454577661765552937836562030914936714391213421737277968877508252894207799747341644008076766221537325719773971004607956958298021339118374168598829394997802039272072755111105775037781715
g, s, t = gmpy2.gcdext(e1, e2)
assert e1 * s + e2 * t == 1
if s < 0 and t > 0:
c1i = gmpy2.invert(c1, N)
m = (pow(c1i, -s, N) * pow(c2, t, N)) % N
elif s > 0 and t < 0:
c2i = gmpy2.invert(c2, N)
m = (pow(c1, s, N) * pow(c2i, -t, N)) % N
else:
print "WTF", e1, e2, s, t
exit()
for i in xrange(1024):
a = 1 << (i*8)
a17 = pow(a, 17, N)
a17i = gmpy2.invert(a17, N)
m2 = (m * a17i) % N
mroot, foundexact = gmpy2.iroot(m2, 17)
def modInv(num, base):
return gmpy2.gcdext(num, base)[1]
def main():
assert gmpy2.gcd(2108, 3720) == gcd(2108, 3720)
assert gmpy2.gcdext(3720, 2108) == gcdext(3720, 2108)
print(gmpy2.gcdext(210, -330))