def gen_challenge():
r = random.randint(0, 4)
if r == 0:
p = get_prime()
q = get_prime()
have = {'p': p, 'q': q}
need = {'n': p * q}
elif r == 1:
p = get_prime()
q = get_prime()
n = p * q
have = {'p': p, 'n': n}
need = {'q': q}
elif r == 2:
p = get_prime()
q = get_prime()
e = 65537
phi = (p - 1) * (q - 1)
d = rsa.modinv(e, phi)
have = {'p': p, 'q': q, 'e': e}
need = {'d': d}
elif r == 3:
p = get_prime()
q = get_prime()
e = 65537
phi = (p - 1) * (q - 1)
d = rsa.modinv(e, phi)
pt = random.getrandbits(128)
state = rsa.solve_for(p=p, q=q, e=e)
ct = rsa.encrypt(state, pt, as_bytes=False)
have = {'p': p, 'q': q, 'e': e, 'pt': pt}
need = {'ct': ct}
elif r == 4:
p = get_prime()
q = get_prime()
e = 65537
phi = (p - 1) * (q - 1)
d = rsa.modinv(e, phi)
pt = random.getrandbits(256)
state = rsa.solve_for(p=p, q=q, e=e)
ct = rsa.encrypt(state, pt, as_bytes=False)
have = {'p': p, 'phi': phi, 'e': e, 'ct': ct}
d = state[4]
need = {'pt': pow(ct, d, p * q)}
else:
return {}, {}
return have, need
def challenge41(ciphertext, pub, decrypt_once):
C = util.from_bytes(ciphertext)
E, N = pub
S = random.randint(2, N - 1)
C2 = (pow(S, E, N) * C) % N
P2 = decrypt_once(C2)
P2 = (P2 * rsa.modinv(S, N)) % N
return util.to_bytes(P2)
def test_stress_prime_identity(self):
for i in range(20):
prime = rsa.isprime(i)
for j in range(1, i):
inv = rsa.modinv(j, i)
if prime:
self.assertIsNotNone(inv)
if inv is not None:
self.assertEquals(rsa.modmul(inv, j, i), 1)
def rsaDecrypt():
ciphertext = request.form["rsa-decrypt"]
e = int(request.form["eDec"])
p = int(request.form["pDec"])
q = int(request.form["qDec"])
phiN = (p - 1) * (q - 1)
N = p * q
d = modinv(e, phiN)
sending = rsadecrypt(d, N, ciphertext)
return render_template(rsaHTML, decrypted=sending)
def challenge40(plaintext):
e = 3
rs = [rsa.new() for _ in range(e)]
c, n = zip(*[(r.pub_enc(plaintext), r.n) for r in rs])
N = 1
for ni in n:
N *= ni
#ms = [n[1]*n[2], n[0]*n[2], n[0]*n[1]]
ms = [N // ni for ni in n]
r = [c[i] * ms[i] * rsa.modinv(ms[i], n[i]) for i in range(e)]
#print(r[0])
R = sum(r) % N
#cubic_root = R ** (1/3)
#cubic_root = round(cubic_root)
cubic_root = nthroot(R, e)
return cubic_root.to_bytes((cubic_root.bit_length() + 7) // 8, 'big')
def re_decrypt():
return {'re_dec': int(_('z2') * modinv(pow(_('z1'), _('x'), p), p) % p)}
def decrypt():
return {'dec': _('c2') * modinv(pow(_('c1'), _('x'), p), p) % p}
def re_decrypt():
return {
're_dec': _('XX') * modinv(pow(_('YY'), _('a'), p), p) % p,
're_check': _('WW') * modinv(pow(_('ZZ'), _('a'), p), p) % p,
}
def decrypt():
return {
'dec': _('X') * modinv(pow(_('Y'), _('a'), p), p) % p,
'check': _('W') * modinv(pow(_('Z'), _('a'), p), p) % p,
}
def test_simple(self): self.assertEquals(rsa.modinv(3, 4), 3) self.assertIsNone(rsa.modinv(2, 4)) self.assertEquals(rsa.modinv(1, 2), 1) self.assertEquals(rsa.modinv(1, 3), 1) self.assertEquals(rsa.modinv(1, 4), 1)