Пример #1
0
def crt(remainders, moduli, coprime = True):
    """Chinese Remainder Theorem.

    :param remainders: list of remainders.
    :param moduli: list of modulies.
    :param coprime: (optional) set ``False`` if modulies are not coprimes.
    """
    assert(has_gmpy2)
    assert(len(remainders) == len(moduli))
    if not coprime:
        v, m = remainders[0], moduli[0]
        for u, n in zip(remainders, moduli)[1:]:
            g, s, t = gmpy2.gcdext(m, n)
            assert(v % g == u%g)
            v += s * m / g * (u - v)
            m *= n / g
        return (v % m, m)

    p = reduce(lambda x, y : x * y, moduli)
    v = 0
    for u, m in zip(remainders, moduli):
        e = p / m
        g, s, t = gmpy2.gcdext(e, m)
        v += e * (u * s % m)
    return (v % p, p)
Пример #2
0
 def gmgj(n, c1, c2, e1, e2):
     s = gmpy2.gcdext(e1, e2)
     s1 = s[1]
     s2 = -s[2]
     c2 = gmpy2.invert(c2, n)
     m = (pow(c1, s1, n) * pow(c2, s2, n)) % n
     print(libnum.n2s(m))
Пример #3
0
def main():
    IP = sys.argv[1] if len(sys.argv) > 1 else '0.0.0.0'
    PORT = 7702

    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
        sock.settimeout(30)
        sock.connect((IP, PORT))
        file = sock.makefile('rwb')

        print(file.readline().strip().decode())
        print(file.readline().strip().decode())

        sender_n, sender_e = literal_eval(read_data(file))
        receiver_n, receiver_e = literal_eval(read_data(file))
        assert sender_n == receiver_n
        n = sender_n
        
        message1 = int(read_data(file))
        message2 = int(read_data(file))
        message3 = int(read_data(file))

    g, x, y = gcdext(sender_e, receiver_e)
    if g > 1:
        return main()

    flag = int((pow(message1, x, n) * pow(message3, y, n)) % n)
    print(flag.to_bytes((n.bit_length() + 7) // 8, 'big').strip(b'\x00'))

    return
Пример #4
0
def decrypt(ct, pk, sk):
    c, s = ct
    N = pk
    p, q = sk
    h = len(bin(len(bin(N)[2:]))[2:]) - 1
    if len(bin(c)[2:]) % h != 0:
        c = '0' * (h - len(bin(c)[2:]) % h) + bin(c)[2:]
    else:
        c = bin(c)[2:]
    t = len(c) // h
    d_p = (((p + 1) // 4)**(t + 1)) % (p - 1)
    d_q = (((q + 1) // 4)**(t + 1)) % (q - 1)
    u_p = pow(s, d_p, p)
    u_q = pow(s, d_q, q)
    _, r_p, r_q = gmpy2.gcdext(p, q)
    C = [c[h * i: h * i + h] for i in range(t)]
    pt_list = []
    for xorkey in range(2**h):
        s_0 = (u_q * r_p * p + u_p * r_q * q) % N
        M = []
        for i in range(t):
            s_i = pow(s_0, 2, N)
            k = bin(s_i)[2:][-h:]
            m = bin(int(C[i], 2) ^ int(k, 2) & xorkey)[2:].zfill(h)
            M.append(m)
            s_0 = s_i
        pt = long_to_bytes(int(''.join(M), 2))
        pt_list.append(pt)
    return pt_list
Пример #5
0
def chinrest(aas, ns):
    count = len(aas)
    m = 1
    ms = [1] * count
    ees = [mpz(0)] * count

    # product of all ns
    for i in range(0, count):
        m = gmpy2.mul(m, ns[i])

# products of all but one ns
    for i in range(0, count):
        ms[i] = gmpy2.div(m, ns[i])

# extended euclid to get the factors
    for i in range(0, count):
        ggtn, r, s = gmpy2.gcdext(mpz(ns[i]), mpz(ms[i]))
        ees[i] = gmpy2.mul(s, ms[i])

