记 LCG 例题

已于 2024-05-27 10:35:24 修改
阅读量1.3k 收藏 4
点赞数 6
分类专栏: 总结性 文章标签: 密码学 安全
于 2023-05-21 13:11:03 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/XiongSiqi_blog/article/details/130790621
版权

文章目录


(PS:网上有很多原理,这里就不过多赘述了,直接上题)
在这里插入图片描述

题一(seed,a,b,n,c)

题目描述:

from Crypto.Util.number import *
flag = b'Spirit{***********************}'

plaintext = bytes_to_long(flag)
length = plaintext.bit_length()

a = getPrime(length)
b = getPrime(length)
n = getPrime(length)

seed = 33477128523140105764301644224721378964069
print("seed = ",seed)
for i in range(10):
    seed = (a*seed+b)%n
ciphertext = seed^plaintext
print("a = ",a)
print("b = ",b)
print("n = ",n)
print("c = ",ciphertext)
# seed =  33477128523140105764301644224721378964069
# a =  216636540518719887613942270143367229109002078444183475587474655399326769391
# b =  186914533399403414430047931765983818420963789311681346652500920904075344361
# n =  155908129777160236018105193822448288416284495517789603884888599242193844951
# c =  209481865531297761516458182436122824479565806914713408748457524641378381493

解题代码:

from Crypto.Util.number import *
# seed = 66922225691609264283867072422037270235122544465805107339080357133935022024
seed =   33477128523140105764301644224721378964069
a = 216636540518719887613942270143367229109002078444183475587474655399326769391
b = 186914533399403414430047931765983818420963789311681346652500920904075344361
n = 155908129777160236018105193822448288416284495517789603884888599242193844951
c = 209481865531297761516458182436122824479565806914713408748457524641378381493
for i in range(10):
    seed = (a * seed + b) % n

m = c ^ seed
print(long_to_bytes(m))
# Spirit{0ops!___you_know__LCG!!}

题二(a,b,n,c)

题目描述:

from Crypto.Util.number import *
flag = b'Spirit{*****************************}'

plaintext = bytes_to_long(flag)
length = plaintext.bit_length()

a = getPrime(length)
b = getPrime(length)
n = getPrime(length)

seed = plaintext

for i in range(10):
    seed = (a*seed+b)%n
ciphertext = seed

print("a = ",a)
print("b = ",b)
print("n = ",n)
print("c = ",ciphertext)

# a =  59398519837969938359106832224056187683937568250770488082448642852427682484407513407602969
# b =  32787000674666987602016858366912565306237308217749461581158833948068732710645816477126137
# n =  43520375935212094874930431059580037292338304730539718469760580887565958566208139467751467
# c =  8594514452808046357337682911504074858048299513743867887936794439125949418153561841842276

解题代码(直接套用解题公式即可):

import gmpy2
from Crypto.Util.number import *
a =  59398519837969938359106832224056187683937568250770488082448642852427682484407513407602969
b =  32787000674666987602016858366912565306237308217749461581158833948068732710645816477126137
n =  43520375935212094874930431059580037292338304730539718469760580887565958566208139467751467
c =  8594514452808046357337682911504074858048299513743867887936794439125949418153561841842276
seed = c
inv_a = gmpy2.invert(a,n)
for i in range(10):
    seed = (seed - b) * inv_a % n
m = seed
print(long_to_bytes(m))
# Spirit{Orzzz__number_the0ry_master!!}

题三(a,n,output[6],output[7])

from Crypto.Util.number import *
flag = b'Spirit{*********************}'
plaintext = bytes_to_long(flag)
length = plaintext.bit_length()

a = getPrime(length)
seed = getPrime(length)
n = getPrime(length)

b = plaintext

output = []
for i in range(10):
    seed = (a*seed+b)%n
    output.append(seed)
ciphertext = seed

print("a = ",a)
print("n = ",n)
print("output1 = ",output[6])
print("output2 = ",output[7])

# a =  3227817955364471534349157142678648291258297398767210469734127072571531
# n =  2731559135349690299261470294200742325021575620377673492747570362484359
# output1 =  56589787378668192618096432693925935599152815634076528548991768641673
# output2 =  2551791066380515596393984193995180671839531603273409907026871637002460

解题代码(两式相减即可得到b):

a = 3227817955364471534349157142678648291258297398767210469734127072571531
n = 2731559135349690299261470294200742325021575620377673492747570362484359
output1 = 56589787378668192618096432693925935599152815634076528548991768641673
output2 = 2551791066380515596393984193995180671839531603273409907026871637002460
b = output2 - a * output1 % n
print(long_to_bytes(b))
# Spirit{Y0u_@r3_g00d_at__math}

