针对N=p^r*q分解之初探

论文地址:https://eprint.iacr.org/2015/399.pdf

题目:https://www.nssctf.cn/problem/2016

from Crypto.Util.number import bytes_to_long, getPrime

from secret import msg

from sympy import nextprime

from gmpy2 import invert

from hashlib import md5

flag = 'd3ctf{'+md5(msg).hexdigest()+'}'

p = getPrime(256)

q = getPrime(256)

assert p > q

n = p * q

e = 0x10001

m = bytes_to_long(msg)

c = pow(m, e, n)

N = pow(p, 7) * q

phi = pow(p, 6) * (p - 1) * (q - 1)

d1 = getPrime(2000)

d2 = nextprime(d1 + getPrime(1000))

e1 = invert(d1, phi)

e2 = invert(d2, phi)

print(f'c = {c}')

print(f'N = {N}')

print(f'e1 = {e1}')

print(f'e2 = {e2}')

'''

c = 2420624631315473673388732074340410215657378096737020976722603529598864338532404224879219059105950005655100728361198499550862405660043591919681568611707967

N = 1476751427633071977599571983301151063258376731102955975364111147037204614220376883752032253407881568290520059515340434632858734689439268479399482315506043425541162646523388437842149125178447800616137044219916586942207838674001004007237861470176454543718752182312318068466051713087927370670177514666860822341380494154077020472814706123209865769048722380888175401791873273850281384147394075054950169002165357490796510950852631287689747360436384163758289159710264469722036320819123313773301072777844457895388797742631541101152819089150281489897683508400098693808473542212963868834485233858128220055727804326451310080791

e1 = 425735006018518321920113858371691046233291394270779139216531379266829453665704656868245884309574741300746121946724344532456337490492263690989727904837374279175606623404025598533405400677329916633307585813849635071097268989906426771864410852556381279117588496262787146588414873723983855041415476840445850171457530977221981125006107741100779529209163446405585696682186452013669643507275620439492021019544922913941472624874102604249376990616323884331293660116156782891935217575308895791623826306100692059131945495084654854521834016181452508329430102813663713333608459898915361745215871305547069325129687311358338082029

e2 = 1004512650658647383814190582513307789549094672255033373245432814519573537648997991452158231923692387604945039180687417026069655569594454408690445879849410118502279459189421806132654131287284719070037134752526923855821229397612868419416851456578505341237256609343187666849045678291935806441844686439591365338539029504178066823886051731466788474438373839803448380498800384597878814991008672054436093542513518012957106825842251155935855375353004898840663429274565622024673235081082222394015174831078190299524112112571718817712276118850981261489528540025810396786605197437842655180663611669918785635193552649262904644919

'''

这题的话:N=p^r*q

如果

\[|d_2-d_1|<N^{\frac{r(r-1)}{(r+1)^2}}
\]

这题的话,r=7

\[N=p^7*q\\
phi=p^6*(p-1)*(q-1)\\
d_2=d_1+x_0\\
e_1d_1\equiv 1\ mod\ phi\\
e_2d_2\equiv 1\ mod\ phi
\]

将后面的两个式子分别乘以e2,e1,并且作差得到

\[e_1e_2(d_1-d_2)+(e_2-e_1)\equiv 0\ mod\ phi\\
e_1e_2x_0+e_2-e_1\equiv 0\ mod\ phi
\]

等价于等式

\[g(x)=x-a\equiv 0(mod\ p^{r-1})
\]

其中

\[a=(e_2-e_1)(e_1e_2)^{-1}\ (mod\ N)
\]

\[gcd(e_1e_2x-(e_2-e_1),N)=g
\]

exp

from Crypto.Util.number import *

from hashlib import md5

from gmpy2 import iroot

e = 65537

c = 2420624631315473673388732074340410215657378096737020976722603529598864338532404224879219059105950005655100728361198499550862405660043591919681568611707967