# calculating x
    x = 0
    for i in range(0, count):
        x = gmpy2.add(x, gmpy2.mul(aas[i], ees[i]))


# making x positive. just in case
    x = gmpy2.t_mod(mpz(x), mpz(m))
    while x < 0:
        x = gmpy2.t_mod(mpz(x + m), mpz(m))

    return m, x
def attack(c1, c2, e1, e2, n):
    # WRITE YOUR CODE HERE!
    s = gmpy2.gcdext(e1, e2)
    s1 = s[1]
    s2 = s[2]
    tmp1 = gmpy2.powmod(c1, s1, n)
    tmp2 = gmpy2.powmod(c2, s2, n)
    return (tmp1 * tmp2) % n
Пример #7
0
def CRT(items):
	N = reduce(lambda x, y: x * y, (i[1] for i in items))
	result = 0
	for a, n in items:
		m = N // n
		d, r, s = gmpy2.gcdext(n, m)
		result += a * s * m
	return result % N, N
Пример #8
0
def CRT(c, n):
    M = functools.reduce(lambda x,y: x*y, n)
    total = 0
    for ci,ni in zip(c,n):
        Mi = M // ni
        # gmpy2.gcdext(Mi, ni) == (result, a, b)
        total += (gmpy2.gcdext(Mi, ni)[1] % ni) * Mi * ci
    return total % M
Пример #9
0
def common_modulus(n, c1, e1, c2, e2):
    s = gmpy2.gcdext(e1, e2)
    m1 = gmpy2.powmod(c1, s[1], n)
    m2 = gmpy2.powmod(c2, s[2], n)
    m = (m1 * m2) % n
    unhexlify = binascii.unhexlify(hex(m)[2:])
    print(unhexlify)
    return unhexlify
Пример #10
0
def egcd(a, b):
    """extended gcd

    :return: g, x, y such that x * a + y * b == g and x > 0
    """
    g, x, y = map(int, gmpy2.gcdext(a, b))
    x %= (b // g)
    y = (g - x * a) // b
    return g, x, y
Пример #11
0
def CRT(items):
    N = reduce(lambda x, y: x * y, (i[1] for i in items))
    result = 0
    for a, n in items:
        m = N / n
        d, r, s = gmpy2.gcdext(n, m)
        if d != 1: raise Exception("Input not pairwise co-prime")
        result += a * s * m
    return result % N, N
Пример #12
0
def CTR(a, m):
    result = 0
    M = 1
    for t in m:
        M = M * t
    for i in range(0, len(a)):
        s = gmpy2.gcdext(M / m[i], m[i])
        result = result + a[i] * (M / m[i]) * s[1]
    return result % M
Пример #13
0
def work(c1, c2, e1, e2, n):
    gcd, s, t = gmpy2.gcdext(e1, e2)
    if s < 0:
        s = -s
        c1 = gmpy2.invert(c1, n)
    if t < 0:
        t = -t
        c2 = gmpy2.invert(c2, n)
    return gmpy2.powmod(c1, s, n) * gmpy2.powmod(c2, t, n) % n
def crt(residues, moduli):
    # 中国剩余定理实现参考: https://en.wikipedia.org/wiki/Chinese_remainder_theorem#A_constructive_algorithm_to_find_the_solution
    x = 0
    N = moduli[0] * moduli[1] * moduli[2]
    for i in range(3):
        (_, r, s) = gmpy2.gcdext(moduli[i], N // moduli[i])
        e = s * N // moduli[i]
        x += residues[i] * e

    return x % N
Пример #15
0
    def generate_key(self):
        bits = self._n.bit_length()

        while True:
            e = getrandbits(bits) % self._phi
            g, d, _ = gcdext(e, self._phi)
            if g == 1 and d.bit_length() == e.bit_length():
                break

