rsa lesson added
This commit is contained in:
39
training/h4tum/Intro_to_RSA/challenge/Wiener/2.py
Normal file
39
training/h4tum/Intro_to_RSA/challenge/Wiener/2.py
Normal file
@@ -0,0 +1,39 @@
|
||||
from Crypto.Util.number import inverse, getPrime, bytes_to_long, long_to_bytes
|
||||
from Crypto.PublicKey import RSA
|
||||
from wiener_attack import wiener_attack
|
||||
|
||||
flag = "h4tum{...}"
|
||||
m = bytes_to_long(flag.encode())
|
||||
|
||||
p = getPrime(512)
|
||||
q = getPrime(512)
|
||||
n = p * q
|
||||
phi = (p - 1) * (q - 1)
|
||||
d = getPrime(30)
|
||||
e = inverse(d, phi)
|
||||
|
||||
ciphertext = pow(m, e, n)
|
||||
|
||||
pubkey = RSA.construct((n, e))
|
||||
pub_pem = pubkey.export_key(format="PEM")
|
||||
|
||||
print(pub_pem.decode())
|
||||
print(f"\nHere is the encrypted flag:\n{ciphertext}")
|
||||
|
||||
rec_d = wiener_attack(e, n)
|
||||
|
||||
print(long_to_bytes(pow(ciphertext, d, n)))
|
||||
|
||||
# -----BEGIN PUBLIC KEY-----
|
||||
# MIIBHjANBgkqhkiG9w0BAQEFAAOCAQsAMIIBBgKBgGUboAvXiM8ETI/20wMIDKp4
|
||||
# Yvh0bh90Rv5ixgn0cwUru18hYZdHMmbVRbbzImcJUl+TiGO6ED71fZARh55vpA+p
|
||||
# IVwrXsFUnUzpF+5Xt04qo6ums1nSd3Kqx/A1gBerMCk8sO8PPJwKW/SgUu8SpOMn
|
||||
# XtNB3UCiF5iklNzpRJ9BAoGAWMfZ0dEudQf+xEwd4jq066R781PuIQ+FwsEpDAtC
|
||||
# oFuPpJgo2JEhw6QHdPbSBSAZiJTeKUBrh34s1Y1ALNQy2HgpDF+UGvfndeqxI+tx
|
||||
# ZnhnmOKyFWLRS7CElp0YunzaWSjM9B4UeyDqnO70f0wopGhSrHx326ourFJBKDak
|
||||
# g0k=
|
||||
# -----END PUBLIC KEY-----
|
||||
|
||||
# Here is the encrypted flag:
|
||||
# 33875780076252799475072801857719625760580293404621927950834466845200175353837317794093362254089677034810036784377827562641344104659319423578279557002930036256051311423722214046538552333691207322585750166331224527229737296960110973126147103391345215399552776397918690683992071757399724992352071896156421861125
|
||||
|
||||
@@ -0,0 +1,71 @@
|
||||
import math
|
||||
|
||||
def continued_fraction(numerator, denominator):
|
||||
"""Generate the continued fraction expansion of numerator/denominator."""
|
||||
cf = []
|
||||
while denominator:
|
||||
a = numerator // denominator
|
||||
cf.append(a)
|
||||
numerator, denominator = denominator, numerator - a * denominator
|
||||
return cf
|
||||
|
||||
|
||||
def convergents_from_cf(cf):
|
||||
"""Generate convergents (k, d) from a continued fraction sequence cf."""
|
||||
n0, d0 = cf[0], 1
|
||||
yield (n0, 1)
|
||||
if len(cf) == 1:
|
||||
return
|
||||
n1 = cf[1] * cf[0] + 1
|
||||
d1 = cf[1]
|
||||
yield (n1, d1)
|
||||
for i in range(2, len(cf)):
|
||||
ni = cf[i] * n1 + n0
|
||||
di = cf[i] * d1 + d0
|
||||
yield (ni, di)
|
||||
n0, d0, n1, d1 = n1, d1, ni, di
|
||||
|
||||
|
||||
def is_perfect_square(x):
|
||||
"""Check whether x is a perfect square."""
|
||||
if x < 0:
|
||||
return False
|
||||
s = math.isqrt(x)
|
||||
return s * s == x
|
||||
|
||||
|
||||
def wiener_attack(e, n):
|
||||
"""
|
||||
Attempt to recover the RSA private exponent d using Wiener's attack.
|
||||
|
||||
Args:
|
||||
e: Public exponent
|
||||
n: Modulus
|
||||
|
||||
Returns:
|
||||
If successful, returns the private exponent d; otherwise returns None.
|
||||
"""
|
||||
cf = continued_fraction(e, n)
|
||||
for k, d in convergents_from_cf(cf):
|
||||
if k == 0:
|
||||
continue
|
||||
|
||||
# Check whether (e*d - 1) is divisible by k to derive phi
|
||||
if (e * d - 1) % k != 0:
|
||||
continue
|
||||
phi = (e * d - 1) // k
|
||||
|
||||
# Discriminant of x^2 - (n - phi + 1)x + n = 0
|
||||
s = n - phi + 1
|
||||
discr = s * s - 4 * n
|
||||
|
||||
if discr >= 0 and is_perfect_square(discr):
|
||||
t = math.isqrt(discr)
|
||||
|
||||
# Recover p and q
|
||||
p = (s + t) // 2
|
||||
q = (s - t) // 2
|
||||
if p * q == n:
|
||||
return d
|
||||
|
||||
return None
|
||||
Reference in New Issue
Block a user