def p44() -> Optional[str]: dsa = DSA() y = int( '2d026f4bf30195ede3a088da85e398ef869611d0f68f07' '13d51c9c1a3a26c95105d915e2d8cdf26d056b86b8a7b8' '5519b1c23cc3ecdc6062650462e3063bd179c2a6581519' 'f674a61f1d89a1fff27171ebc1b93d4dc57bceb7ae2430' 'f98a6a4d83d8279ee65d71c1203d2c96d65ebbf7cce9d3' '2971c3de5084cce04a2e147821', 16) fingerprint = 'ca8f6f7c66fa362d40760d135b763eb8527d3d52' sigs = _parse_signature_file() for i, j in combinations(range(len(sigs)), 2): s1, m1 = int(sigs[i][0]), int(sigs[i][2], 16) s2, m2 = int(sigs[j][0]), int(sigs[j][2], 16) s = (s1 - s2) % dsa.q m = (m1 - m2) % dsa.q k = (invmod(s, dsa.q) * m) % dsa.q r = int(sigs[i][1]) x = (((s1 * k) - m1) * invmod(r, dsa.q)) % dsa.q if sha1(hex(x)[2:].encode()).hexdigest() == fingerprint: assert y == pow(dsa.g, x, dsa.p) return f'Private DSA key is {x}'
def p40() -> str: msg = b'Assume you\'re a Javascript programmer. That is, you\'re using a naive handrolled ' \ b'RSA to encrypt without padding.' print(f'Encrypting secret message "{msg.decode()}"') msg = int(hexlify(msg), 16) pairs = [] for _ in range(3): rsa = RSA() c = rsa.enc(msg) pairs.append((c, rsa.N)) print( f'Generated ciphertext = {str(c)[:15]}... for N = {str(rsa.N)[:15]}...' ) c0, c1, c2 = [c for (c, _) in pairs] n0, n1, n2 = [N for (c, N) in pairs] m0, m1, m2 = n1 * n2, n0 * n2, n0 * n1 t0 = (c0 * m0 * invmod(m0, n0)) t1 = (c1 * m1 * invmod(m1, n1)) t2 = (c2 * m2 * invmod(m2, n2)) c = (t0 + t1 + t2) % (n0 * n1 * n2) m = kth_root(c, 3) m = unhexlify(hex(m)[2:]) return f'Recovered message "{m.decode()}"'
def verify(self, m, r, s): w = invmod(s, self.q) u1 = (int(sha1(m).hexdigest(), 16) * w) % self.q u2 = (r * w) % self.q v1 = pow(self.g, u1, self.p) v2 = pow(self.y, u2, self.p) v = ((v1 * v2) % self.p) % self.q return v == r
def sign(self, m): r, s = 0, 0 k = randint(1, self.q - 1) r = pow(self.g, k, self.p) % self.q hash_int = int(sha1(m).hexdigest(), 16) s = (invmod(k, self.q) * (hash_int + self.x * r)) % self.q return (r, s)
def verify(self, m: bytes, r: int, s: int) -> bool: w = invmod(s, self.q) u1 = (int(sha1(m).hexdigest(), 16) * w) % self.q u2 = (r * w) % self.q v1 = pow(self.g, u1, self.p) v2 = pow(self.y, u2, self.p) v = ((v1 * v2) % self.p) % self.q return v == r
def p45() -> str: dsa = DSA() dsa.g = 0 r, s = dsa.sign(b'Original Message') assert dsa.verify(b'Bad Message', r, s) dsa.g = dsa.p + 1 z = 2 r = pow(dsa.y, z, dsa.p) % dsa.q s = (r * invmod(z, dsa.q)) % dsa.q assert dsa.verify(b'Hello World', r, s) assert dsa.verify(b'Goodbye World', r, s) return f'Signature for "Hello World" and "Goodbye World" - ({r}, {s})'
def p45(): dsa = DSA() dsa.g = 0 r, s = dsa.sign('Original Message') assert dsa.verify('Bad Message', r, s) dsa.g = dsa.p + 1 z = 2 r = pow(dsa.y, z, dsa.p) % dsa.q s = (r * invmod(z, dsa.q)) % dsa.q assert dsa.verify('Hello World', r, s) assert dsa.verify('Goodbye World', r, s) return 'Signature for "Hello World" and "Goodbye World" - ({}, {})'.format( r, s)
def p41() -> str: rsa = RSA() N, e = rsa.N, rsa.e ptxt = dumps({ 'time': 1356304276, 'social': '867-00-5309', }) ptxt = int(hexlify(ptxt.encode()), 16) ctxt = rsa.enc(ptxt) s = 2 ctxt_ = pow(s, e, N) * ctxt % N ptxt_ = rsa.dec(ctxt_) recovered = invmod(s, N) * ptxt_ % N recovered = unhexlify(hex(recovered)[2:]).decode() return 'Recovered data {}'.format(loads(recovered))
def p41(): rsa = RSA() N, e = rsa.N, rsa.e ptxt = dumps({ 'time': 1356304276, 'social': '555-55-5555', }) ptxt = int(hexlify(ptxt), 16) ctxt = rsa.enc(ptxt) s = 2 ctxt_ = pow(s, e, N) * ctxt % N ptxt_ = rsa.dec(ctxt_) recovered = invmod(s, N) * ptxt_ % N recovered = unhexlify(hex(recovered)[2:-1]) return 'Recovered data {}'.format(loads(recovered))
def p43(): dsa = DSA() y = int( '84ad4719d044495496a3201c8ff484feb45b962e7302e56a392aee4' 'abab3e4bdebf2955b4736012f21a08084056b19bcd7fee56048e004' 'e44984e2f411788efdc837a0d2e5abb7b555039fd243ac01f0fb2ed' '1dec568280ce678e931868d23eb095fde9d3779191b8c0299d6e07b' 'bb283e6633451e535c45513b2d33c99ea17', 16) m = 'For those that envy a MC it can be hazardous to your health\n' \ 'So be friendly, a matter of life and death, just like a etch-a-sketch\n' mhash = int(sha1(m).hexdigest(), 16) r = 548099063082341131477253921760299949438196259240 s = 857042759984254168557880549501802188789837994940 fingerprint = '0954edd5e0afe5542a4adf012611a91912a3ec16' for k in range(2**16): x = (((s * k) - mhash) * invmod(r, dsa.q)) % dsa.q if sha1(hex(x)[2:-1]).hexdigest() == fingerprint: assert y == pow(dsa.g, x, dsa.p) return 'Private DSA key is {}'.format(x)