def _after_pq(public_key, secret_key): p = secret_key.p q = secret_key.q secret_key.n = public_key.n = n = p * q secret_key.n_half = public_key.n_half = n / 2 t, secret_key.invpmq, secret_key.invqmp = gmpy.gcdext(p, q) secret_key.nsq = public_key.nsq = nsq = n * n secret_key.qsq = qsq = q * q secret_key.psq = psq = p * p t, secret_key.invpsqmqsq, secret_key.invqsqmpsq = gmpy.gcdext(psq, qsq) secret_key.ordpsq = p * p - p secret_key.ordqsq = q * q - q # Calculate Carmichael's function. secret_key.lm = lm = gmpy.lcm(p - 1, q - 1)
def generate_keys_gmp(bit_length, generate=generate_g_fast): """Generating paillier public and secret keys @type bit_length: int @type generate: callable @param generate: a callable which returns a generator g in B @rtype: tuple(PublicKey, SecretKey) """ secret_key = SecretKeyGMP(bit_length) public_key = PublicKeyGMP(bit_length) secret_key.p = p = find_random_prime(bit_length / 2) while 1: secret_key.q = q = find_random_prime(bit_length / 2) if p != q: break secret_key.n = public_key.n = n = p * q secret_key.n_half = public_key.n_half = n / 2 t, secret_key.invpmq, secret_key.invqmp = gmpy.gcdext(p, q) secret_key.nsq = public_key.nsq = nsq = n * n secret_key.qsq = qsq = q * q secret_key.psq = psq = p * p t, secret_key.invpsqmqsq, secret_key.invqsqmpsq = gmpy.gcdext(psq, qsq) secret_key.ordpsq = p * p - p secret_key.ordqsq = q * q - q # Calculate Carmichael's function. secret_key.lm = lm = gmpy.lcm(p - 1, q - 1) # Generate a generator g in B. public_key.g = secret_key.g = g = generate(secret_key) secret_key.denominv = gmpy.invert(L(crt_pow(g, lm, secret_key), n), n) return public_key, secret_key
def egcd(x, y): """ Calculate Extended GCD Args: x : integer y : integer Return: a, b : A Integer satisfy ax + by = gcd(x, y) g : gcd(x, y) """ g, a, b = map(int, gmpy.gcdext(x, y)) return (a, b, g)
def common_modulus_attack(c1, c2, e1, e2, n): gcd, s1, s2 = gcdext(e1, e2) if s1 < 0: s1 = -s1 c1 = invert(c1, n) if s2 < 0: s2 = -s2 c2 = invert(c2, n) v = pow(c1, s1, n) w = pow(c2, s2, n) m = (v * w) % n return m
def common_modules_attack(c1, c2, e1, e2, n): gcd, s1, s2 = gmpy.gcdext(e1, e2) if s1 < 0: s1 = -s1 c1 = gmpy.invert(c1, n) elif s2 < 0: s2 = -s2 c2 = gmpy.invert(c2, n) v = pow(c1, s1, n) w = pow(c2, s2, n) x = (v * w) % n return x
def chinese_remainder(pairs): N = 1 for a, n in pairs: N *= n result = 0 for a, n in pairs: m = N // n d, r, s = gmpy.gcdext(n, m) if d != 1: raise ValueError("Input not pairwise co-prime") result += a * s * m return result % N, N
def common_mode_attack(n, e1, e2, c1, c2): print("[*] Try common mode attack") _, s1, s2 = gmpy.gcdext(e1, e2) if s1 < 0: s1 = -s1 c1 = gmpy.invert(c1, n) elif s2 < 0: s2 = -s2 c2 = gmpy.invert(c2, n) m = (pow(c1, s1, n) * pow(c2, s2, n)) % n print("[*] Maybe success") print("[!] flag:", long_to_bytes(m)) return 1
def apply(self, ns, evaluation): 'ExtendedGCD[ns___Integer]' ns = ns.get_sequence() result = 0 coeff = [] for n in ns: value = n.get_int_value() if value is None: return new_result, c1, c2 = gcdext(result, value) result = new_result coeff = [c * c1 for c in coeff] + [c2] return Expression('List', Integer(result), Expression('List', *(Integer(c) for c in coeff)))
def attack(n, e1, e2, c1, c2): rst = gcdext(e1, e2) s1 = rst[1] s2 = rst[2] if s1 < 0: s1 = -s1 c1 = invert(c1, n) elif s2 < 0: s2 = -s2 c2 = invert(c2, n) m = pow(c1, s1) * pow(c2, s2) return m