        return e, d
Пример #16
0
def sameModula(n, e1, e2, c1, c2):
    g, x1, x2 = gm.gcdext(e1, e2)
    if x1 < 0:
        c1 = gm.invert(c1, n)
        x1 = -x1
    if x2 < 0:
        c2 = gm.invert(c2, n)
        x2 = -x2
    p = gm.powmod(c1, x1, n) * gm.powmod(c2, x2, n) % n
    return p
Пример #17
0
def share_N(N, e1, e2, c1, c2):
    gcd, s, t = gmpy2.gcdext(e1, e2)
    if s < 0:
        s = -s
        c1 = gmpy2.invert(c1, N)
    if t < 0:
        t = -t
        c2 = gmpy2.invert(c2, N)
    plain = gmpy2.powmod(c1, s, N) * gmpy2.powmod(c2, t, N) % N
    log.info('Here are your plain text: \n' + libnum.n2s(plain))
def crt(residues, moduli):
    # 中国剩余定理实现参考: https://en.wikipedia.org/wiki/Chinese_remainder_theorem#A_constructive_algorithm_to_find_the_solution
    x = 0
    N = moduli[0] * moduli[1] * moduli[2]
    for i in range(3):
        (_, r, s) = gmpy2.gcdext(moduli[i], N // moduli[i])
        e = s * N // moduli[i]
        x += residues[i] * e

    return x % N
Пример #19
0
def attack_com_mode(n, c1, c2, e1, e2):
    # g为e1和e2的最大公约数
    g, s, t = gmpy2.gcdext(e1, e2)
    m = pow(c1, s, n) * pow(c2, t, n) % n
    y, b = gmpy2.iroot(m, g)
    k = 2
    while not b:
        att_m = m + k * n
        y, b = gmpy2.iroot(att_m, g)
        k += 1
    return y
def decrypt(ct, p, q):
    N = p*q
    x_p = pow(ct, (p + 1) // 4, p)
    x_q = pow(ct, (q + 1) // 4, q)
    _, a, b = gcdext(p, q)
    
    x1 = (x_p*b*q + x_q*a*p) % N
    x2 = (x_p*b*q - x_q*a*p) % N
    for pt in (x1, N-x1, x2, N-x2):
        if int(bin(pt)[-8:], 2) == ord('X'):
            return pt
Пример #21
0
def common_modulus_attack(c1, c2, e1, e2, n):
    _, s1, s2 = gmpy2.gcdext(e1, e2)
    if s1 < 0:
        s1 = -s1
        c1 = gmpy2.invert(c1, n)
    elif s2 < 0:
        s2 = -s2
        c2 = gmpy2.invert(c2, n)
    c1s1 = pow(c1, s1, n)
    c2s2 = pow(c2, s2, n)
    m = (c1s1 * c2s2) % n
    return m
Пример #22
0
def common_modulus(n, e1, e2, c1, c2):
    """
    ref:
    ∵gcd(e1,e2)==1,∴由扩展欧几里得算法,存在e1*s1+e2*s2==1
    ∴m==m^1==m^(e1*s1+e2*s2)==((m^e1)^s1)*((m^e2)^s2)==(c1^s1)*(c2^s2)
    """
    assert (libnum.gcd(e1, e2) == 1)
    _, s1, s2 = gmpy2.gcdext(e1, e2)
    # 若s1<0,则c1^s1==(c1^-1)^(-s1),其中c1^-1为c1模n的逆元。
    m = pow(c1, s1, n) if s1 > 0 else pow(gmpy2.invert(c1, n), -s1, n)
    m *= pow(c2, s2, n) if s2 > 0 else pow(gmpy2.invert(c2, n), -s2, n)
    return m % n
Пример #23
0
def common_modulus_attack(c1, c2, e1, e2, n):
    gcd, s1, s2 = gmpy2.gcdext(e1, e2)
    if s1 < 0:
        s1 = -s1
        c1 = gmpy2.invert(c1, n)
    elif s2 < 0:
        s2 = -s2
        c2 = gmpy2.invert(c2, n)
    v = pow(c1, s1, n)
    w = pow(c2, s2, n)
    m = (v * w) % n
    return m
def common_modulus_attack(modulus, exp1, exp2, msg1, msg2):
    """
    Perform RSA Common Modulus Attack, given the modulus, two exponents
    and two ciphertexts as integers.
    Returns the plaintext as an integer.
    """
    g, s, t = gmpy2.gcdext(exp1, exp2)
    if g != 1:
        print("Error: GCD of the two exponents is not 1!")
        exit(1)
    tmp1 = gmpy2.powmod(msg1, s, modulus)
    tmp2 = gmpy2.powmod(msg2, t, modulus)
    return int(gmpy2.mod(tmp1 * tmp2, modulus))
Пример #25
0
 def demsn(e, c, n=[]):
     for i in n:
         for j in n:
             if not (i == j):
                 pub_p = gmpy2.gcdext(i, j)
                 if not (pub_p[0] == 1) & (i > j):
                     print(i, j, p[0])
                     a = i, p = pub_p[0]
     q = a / p
     n = p * q
     phi = (p - 1) * (q - 1)
     d = gmpy2.invert(e, phi)
     m = pow(c, d, n)
     print(hex(m))
Пример #26
0
def crt(a, m):
    '''
    Input: [a_1, ... a_n], [m_1, ..., m_n]
        x = a_1 (mod m_1)
        x = a_2 (mod m_2)
        ...
        x = a_n (mod m_n)
    Output: x
    '''
    prod, total = functools.reduce(lambda x, y: x * y, m), 0
    for ai, mi in zip(a, m):
        Mi = prod // mi
        total += ai * Mi * (gmpy2.gcdext(Mi, mi)[1] % mi)
    return total % prod
Пример #27
0
def common_modulus_attack(c1, c2, e1, e2, n):
    # original source: http://inaz2.hatenablog.com/entry/2016/01/15/011138

