Factoring

So far we’ve been using the product of small primes for the modulus, but small primes aren’t much good for RSA as they can be factorised using modern methods.

What is a “small prime”? There was an RSA Factoring Challenge with cash prizes given to teams who could factorise RSA moduli. This gave insight to the public into how long various key sizes would remain safe. Computers get faster, algorithms get better, so in cryptography it’s always prudent to err on the side of caution.

These days, using primes that are at least 1024 bits long is recommended—multiplying two such 1024 primes gives you a modulus that is 2048 bits large. RSA with a 2048-bit modulus is called RSA-2048.

Some say that to really remain future-proof you should use RSA-4096 or even RSA-8192. However, there is a tradeoff here; it takes longer to generate large prime numbers, plus modular exponentiations are predictably slower with a large modulus.

Factorise the 150-bit number 510143758735509025530880200653196460532653147into its two constituent primes. Give the smaller one as your answer.

Resources:

• How big an RSA key is considered secure today?
• primefac-fork

方式1：质因数分解网站：http://factordb.com/

方式2：Using sagemath

# in SageMath
factor(510143758735509025530880200653196460532653147 )
# 19704762736204164635843 * 25889363174021185185929

相关视频：https://www.youtube.com/watch?v=SmJRKo4XL18&ab_channel=JohnHammond

这个视频内容是有关RSA整数分解的一道题，作用使用python的pwntools模块来维持一个http session 通过该session完成提交整数分解的结果。质因数分解用的是python primefac module。

summary：
现有的整数分解算法可以快速分解“小整数”。因此RSA中小模数N是不安全的。

Monoprime

Why is everyone so obsessed with multiplying two primes for RSA. Why not just use one?

Challenge files:

• output.txt

Resources:

• Why do we need in RSA the modulus to be product of 2 primes?

#!/usr/bin/env python3
from Crypto.Util import number
n = 171731371218065444125482536302245915415603318380280392385291836472299752747934607246477508507827284075763910264995326010251268493630501989810855418416643352631102434317900028697993224868629935657273062472544675693365930943308086634291936846505861203914449338007760990051788980485462592823446469606824421932591
e = 65537
ct = 161367550346730604451454756189028938964941280347662098798775466019463375610700074840105776873791605070092554650190486030367121011578171525759600774739890458414593857709994072516290998135846956596662071379067305011746842247628316996977338024343628757374524136260758515864509435302781735938531030576289086798942if number.isPrime(n):phi_n = n - 1d = number.inverse(e, phi_n)pt = pow(ct, d, n)pt = number.long_to_bytes(pt).decode()print(pt)

Manyprime

题目描述
Using one prime factor was definitely a bad idea so I’ll try using over 30 instead.

If it’s taking forever to factorise, read up on factorisation algorithms and make sure you’re using one that’s optimised for this scenario.

Challenge files:

• output.txt

Resources:

• The Elliptic Curve Factorization Method

首先对N进行素因子分解

# in sagemath
n = 580642391898843192929563856870897799650883152718761762932292482252152591279871421569162037190419036435041797739880389529593674485555792234900969402019055601781662044515999210032698275981631376651117318677368742867687180140048715627160641771118040372573575479330830092989800730105573700557717146251860588802509310534792310748898504394966263819959963273509119791037525504422606634640173277598774814099540555569257179715908642917355365791447508751401889724095964924513196281345665480688029639999472649549163147599540142367575413885729653166517595719991872223011969856259344396899748662101941230745601719730556631637
e = 65537
ct = 320721490534624434149993723527322977960556510750628354856260732098109692581338409999983376131354918370047625150454728718467998870322344980985635149656977787964380651868131740312053755501594999166365821315043312308622388016666802478485476059625888033017198083472976011719998333985531756978678758897472845358167730221506573817798467100023754709109274265835201757369829744113233607359526441007577850111228850004361838028842815813724076511058179239339760639518034583306154826603816927757236549096339501503316601078891287408682099750164720032975016814187899399273719181407940397071512493967454225665490162619270814464
ecm.factor(n)

