def main():
g_to_b = powmod(G, 1048576, P)
g_invert = invmod(G, P)
map = {}
time_start = time.time()
calc_1 = powmod(H * G, 1, P)
for i in range(1048576 + 1):
calc_1 = powmod(calc_1 * g_invert, 1, P)
map[calc_1] = i
time_end = time.time()
sys.stdout.write('\n\n')
sys.stdout.write('Left side complete...\n')
sys.stdout.write('Time: %0.3f ms\n' % ((time_end - time_start) * 1000.0))
sys.stdout.flush()
time_start = time.time()
calc_0 = invmod(g_to_b, P)
for j in range(1048576 + 1):
calc_0 = powmod(calc_0 * g_to_b, 1, P)
if calc_0 in map:
calc = (j * 1048576) + map[calc_0]
sys.stdout.write('\n\n')
sys.stdout.write('Successfully found x with a value of %s\n' % calc)
sys.stdout.flush()
break
time_end = time.time()
sys.stdout.write('Time: %0.3f ms\n' % ((time_end - time_start) * 1000.0))
sys.stdout.flush()
def discrete_log_numbthy(P, G, H):
lookup = {}
g_to_b = powmod(G, 1048576, P)
g_invert = invmod(G, P)
calc_1 = powmod(H * G, 1, P)
for i in xrange(1048576 + 1):
calc_1 = powmod(calc_1 * g_invert, 1, P)
lookup[calc_1] = i
calc_0 = invmod(g_to_b, P)
for j in xrange(1048576 + 1):
calc_0 = powmod(calc_0 * g_to_b, 1, P)
if calc_0 in lookup:
return (j * 1048576) + lookup[calc_0]
return None
def addTwoPoints(E,p1,p2):
if(p1 == zero):
return p2
elif(p2 == zero):
return p1
elif(p1.x == p2.x and p1.y == -p2.y):
return Point(0,0)
else:
slope = 0
if(p1 == p2):
num = (3*p1.x*p1.x + E.a) % E.n
den = (2*p1.y) % E.n
slope = num * numbthy.invmod(den,E.n)
else:
num = (p2.y-p1.y) % E.n
den = (p2.x-p1.x) % E.n
slope = num * numbthy.invmod(den,E.n)
x3 = (slope*slope-p1.x-p2.x) % E.n
y3 = (slope*(p1.x-x3)-p1.y) % E.n
return Point(long(x3),long(y3))
def addTwoPoints(E, p1, p2):
if (p1 == zero):
return p2
elif (p2 == zero):
return p1
elif (p1.x == p2.x and p1.y == -p2.y):
return Point(0, 0)
else:
slope = 0
if (p1 == p2):
num = (3 * p1.x * p1.x + E.a) % E.n
den = (2 * p1.y) % E.n
slope = num * numbthy.invmod(den, E.n)
else:
num = (p2.y - p1.y) % E.n
den = (p2.x - p1.x) % E.n
slope = num * numbthy.invmod(den, E.n)
x3 = (slope * slope - p1.x - p2.x) % E.n
y3 = (slope * (p1.x - x3) - p1.y) % E.n
return Point(long(x3), long(y3))
def get_discrete_log(p, g, h):
lhs_values = {}
for x1 in range(0, B + 1):
if x1 % 20000 == 0:
print('(LHS) storing x1={}'.format(x1))
lhs = (numbthy.invmod(numbthy.powmod(g, x1, p), p) * h) % p
if lhs not in lhs_values:
lhs_values[lhs] = x1
x0_found, x1_found, x_found = None, None, None
for x0 in range(0, B + 1):
if x0 % 10000 == 0:
print('(RHS) checking x0={}'.format(x0))
rhs = numbthy.powmod(g, B * x0, p)
if rhs in lhs_values:
x0_found, x1_found = x0, lhs_values[rhs]
x_found = (x0_found * B + x1_found) % p
print('Found. x0={}, x1={}, x={}'.format(
x0_found, x1_found, x_found))
break
assert x_found, 'Failed to find discrete log. May not exist?'