    gcd, s1, s2 = gmpy2.gcdext(e1, e2)
    if s1 < 0:
        s1 = -s1
        c1 = gmpy2.invert(c1, n)
    elif s2 < 0:
        s2 = -s2
        c2 = gmpy2.invert(c2, n)
    v = pow(c1, s1, n)
    w = pow(c2, s2, n)
    m = (v * w) % n
    return m
Пример #28
0
def crt(remainders, moduli, coprime = True):
    """Chinese Remainder Theorem.

    :param remainders: list of remainders.
    :param moduli: list of modulies.
    :param coprime: (optional) set ``False`` if modulies are not coprimes.
    """
    if not coprime:
        iternums = iter(zip(remainders, moduli))
        v, m = next(iternums)
        for u, n in iternums:
            g, s, t = gmpy2.gcdext(m, n)
            assert(v % g == u%g)
            v += s * m // g * (u - v)
            m *= n // g
        return (v % m, m)

    p = reduce(lambda x, y : x * y, moduli)
    v = 0
    for u, m in zip(remainders, moduli):
        e = p // m
        g, s, t = gmpy2.gcdext(e, m)
        v += e * (u * s % m)
    return (v % p, p)
Пример #29
0
def crt(remainders, moduli, coprime=True):
    """Chinese Remainder Theorem.

    :param remainders: list of remainders.
    :param moduli: list of modulies.
    :param coprime: (optional) set ``False`` if modulies are not coprimes.
    """
    if not coprime:
        iternums = iter(zip(remainders, moduli))
        v, m = next(iternums)
        for u, n in iternums:
            g, s, t = gmpy2.gcdext(m, n)
            assert (v % g == u % g)
            v += s * m // g * (u - v)
            m *= n // g
        return (v % m, m)