得到素分解之后，

1. 计算N的Euler totient
2. 求e的逆元，得到d
3. 执行RSA解密算法
4. 将数字转换为字符串，得到flag

#!/usr/bin/env python3
from Crypto.Util import number
n = 580642391898843192929563856870897799650883152718761762932292482252152591279871421569162037190419036435041797739880389529593674485555792234900969402019055601781662044515999210032698275981631376651117318677368742867687180140048715627160641771118040372573575479330830092989800730105573700557717146251860588802509310534792310748898504394966263819959963273509119791037525504422606634640173277598774814099540555569257179715908642917355365791447508751401889724095964924513196281345665480688029639999472649549163147599540142367575413885729653166517595719991872223011969856259344396899748662101941230745601719730556631637
e = 65537
ct = 320721490534624434149993723527322977960556510750628354856260732098109692581338409999983376131354918370047625150454728718467998870322344980985635149656977787964380651868131740312053755501594999166365821315043312308622388016666802478485476059625888033017198083472976011719998333985531756978678758897472845358167730221506573817798467100023754709109274265835201757369829744113233607359526441007577850111228850004361838028842815813724076511058179239339760639518034583306154826603816927757236549096339501503316601078891287408682099750164720032975016814187899399273719181407940397071512493967454225665490162619270814464# 通过sage对N进行分解得到
factors = [9282105380008121879,9303850685953812323,9389357739583927789,10336650220878499841,10638241655447339831,11282698189561966721,11328768673634243077,11403460639036243901,11473665579512371723,11492065299277279799,11530534813954192171,11665347949879312361,12132158321859677597,12834461276877415051,12955403765595949597,12973972336777979701,13099895578757581201,13572286589428162097,14100640260554622013,14178869592193599187,14278240802299816541,14523070016044624039,14963354250199553339,15364597561881860737,15669758663523555763,15824122791679574573,15998365463074268941,16656402470578844539,16898740504023346457,17138336856793050757,17174065872156629921,17281246625998849649]
phi_n = 1
for i in factors:phi_n *= i-1
d = number.inverse(e, phi_n)  # get private key
pt = number.long_to_bytes(pow(ct, d, n)).decode()
print(pt)

在线的sagemath: https://sagecell.sagemath.org/
sage lesson: https://github.com/fredstro/sage-lesson-nt
sage 官方教程https://doc.sagemath.org/html/en/index.html
博客教程1：https://cocalc.com/share/public_paths/embed/ee63291fa9aadeb8d5830f5c518cddb466501a70
博客教程2： https://blog.devgenius.io/sagemath-doing-math-in-python-8c34765254f7

Salty

题目描述：
Smallest exponent should be fastest, right?
Challenge files:

• salty.py
• output.txt

由于公钥 e = 1 e=1 e=1，因此无论 $\varphi (n)$的值为多少，私钥 d d d始终为1。

#!/usr/bin/env python3
from Crypto.Util import number
n = 110581795715958566206600392161360212579669637391437097703685154237017351570464767725324182051199901920318211290404777259728923614917211291562555864753005179326101890427669819834642007924406862482343614488768256951616086287044725034412802176312273081322195866046098595306261781788276570920467840172004530873767
e = 1
ct = 44981230718212183604274785925793145442655465025264554046028251311164494127485
d = 1pt = pow(ct, d, n)
flag = number.long_to_bytes(pt).decode()
print(flag)

这道题告诉我们，RSA的公钥采用 e = 1 e=1 e=1不安全。

Modulus Inutilis

My primes should be more than large enough now!

Challenge files:

• modulus_inutilis.py
• output.txt

#!/usr/bin/env python3
import gmpy2
from Crypto.Util import number"""
Because m is small, m^3 is close to n, so we can compute the 3-th root of  c + k*n where k=0,1,2...
"""n = 17258212916191948536348548470938004244269544560039009244721959293554822498047075403658429865201816363311805874117705688359853941515579440852166618074161313773416434156467811969628473425365608002907061241714688204565170146117869742910273064909154666642642308154422770994836108669814632309362483307560217924183202838588431342622551598499747369771295105890359290073146330677383341121242366368309126850094371525078749496850520075015636716490087482193603562501577348571256210991732071282478547626856068209192987351212490642903450263288650415552403935705444809043563866466823492258216747445926536608548665086042098252335883
e = 3
ct = 243251053617903760309941844835411292373350655973075480264001352919865180151222189820473358411037759381328642957324889519192337152355302808400638052620580409813222660643570085177957def low_e_attack(ct,e,n):i = 0while True:y, r = gmpy2.iroot(ct + i * n, e) # Return the integer n-th root of x and boolean value that is True iff the root is exact. x >= 0. n > 0.if r == True:print(f"i ={i}")flag = number.long_to_bytes(y).decode()print(flag)exit()i = i + 1if __name__ == "__main__":low_e_attack(ct,e,n)

Diffie-Hellman Starter 1

The set of integers modulo n, together with the operations of both addition and multiplication is a ring. This means that adding or multiplying any two elements in the set returns another element in the set.

When the modulus is prime: n = p, we are guaranteed an inverse of every element in the set, and so the ring is promoted to a field. We refer to this field as a finite field $F$.

The Diffie-Hellman protocol works with elements of some finite field Fp, where the prime modulus is typically a large prime.