def common(c1, c2, e1, e2, n): """ Common Modulus Attack @param c int: cipher @param e int: public exponent @param n int: modulus @return m int: plain text """ gcd, s1, s2 = gmpy.gcdext(e1, e2) if s1 < 0: s1 = -s1 c1 = gmpy.invert(c1, n) elif s2 < 0: s2 = -s2 c2 = gmpy.invert(c2, n) v = pow(c1, s1, n) w = pow(c2, s2, n) m = (v * w) % n return m
def flip_iv(oldplain, newplain, iv): flipmask = xor_str(oldplain, newplain) return xor_str(iv, flipmask) def gcd(a, b): while b: a, b = b, a % b return a nthroot = lambda a, r: int(gmpy.root(a, r)[0]) modinv = lambda a, m: int(gmpy.invert(a, m)) egcd = lambda x, y: map(int, gmpy.gcdext(x, y)) def str2num(s): return int(s.encode('hex'), 16) def num2str(n): h = hex(n) if h[-1] == "L": h = h[:-1] return h[2:].decode('hex') randstr = lambda n: ''.join( [random.choice(string.ascii_letters + string.digits) for i in range(n)])
def str2intnew(mystr): res = '' for char in mystr: res = res + str(ord(char)) return res def str_int(s): a=0 for i in range(0,len(s)): a=a+ord(s[i])*256**i return a N = gmpy.mpz(1234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234717283950617286419848309592787370341273747873748589842596504841720640394292494902982398728707626152070858561887866820294694355043665630787554216250435696249211077918492329836269203487802969283814463105539751494270071615655993342320948911726155780461076389165979343111846372150233530706650782398611627761941453287668879721303235540318234064753133821318150932201158894328482335388315649950679451828519628822971) r = int(gmpy.ceil(gmpy.sqrt(N))) p = gmpy.mpz(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723116269) q = gmpy.mpz(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723109959) e = 65537L phi = (p-1)*(q-1) d = gmpy.gcdext(e, phi)[1] if d < 0: d = d + phi val = getpass('factor 1') username = pow(gmpy.mpz(int(val[0])), e, N) username = 418296719726 password = pow(gmpy.mpz(username), d, N) print password
def str_int(s): a = 0 for i in range(0, len(s)): a = a + ord(s[i]) * 256**i return a N = gmpy.mpz( 1234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234567901234717283950617286419848309592787370341273747873748589842596504841720640394292494902982398728707626152070858561887866820294694355043665630787554216250435696249211077918492329836269203487802969283814463105539751494270071615655993342320948911726155780461076389165979343111846372150233530706650782398611627761941453287668879721303235540318234064753133821318150932201158894328482335388315649950679451828519628822971 ) r = int(gmpy.ceil(gmpy.sqrt(N))) p = gmpy.mpz( 1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723116269 ) q = gmpy.mpz( 1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111178333333333334444487294872309872209128742098742420984723982734329843732987178261897634983473987323987439874932873402398720978429874230987340298723109959 ) e = 65537L phi = (p - 1) * (q - 1) d = gmpy.gcdext(e, phi)[1] if d < 0: d = d + phi val = getpass('factor 1') username = pow(gmpy.mpz(int(val[0])), e, N) username = 418296719726 password = pow(gmpy.mpz(username), d, N) print password
def extended_euclid(a, m): return [int(x) for x in gmpy.gcdext(a, m)]
import gmpy def int2string(i): ihex = hex(i)[2:-1] if len(ihex) % 2 != 0: ihex = '0' + ihex return ihex.decode('hex') nthroot = lambda a, r: int(gmpy.root(a, r)[0]) modinv = lambda a, m: int(gmpy.invert(a, m)) egcd = lambda x, y: map(int, gmpy.gcdext(x, y))