Then Choose an e,And e and f(n) are mutually prime
mutually prime: The number of conventions is only 1 integer
The modulo inverse of e * d ≡ 1 (mod φ) (modulo inverse element: If two positive integers e and n are prime to each other), Then an integer d must be found such that e * d - 1 is divisible by n, or the remainder of e * d divided by n is 1, At this point, d is called the “modulo inverse element” of e, Euler’s theorem can be used to prove that modulo inverse elements must exist. (Two integers a and b), Divided by and integer M, have equal remainders: a ≡ b(mod m), for example, 5 divided by 3 has a remainder of 2, 11 divided by 3 has a remainder of 2, so it can be written 11 ≡ 5(mod 3).
Encryption of plaintext m: c = pow(m, e, N), Ciphertext c
c = pow(m, e, n)
Decryption of ciphertext c: m = pow(c, d, N), Plaintext m
m = pow(c, d, n)
p and q: two big prime number, N = p * q
N: Big integer, It can be called modulus number
e and d: Two indices that are invariant to each other
c and m: Ciphertext and Plaintext
(N, e): Public Key
(N, d): Private Key
pow(x, y, z): effect equivalence pow(x, y) 1 % z,先计算x的y次方,如果存在另一个参数z,需要再对结果进行取模。
defgcd(a, b): if a < b: a, b = b, a while b != 0: temp = a % b a = b b = temp defgcd_digui(a, b): if b != 0: return a return gcd(b,a%b) n1 = 9051013965404084482870087864821455535159008696042953021965631089095795348830954383127323853272528967729311045179605407693592665683311660581204886571146327720288455874927281128121117323579691204792399913106627543274457036172455814805715668293705603675386878220947722186914112990452722174363713630297685159669328951520891938403452797650685849523658191947411429068829734053745180460758604283051344339641429819373112365211739216160420494167071996438506850526168389386850499796102003625404245645796271690310748804327
n2 = 13225948396179603816062046418717214792668512413625091569997524364243995991961018894150059207824093837420451375240550310050209398964506318518991620142575926623780411532257230701985821629425722030608722035570690474171259238153947095310303522831971664666067542649034461621725656234869005501293423975184701929729170077280251436216167293058560030089006140224375425679571181787206982712477261432579537981278055755344573767076951793312062480275004564657590263719816033564139497109942073701755011873153205366238585665743 p = gcd_digui(n1, n2) print(p)
from isqrt import isqrt deffermat(n): a = isqrt(n) b2 = a * a - n b = isqrt(n) count = 0 while b * b != b2: a = a + 1 b2 = a * a - n b = isqrt(b2) count += 1 p = a + b q = a - b assert n == p * q return p, q
p = gmpy2.mpz(473398607161) q = gmpy2.mpz(4511491) e = gmpy2.mpz(17) n = (p-1)*(q-1) d = gmpy2.invert(e,n) print("d is:\n%s"%d)
已知p、q、e、c求解明文
思路 根据常规的思路,求解出明文m,必须通过通过以下的公式
1
m ≡ pow(c,d) mod n
现在缺少的参数有d、n,其中的n可以通过以下的公式可以求出
1
n = p * q
而d可以通过以下公式求出
1 2
d * e = 1 mod φ(n) φ(n) = (p-1) * (q-1)
例题
p = 9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483 q = 11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407 e = 65537 c = 83208298995174604174773590298203639360540024871256126892889661345742403314929861939100492666605647316646576486526217457006376842280869728581726746401583705899941768214138742259689334840735633553053887641847651173776251820293087212885670180367406807406765923638973161375817392737747832762751690104423869019034
1 2 3 4 5 6 7 8 9 10