    p = reduce(lambda x, y: x * y, moduli)
    v = 0
    for u, m in zip(remainders, moduli):
        e = p // m
        g, s, t = gmpy2.gcdext(e, m)
        v += e * (u * s % m)
    return (v % p, p)
Пример #30
0
def main():
    print 'Challenge 1'
    A = isqrt(N1) + 1
    x = isqrt(A * A - N1)
    p = A - x
    q = A + x
    phiN = mpz(p - 1) * mpz(q - 1)
    print 'p: ', p
    print 'q: ', q
    print 'Check: ', p * q == N1
    print

    print 'Challenge 2'
    A0 = isqrt(N2) + 1
    AN = A0 + 2**20
    for A in range(A0, AN):
        x = isqrt(A * A - N2)
        p = A - x
        q = A + x
        if (p * q == N2):
            break
    print 'p: ', p
    print 'q: ', q
    print 'Check: ', p * q == N2
    print

    print 'Challenge 3'
    N3_p = 24 * N3
    A = isqrt(24 * N3) + 1
    x = isqrt(A * A - N3_p)
    p_p = A - x
    q_p = A + x
    p = p_p / 6
    q = q_p / 4

    print 'p: ', p
    print 'q: ', q
    print 'Check: ', p * q == N3
    print

    print 'Challenge 4'
    e = mpz('65537')
    [g, d, dummy] = gcdext(e, phiN)
    m = gmpy2.powmod(c, d, N1)
    m = hex(m)
    m = m[-56:]
    print m
    print unhexlify(m)
Пример #31
0
def attack4(N, e, c):
    """Given RSA modulus N with |p-q|<2N^(1/4)
        public exponent e,
        and ciphertext c

        Note: e.d=1 mod(phi(N))
    """
    p, q = attack1(N)
    phi = (p - 1) * (q - 1)
    #print(p*q)
    g, s, t = gcdext(e, phi)
    d = s

    m = pow(c, d, N)
    print("Decrypted message ", m)
    print("Hex encoding", hex(m))
Пример #32
0
def Common_Mode_Attack(M):
    e1, e2, N, = get_key()  #生成公钥

    # M = input("请输入待加密明文:")
    M = convert_to_int(M)   #将输入ascii码转换为数字
    C1 = []
    C2 = []
    for number in M:
        C1.append(fast_power(number, e1, N))
        C2.append(fast_power(number, e2, N))
    #分别用e1和e2对同一段明文加密
    print('N:', N)
    print('C1:', ''.join(map(str, C1)))
    print('C2:', ''.join(map(str, C2)))
    print('e1:', e1)
    print('e2:', e2)
    print('开始计算使得e1*s1+e2*s2=1成立的s1与s2')
    s = gcdext(e1, e2)
    s1 = s[1]
    s2 = s[2]
    #扩展欧几里得算法,找出使e1*s1+e2*s2=1成立的s1和s2
    print('\n经过计算后')
    print('s1=', s1)
    print('s2=', s2)
    M1 = []
    if s1 < 0:
        t = s1
        s1 = -s1
        C11 = []
        for i in range(len(C1)):
            C11.append(invert(C1[i], N))    #invert()为求模逆的函数
            M1.append(pow(C11[i], s1, N) * pow(C2[i], s2, N) % N)
            print('由于s1<0,求得C1模N逆为', ''.join(map(str, C11)))
    elif s2 < 0:
        s2 = -s2
        C22 = []
        for i in range(len(C2)):
            C22.append(invert(C2[i], N))
            M1.append(pow(C1[i],s1,N) * pow(C22[i], s2, N) % N)
            print('由于s2<0,求得C2模N逆为', ''.join(map(str, C22)))
    #根据s1和s2的正负,判断是否对c1或c2进行模逆操作
    M2 = convert_to_ascii(M1)   #将得到的数字转变为ascii码
    print('攻击后得到原文:', M2)
    return e1, e2, t, s2, M2, N
Пример #33
0
    def key_gen(self, bits, prime_numbers=4):
        delta = randint(5, 15)
        bit_prime = int(bits // prime_numbers)