N = 1476751427633071977599571983301151063258376731102955975364111147037204614220376883752032253407881568290520059515340434632858734689439268479399482315506043425541162646523388437842149125178447800616137044219916586942207838674001004007237861470176454543718752182312318068466051713087927370670177514666860822341380494154077020472814706123209865769048722380888175401791873273850281384147394075054950169002165357490796510950852631287689747360436384163758289159710264469722036320819123313773301072777844457895388797742631541101152819089150281489897683508400098693808473542212963868834485233858128220055727804326451310080791

e1 = 425735006018518321920113858371691046233291394270779139216531379266829453665704656868245884309574741300746121946724344532456337490492263690989727904837374279175606623404025598533405400677329916633307585813849635071097268989906426771864410852556381279117588496262787146588414873723983855041415476840445850171457530977221981125006107741100779529209163446405585696682186452013669643507275620439492021019544922913941472624874102604249376990616323884331293660116156782891935217575308895791623826306100692059131945495084654854521834016181452508329430102813663713333608459898915361745215871305547069325129687311358338082029

e2 = 1004512650658647383814190582513307789549094672255033373245432814519573537648997991452158231923692387604945039180687417026069655569594454408690445879849410118502279459189421806132654131287284719070037134752526923855821229397612868419416851456578505341237256609343187666849045678291935806441844686439591365338539029504178066823886051731466788474438373839803448380498800384597878814991008672054436093542513518012957106825842251155935855375353004898840663429274565622024673235081082222394015174831078190299524112112571718817712276118850981261489528540025810396786605197437842655180663611669918785635193552649262904644919

a = (e2-e1)*inverse(e1*e2,N) % N

PR.<x> = PolynomialRing(Zmod(N))

f = x - a

res =  f.small_roots(2^1000,beta = 0.4)

x = res[0]

p_6 = int(gcd(x-a,N))

p = int(iroot(int(p_6),6)[0])

q = N//p**7

print(q)

phi = (p-1)*(q-1)

d = inverse(e,phi)

n = p*q

msg = long_to_bytes(int(pow(c,d,n)))

flag = 'd3ctf{'+md5(msg).hexdigest()+'}'

print(flag)

针对N=p^rq分解之初探的更多相关文章

  1. 开源项目audioFlux: 针对音频领域的深度学习工具库

    目录 时频变换 频谱重排 倒谱系数 解卷积 谱特征 音乐信息检索 audioFlux是一个Python和C实现的库,提供音频领域系统.全面.多维度的特征提取与组合,结合各种深度学习网络模型,进行音频领 ...

  2. 解密jQuery内核 DOM操作的核心buildFragment

    文档碎片是什么 http://www.w3.org/TR/REC-DOM-Level-1/level-one-core.html#ID-B63ED1A3 DocumentFragment is a & ...

  3. numpy 辨异(三)—— hstack/column_stack,linalg.eig/linalg.eigh

    1. np.hstack np.column_stack >>> np.hstack([np.array([1, 2, 3]), np.array([4, 5, 6])]) arra ...

  4. 基于HHT和RBF神经网络的故障检测——第二篇论文读后感

    故障诊断主要包括三部分: 1.故障信号检测方法(定子电流信号检测 [ 定子电流幅值和电流频谱 ] ,振动信号检测,温度信号检测,磁通检测法,绝缘检测法,噪声检测法) 2.故障信号的处理方法,即故障特征 ...

  5. 简单RSA攻击方式

    RSA攻击方式总结 1.模数分解 1).解题思路 ​ a).找到RSA算法中的公钥(e,n) ​ b).通过n来找到对应的p和q,然后求得φ(n) ​ c).通过gmpy2.invert或者gmpy2 ...

  6. 针对缓冲区保护技术(ASLR)的一次初探

    0x01 前言 ASLR 是一种针对缓冲区溢出的安全保护技术,通过对堆.栈.共享库映射等线性区布局的随机化,通过增加攻击者预测目的地址的难度,防止攻击者直接定位攻击代码位置,达到阻止溢出攻击的目的的一 ...