import gmpy2 p = 9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483 q = 11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407 e = 65537 c = 83208298995174604174773590298203639360540024871256126892889661345742403314929861939100492666605647316646576486526217457006376842280869728581726746401583705899941768214138742259689334840735633553053887641847651173776251820293087212885670180367406807406765923638973161375817392737747832762751690104423869019034 n = p * q phi_n = (p - 1) * (q - 1) d = gmpy2.invert(e, phi_n) m = pow(c, d, n) print("m=%s" % m)
import gmpy2 from binascii import a2b_hex n = 0xee290c7a603fc23300eb3f0e5868d056b7deb1af33b5112a6da1edc9612c5eeb4ab07d838a3b4397d8e6b6844065d98543a977ed40ccd8f57ac5bc2daee2dec301aac508f9befc27fae4a2665e82f13b1ddd17d3a0c85740bed8d53eeda665a5fc1bed35fbbcedd4279d04aa747ac1f996f724b14f0228366aeae34305152e1f430221f9594497686c9f49021d833144962c2a53dbb47bdbfd19785ad8da6e7b59be24d34ed201384d3b0f34267df4ba8b53f0f4481f9bd2e26c4a3e95cd1a47f806a1f16b86a9fc5e8a0756898f63f5c9144f51b401ba0dd5ad58fb0e97ebac9a41dc3fb4a378707f7210e64c131bca19bd54e39bbfa0d7a0e7c89d955b1c9f e = 0x10001 c = 0x3dbf00a02f924a70f44bdd69e73c46241e9f036bfa49a0c92659d8eb0fe47e42068eaf156a9b3ee81651bc0576a91ffed48610c158dc8d2fb1719c7242704f0d965f8798304925a322c121904b91e5fc5eb3dc960b03eb8635be53b995217d4c317126e0ec6e9a9acfd5d915265634a22a612de962cfaa2e0443b78bdf841ff901423ef765e3d98b38bcce114fede1f13e223b9bd8155e913c8670d8b85b1f3bcb99353053cdb4aef1bf16fa74fd81e42325209c0953a694636c0ce0a19949f343dc229b2b7d80c3c43ebe80e89cbe3a3f7c867fd7cee06943886b0718a4a3584c9d9f9a66c9de29fda7cfee30ad3db061981855555eeac01940b1924eb4c301 p = 57970027 q = 518629368090170828331048663550229634444384299751272939077168648935075604180676006392464524953128293842996441022771890719731811852948684950388211907532651941639114462313594608747413310447500790775078081191686616804987790818396104388332734677935684723647108960882771460341293023764117182393730838418468480006985768382115446225422781116531906323045161803441960506496275763429558238732127362521949515590606221409745127192859630468854653290302491063292735496286233738504010613373838035073995140744724948933839238851600638652315655508861728439180988253324943039367876070687033249730660337593825389358874152757864093
phi_n = (p - 1) * (q - 1) # d = hex(gmpy2.invert(e, phi_n)) # print(d) d = 0x9186c78d098af6815622ea9901cf84a89ead578a6dbdded7d7fc63531756239dc586501216fc2e4bd1a8cee7e62284d16d91195f356d733a52dff011ebc3bf1e5d62af54d0455ea2f6ec948f45f34931f5b0b4478b16c66951a95d2f069a6c8867a6bc673c8e40052a54dbc5c1aeacbbfae7cad150a4f41ef4a02b1c97d70636ae187ed3c45f2551696a6a1172ae4089e033fb4853057c0f1e227d71ccf24fb27073ca4fe4ac3744dfed2cd7763c47ac4ae4d42820a19d68961bc103bb9016197463875169d062b45807e2e86aa17fa65e3088cc75ef35f984d0ca92d4c9270c2e694eb1f5df16b7ebe32b5c1d26086d6aac5fe327288f2904cb54164db39151 flag = a2b_hex(hex(pow(c,d,n))[2:]) print(flag)
已知c、e,求解明文
首先通过公钥文件public.pem获取n、e
通过公钥文件获取n、e
1 2 3 4 5 6 7 8 9 10 11
from Crypto.PublicKey import RSA
public = RSA.importKey(open("./RSA/public.pem").read()) n = public.n e = public.e print("n=\n%s\ne=\n%s"%(n,e))
#coding:utf-8 def egcd(a, b): #扩展欧几里德算法 if a == 0: return (b, 0, 1) else: g, y, x = egcd(b % a, a) return (g, x - (b // a) * y, y) def modinv(a, m): #d=modinv(e,(p-1)*(q-1)) g, x, y = egcd(a, m) if g != 1: raise Exception('modular inverse does not exist') else: return x % m