        P = [next_prime(number.getPrime(bit_prime) + 1)]
        for i in range(1, prime_numbers):
            P.append(next_prime(P[i - 1] * delta))

        n = self.__compute_module(P)
        phi = self.__compute_phi(P)

        for d_next in count(int(pow(P[0] // 2, 0.5)), -1):
            g, e, __ = gcdext(d_next, phi)
            if (1 < e < n) and (g == 1) and (gcd(phi, e) == 1):
                d = d_next
                break

        self.public_key = (e, n)
        self.secret_key = (d, n)
Пример #34
0
import gmpy2, binascii

N = 968303207185607392933798782387689522656147561712795299283882287440997111985337043607347852676675972362918419582716466493901827460706450708953088746657795254328535683015238473202723829157430427867421087226189467195646844668802837819623414935635764658530099227590830741510249221895574884771436827770318305551317176839494597881542410308108175111834839215570956517340899194288784858826431213509713952528866287993390613948062491441610747107348648602379185114554723774040662560407455840832110271813933032624805073788024993067973148443925303253795470847563536231692617336003345253420781728080545107013979989225215051608062044642404350318860297552684325830122651066498471494796197140830046228424107290568844093340204267361082742078820287806283549564233943675107998076566543352390069511549956964748416720763513751358887667167332126080075430087233981966806427580520370257808050907653401104327326631097877139317246068499669501296942050536122626128764679345686334508003799157031148558906404519754488943090430614449734145826672306815863417618237639635345018467258462900064790890385390508718602990300495726938127324285656651880960536234978827321187318512537049899040749483345012221361131129792213254633506153185302186568540749980375628514235030855807045314709882496753074374605804287524700316006092896795420448048753563680014346711220542647330945566829248331838201572696721484611259634434782075831402355726031168909134250473545733318680648535591393583591753681796583867361941369612638709097786386797652973805166862674686551290098101135899770942208220247225222462958306451292887778107274202080862990165408064372884914158792725013116440247234948462221463395579778209416361358418236648009499845276591742121866289571920719060295618309551857388542560147442529378101156132620061921583469878917947302508627776695573047820182057510772384875135795550437710313658255283287862276198618250884260442348343850066240114035518636573845052654416580159067713183299304803538785632234238046467384672538122045063632667757962772674939972792679509851714820791391542209183895101043149418861154827906828713093460640624918161442498432261330207213585143333235283987920999836862245963629061098253465280043891903366631221500293216287006734530837307036369234284523611530022158837165369780256375911835104289853776157817361701638375344905311830460059612259798600223588322136072986423796319913187356442617636479007538166981641749486826645166479345057550622122298936583765413411917302326827553940008588471939786317
e1 = 13218197 / 17
e2 = 13325773 / 17