  7. ReactNative学习实践--动画初探之加载动画

    学习和实践react已经有一段时间了,在经历了从最初的彷徨到解决痛点时的兴奋,再到不断实践后遭遇问题时的苦闷,确实被这一种新的思维方式和开发模式所折服,react不是万能的,在很多场景下滥用反而会适得 ...

  8. 初探Lambda表达式/Java多核编程【2】并行与组合行为

    今天又翻了一下书的目录,第一章在这之后就结束了.也就是说,这本书所涉及到的新的知识已经全部点到了. 书的其余部分就是对这几个概念做一些基础知识的补充以及更深层次的实践. 最后两个小节的内容较少,所以合 ...

  9. 【GCN】图卷积网络初探——基于图(Graph)的傅里叶变换和卷积

    [GCN]图卷积网络初探——基于图(Graph)的傅里叶变换和卷积 2018年11月29日 11:50:38 夏至夏至520 阅读数 5980更多 分类专栏: # MachineLearning   ...

  10. 07.LoT.UI 前后台通用框架分解系列之——强大的文本编辑器

    LOT.UI分解系列汇总:http://www.cnblogs.com/dunitian/p/4822808.html#lotui LoT.UI开源地址如下:https://github.com/du ...

随机推荐

  1. maven:Could not transfer artifact from/to maven-default-http-blocker (http://0.0.0.0/): Blocked m...

    今天在拉完项目后拉取包的过程中,maven报错: Could not transfer artifact from/to 对应的包 maven-default-http-blocker (http:/ ...

  2. Qt音视频开发49-通用截图截屏

    一.前言 采用了回调方式的视频通道,截图只需要对解析好的QImage对象直接保存即可,而对于句柄的形式,需要调用不同的处理策略,比如vlc需要用它自己提供的api接口函数libvlc_video_ta ...

  3. JavaWeb代码架构中类之间的引用关系

    为了加深对Java Web代码架构中类之间的引用关系的理解和记忆,特绘制了这一张图. Java EE应用架构:

  4. AI应用平台搭建之旅(上) - 框架篇(附:AICon大会阿里国际Agent应用平台分享)

    前言 LangEngine内源项目发起于阿里巴巴集团内部组织,LangEngine是类似LLM应用开发框架LangChain的纯Java版本.该框架现已正式对外开源:https://github.co ...

  5. Apgar score

    Apgar score Apgar is a quick test performed on a baby at 1 and 5 minutes after birth. The 1-minute s ...

  6. Applitools_问题汇总

    1.  Android使用Real Device 问题1: AttributeError: 'NoneType' object has no attribute 'to_capabilities' 解 ...

  7. (五).NET6.0使用Serilog进行配置和实现日志记录

    1.首先安装Serilog六件套神装包 也可以对个别相应的包进行删除等,例如:1是读取配置文件的,如果不需要通过配置文件进行操作,就可以不使用这个包.2是打印到控制台的,如果不需要打印到控制台,也可以 ...

  8. CDS标准视图:维护项目数据 C_MaintenanceItemDEX

    视图名称:维护项目数据 C_MaintenanceItemDEX 视图类型:基础 视图代码: 点击查看代码 @AbapCatalog.sqlViewName: 'CMAINTITEMDEX' @Aba ...

  9. Quartz调度框架详解、运用场景、与集群部署实践

    以下将分别从Quartz架构简介.集群部署实践.Quartz监控.集群原理分析详解Quartz任务调度框架. Quartz简介 Quartz是Java领域最著名的开源任务调度工具,是一个任务调度框架, ...

  10. biancheng-Linux教程

    目录http://c.biancheng.net/linux_tutorial/ 1Linux简介2Linux安装3Linux文件和目录管理4Linux打包(归档)和压缩5Vim文本编辑器6Linux ...