return x_found
def get_discrete_log(p, g, h):
lhs_values = {}
for x1 in range(0, B + 1):
if x1 % 20000 == 0:
print('(LHS) storing x1={}'.format(x1))
lhs = (numbthy.invmod(numbthy.powmod(g, x1, p), p) * h) % p
if lhs not in lhs_values:
lhs_values[lhs] = x1
x0_found, x1_found, x_found = None, None, None
for x0 in range(0, B + 1):
if x0 % 10000 == 0:
print('(RHS) checking x0={}'.format(x0))
rhs = numbthy.powmod(g, B * x0, p)
if rhs in lhs_values:
x0_found, x1_found = x0, lhs_values[rhs]
x_found = (x0_found * B + x1_found) % p
print('Found. x0={}, x1={}, x={}'.format(x0_found, x1_found,
x_found))
break
assert x_found, 'Failed to find discrete log. May not exist?'
return x_found
def dlog(p, g, h, B=2**20):
"""
Calculate discrete logarithm.
:param p: Prime p.
:param g: Any element in Z_star_p => h=g^x for 0 <= x <= B.
:param h: Value h=g^x for 0 <= x <= B.
:param B: x value space; 0 <= x <= B.
:return: x: discrete log modulo p if found, None otherwise.
"""
l_hash = dict()
print('[+] Calculating l-value table...')
for x1 in tqdm(range(B)):
g_pow_x1 = numbthy.power_mod(g, x1, p)
inv_g_pow_x1 = numbthy.invmod(g_pow_x1, p)
l_val = h * inv_g_pow_x1
l_val = l_val % p
l_hash[l_val] = x1
print('[+] Looking up r-value in l-value table...')
x0, x1 = 0, 0
g_pow_B = numbthy.power_mod(g, B, p)
for x0 in tqdm(range(B)):
r_val = numbthy.power_mod(g_pow_B, x0, p)
try:
x1 = l_hash[r_val]
print('[+] Found!!')
break
except KeyError:
pass
if x0 != 0 and x1 != 0:
x = x0 * B + x1
else:
x = None
return x
def build_table():
for x1 in xrange(0, B + 1):
val = (h * invmod(powmod(g, x1, p), p)) % p
table[val] = x1
p = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084171
g = 11717829880366207009516117596335367088558084999998952205599979459063929499736583746670572176471460312928594829675428279466566527115212748467589894601965568
h = 3239475104050450443565264378728065788649097520952449527834792452971981976143292558073856937958553180532878928001494706097394108577585732452307673444020333
B = 2**20
import sys
from numbthy import invmod, powmod
d = {}
for x1 in xrange(B + 1):
v = (h * invmod(powmod(g, x1, p), p)) % p
d[v] = x1
g_b = powmod(g, B, p)
for x0 in xrange(B + 1):
v = powmod(g_b, x0, p)
if not v in d:
continue
x1 = d[v]
print(x0 * B + x1) % p
break
print "Done"
totientn=(varp-1)*(varq-1)
#generates totient of n
dprepossible=[x for x in range(totientn)]
varb=0
dpossible=[]
while varb!=len(dprepossible):
dpp=dprepossible[varb]
if gcd(totientn,dpp)==1:
dpossible.append(dpp)
varb=varb+1
vard=choice(dpossible)
#generates d
vare=invmod(vard,totientn)
#generates e
texterat="p={0}, q={1}, n={2}, t of n={3}, d={4}, and e={5}"
print(texterat.format(varp,varq,varn,totientn,vard,vare))
#prints variables
if why=='n':
varp=int(input('Enter p: '))
varq=int(input('Enter q: '))
varn=varp*varq
totientn=(varp-1)*(varq-1)
vard=int(input('Enter d: '))
vare=int(input('Enter e: '))
texterat="p={0}, q={1}, n={2}, t of n={3}, d={4}, and e={5}"
print(texterat.format(varp,varq,varn,totientn,vard,vare))
p = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084171
g = 11717829880366207009516117596335367088558084999998952205599979459063929499736583746670572176471460312928594829675428279466566527115212748467589894601965568
h = 3239475104050450443565264378728065788649097520952449527834792452971981976143292558073856937958553180532878928001494706097394108577585732452307673444020333
B = 2**20
import sys
from numbthy import invmod,powmod
d = {}
for x1 in xrange(B + 1):
v = (h * invmod(powmod(g, x1, p), p)) % p
d[v] = x1
g_b = powmod(g, B, p)
for x0 in xrange(B + 1):
v = powmod(g_b, x0, p)
if not v in d:
continue
x1 = d[v]
print (x0 * B + x1) % p
break
print "Done"