Given the prime p = 991, and the element g = 209, find the inverse element d such that g * d mod 991 = 1.

#!/usr/bin/env python3from Crypto.Util import numberp = 991
g = 209
d = number.inverse(g, p)
print(f"d ={d}")

[CryptoHack] Public-key Cryptography Partial Solutions相关推荐

1. 公钥密码学标准(Public Key Cryptography Standards, PKCS)

   PKCS 公钥加密标准(Public Key Cryptography Standards, PKCS),此一标准的设计与发布皆由RSA资讯安全公司( RSA Security LLC)所制定. RS ...

2. 簡單瞭解公開密鐮加密 public key cryptography

   2019独角兽企业重金招聘Python工程师标准>>> 甲用乙的公鐮加密文件 傳輸 乙用乙的私鐮解密文件 转载于:https://my.oschina.net/chuangpoyao ...

3. 安装ubuntu系统操作系统详细流程、ubuntu管理包命令apt和dpkg命令详细说明、一键部署openstack环境、DBeaver下载驱动报错和登录提示RSA public key.. 解决方法

   文章目录 安装ubuntu操作系统 安装vmware,我这的版本是16 . 创建虚拟机 设置网络.[你没有啥特殊需求,忽略该步骤] 开启处理器虚拟化 开始安装ubuntu系统 配置sshd和修改roo ...

4. linux 安装rpm no key,yum 安装报 关于Public key for *.rpm is not installed 的解决方法

   yum 安装报 关于Public key for *.rpm is not installed 的解决方法 发布时间:2012-10-24 19:52:13来源:红联作者:静静飞舞 [root@0fl ...

5. linux centos7 yum 报错 Public key for *.rpm is not installed 解决方法

   报错信息: [root@localhost backup]# yum -y install net-snmp Loaded plugins: fastestmirror Repository base ...

6. apt-get出现no public key available for the following key IDs

   今天在升级一台debian的时候,因为换了163的源.另外一台好好的.但是这台出错了 出现 Reading package lists... Done W: There is no public ke ...

7. 解决java.sql.SQLNonTransientConnectionException: Public Key Retrieval is not allowed

   解决java.sql.SQLNonTransientConnectionException: Public Key Retrieval is not allowed 在连接数据库的url中,加上all ...

8. 关于Public key for *.rpm is not installed 的解决方法

   今天在安装mysql提示错误 Public key for mysql-server-5.0.45-7.el5.i386.rpm is not installed 解决方法: 此时要导入rpm的签名信 ...

9. sudo apt-get update后public key is not available公钥不存在问题解决

   sudo apt-get update后public key is not available公钥不存在问题解决 执行指令 sudo apt-get update,报错:之前添加的名F42ED6FBA ...

最新文章

1. if submission is included through the excel
2. java反射模式_Java反射机制详解
3. python列表添加字符串_2.python基础之—列表，元组，字典，集合，字符串的使用方法...
4. Solr 通过fl可以设置需要返回的字段
5. 使用计算机系统管理商品存货,ERP管理系统中编码的意义
6. VS快速生成JSON数据格式对应的实体
7. Java引用常量得好处_JAVA常量池的作用
8. [Unity]技巧分享：更改Unity Asset Store 默认下载资源位置的方法
9. linux迅雷下载命令,命令行也强大之下载迅雷资源的方法
10. 华为HG8120C光猫换天邑TEWA-600AGM(百兆换千兆)的过程记录
11. pytorch之transforms
12. AI人工智能ml5.js在线实现图片变卡通图像，照片变卡通图像
13. win10开机系统恢复（WinRE）中找不到系统恢复映像或功能不全的解决方法
14. 多卡并行训练遇到的问题
15. 软件测试——Docker基本命令汇总
16. 日本银发经济科技范儿十足
17. unity 全息和xRay shader
18. 在一张图片上显示热力图（前端）
19. 黑板课爬虫闯关第一关
20. 根据经纬度画多边形（返回各个顶点坐标）

热门文章

1. 非对称加密与数字签名的介绍与使用
2. 曾鸣《智能商业》- 读书笔记
3. 神器BTrace快速入门
4. Edge开启IE兼容模式---针对指定网址URL开启Internet Explorer模式页面 设置指南
5. LoRaServer 笔记 2.6 WebUI 中 Rest API 的调用逻辑分析
6. 【第13天】给定一个十进制数字 B ，请你把它转换为R进制打印 | 进制转换
7. QT for android 获取PDA扫码的广播数据
8. 【语音识别】基于matlab语音分帧+端点检测+pitch提取+DTW算法歌曲识别【含Matlab源码 1057期】
9. 小弟全力推荐的MFC好资料——定期更新
10. 基于JAVA对象流写的图书进销存系统管理