c1 = 421111161283346431452404838872906910488956231402567019627078538397015129219548039141380131693083805603634832115136344104821561027925864923901767159809798556819390401416411855168293007844311613426948800208007055064348403326803934387258467126612219000171854953396242427891713082121012531213725355828779993888182933907101893044052692649728535361366924432892126370724588453260805681821935597271080255619110465374127164951502400983809536186925456642086304791751551216044579863129291165009342909475237361181743987301745314378124693429484474503217504889965795409106282650296184945237152875186651795552666842345066169360660546054986708172417429052514059615434084086154415920830883055729609108788179781445658162049137989591033198225687070565856609516100367268190340309308157085784134411282761584130225746032198957351227779773001865341915642873414205377145922729731246073639219795924517066513774579919237687232502798978463575009663263447306363691670476046609459059167879832079562689979943552446917015778003739858532004479603764374411135699895655736013845369551111690464128448955486337191304960262873891918387298035244888743768954328136862535082300010994461970837930794524673040694310506226189740828318579439950518115967189869637345638498098713092489244636082588805772227797143449747153355341250697133905040459624514982099584435140538668878747129925880019957973864264834954951976218071371679757509297492047186840975743403271896047156768874314108910566561868784522463064748746223313798316236978642468003218086919263188950066989044210829301678555320837086377545741001736801163743516580353549217680694256032377932133575488109549594325464409000682442042651791171660390153162096538381581148625792618196174157168997050557100450557288143739840824092541232969307054965994887340364612034225310418659933594966854225109483090892335755747449339249960596843266176465016510244036725441439565001070917883074011690676911331738356675397441288471244334501091751395240775991013123686801229872759306547212076067886148629332008410208267030715989530663720054487572883736818402878156320070866728567321649066842627412668340251628750512807830348760198570727092664649603270152943231283098179852700308804060616603604109118233213539629764618927518884532667481665405755714542980086417296700138731812815602896287231173509006149715343922041354056256194681983557852276963918040964106582078239501915086320391282791023780691061950154312894926940866878046518974877055347229774579384836298084254309194742164500782
c2 = 905336011260893181451937420601175770518313987534058470576409049452599974940736949020892631904955374029696187995214208522797070994604711663756814784706053753391830801248808142181434422224620348115969075398677162880328104668870990618955018212918253536803780269490731174871303579036880145367252409300321511403369634435527150000969450834032455903281526350857234024199221097951905683106432984567192925721856154512618509568221546898136983740670694848845816274649037002810596080076911851084982546841069002779200879395931456796911067433329924739943299552475793965462348342813683729525726622940637841204356613245154725191731818570068876251576706021876289420301350487275708440713574921631267131651109260124766475594710481161866254565495750886839979733888772439130815149472846472765436552529628205718020374215877005469575372812773398343007234021177110808440750777736752300216949812950208548770769356889084232841311299404061610926387440620373137543532240294565244268885021138356121583352086433040479579285669028705571672002026293450745788592556823683194951826864141604029265650908715426822940827714455571796485962047146479512064410497475912291097113335318214286537554114706858926411912595063427662813512257156617697572638072509013871077829931469009241562237896598800666350337578826848041056097241547835195327840625894306586665539851835002956883837883293039313345815320389859457247452362675082429215289259947007386622301346393036750250168159297672722825807855637539796284414040339895615478904699195785762873300869004533530925681372154050324943727448464697359515536114806520493724557784204316395281200493439754546212305945038548703862153513568552164320556554039878316192239576925690599059819274827811660423411125130527352853059068829976616766635622188402967122171283526317336114731850274527784991508989562864331372520028706424190362623058696630974348010681878756845430600722349325469186628612347668798617024215127322351935893754437838675067920448401031834465304168738463170328598024532652790234530162187677742373772610227011372650971705426850962132725369442443471111605896253734934335599889785048210986345764273409091402794347076211775580564523705131025788768349950799136508286891544854890654019681560870443838699627458034827040931554727774022911060988866035389927962128604944287104134091087855031454577661765552937836562030914936714391213421737277968877508252894207799747341644008076766221537325719773971004607956958298021339118374168598829394997802039272072755111105775037781715

g, s, t = gmpy2.gcdext(e1, e2)
assert e1 * s + e2 * t == 1

if s < 0 and t > 0:
    c1i = gmpy2.invert(c1, N)
    m = (pow(c1i, -s, N) * pow(c2, t, N)) % N
elif s > 0 and t < 0:
    c2i = gmpy2.invert(c2, N)
    m = (pow(c1, s, N) * pow(c2i, -t, N)) % N
else:
    print "WTF", e1, e2, s, t
    exit()

for i in xrange(1024):
    a = 1 << (i*8)
    
    a17 = pow(a, 17, N)
    a17i = gmpy2.invert(a17, N)
    
    m2 = (m * a17i) % N
    
    mroot, foundexact = gmpy2.iroot(m2, 17)
Пример #35
0
def modInv(num, base):
    return gmpy2.gcdext(num, base)[1]
Пример #36
0
def main():
    assert gmpy2.gcd(2108, 3720) == gcd(2108, 3720)
    assert gmpy2.gcdext(3720, 2108) == gcdext(3720, 2108)
    print(gmpy2.gcdext(210, -330))