题四(n,output)

from Crypto.Util.number import *
flag = b'Spirit{********************************}'

plaintext = bytes_to_long(flag)
length = plaintext.bit_length()

a = getPrime(length)
b = getPrime(length)
n = getPrime(length)

seed = plaintext
output = []
for i in range(10):
    seed = (a*seed+b)%n
    output.append(seed)


print("n = ",n)
print("output = ",output)
# n =  714326667532888136341930300469812503108568533171958701229258381897431946521867367344505142446819
# output =  [683884150135567569054700309393082274015273418755015984639210872641629102776137288905334345358223, 285126221039239401347664578761309935673889193236512702131697050766454881029340147180552409870425, 276893085775448203669487661735680485319995668779836512706851431217470824660349740546793492847822, 670041467944152108349892479463033808393249475608933110640580388877206700116661070302382578388629, 122640993538161410588195475312610802051543155060328971488277224112081166784263153107636108815824, 695403107966797625391061914491496301998976621394944936827202540832952594905520247784142392337171, 108297989103402878258100342544600235524390749601427490182149765480916965811652000881230504838949, 3348901603647903020607356217291999644800579775392251732059562193080862524671584235203807354488, 632094372828241320671255647451901056399237760301503199444470380543753167478243100611604222284853, 54758061879225024125896909645034267106973514243188358677311238070832154883782028437203621709276]

解题代码(还是那句话,按照推导公式来):
在这里插入图片描述

import gmpy2
from Crypto.Util.number import *
n =  714326667532888136341930300469812503108568533171958701229258381897431946521867367344505142446819
output =  [683884150135567569054700309393082274015273418755015984639210872641629102776137288905334345358223, 285126221039239401347664578761309935673889193236512702131697050766454881029340147180552409870425, 276893085775448203669487661735680485319995668779836512706851431217470824660349740546793492847822, 670041467944152108349892479463033808393249475608933110640580388877206700116661070302382578388629, 122640993538161410588195475312610802051543155060328971488277224112081166784263153107636108815824, 695403107966797625391061914491496301998976621394944936827202540832952594905520247784142392337171, 108297989103402878258100342544600235524390749601427490182149765480916965811652000881230504838949, 3348901603647903020607356217291999644800579775392251732059562193080862524671584235203807354488, 632094372828241320671255647451901056399237760301503199444470380543753167478243100611604222284853, 54758061879225024125896909645034267106973514243188358677311238070832154883782028437203621709276]
inv = gmpy2.invert(output[1] - output[0],n) % n
a = (output[2] - output[1]) * inv % n
b = (output[1] - a * output[0]) % n
inv_a = gmpy2.invert(a,n)
seed = (output[0] - b) * inv_a % n
print(long_to_bytes(seed))
# Spirit{Gr3at__J0b!_You_can_be___better!}

题五(output)

题目描述:

from Crypto.Util.number import *
flag = b'Spirit{****************************************}'

plaintext = bytes_to_long(flag)
length = plaintext.bit_length()

a = getPrime(length)
b = getPrime(length)
n = getPrime(length)

seed = plaintext
output = []
for i in range(10):
    seed = (a*seed+b)%n
    output.append(seed)

print("output = ",output)
# output =  [9997297986272510947766344959498975323136012075787120721424325775003840341552673589487134830298427997676238039214108, 4943092972488023184271739094993470430272327679424224016751930100362045115374960494124801675393555642497051610643836, 6774612894247319645272578624765063875876643849415903973872536662648051668240882405640569448229188596797636795502471, 9334780454901460926052785252362305555845335155501888087843525321238695716687151256717815518958670595053951084051571, 2615136943375677027346821049033296095071476608523371102901038444464314877549948107134114941301290458464611872942706, 11755491858586722647182265446253701221615594136571038555321378377363341368427070357031882725576677912630050307145062, 7752070270905673490804344757589080653234375679657568428025599872155387643476306575613147681330227562712490805492345, 8402957532602451691327737154745340793606649602871190615837661809359377788072256203797817090151599031273142680590748, 2802440081918604590502596146113670094262600952020687184659605307695151120589816943051322503094363578916773414004662, 5627226318035765837286789021891141596394835871645925685252241680021740265826179768429792645576780380635014113687982]

解题代码(先求出n,求出n后,解法和上一题一毛一样):

import gmpy2
from Crypto.Util.number import *
# 逆元求法
MMI = lambda A, n,s=1,t=0,N=0: (n < 2 and t%N or MMI(n, A%n, t, s-A//n*t, N or n),-1)[n<1] # 逆元计算

s = [9997297986272510947766344959498975323136012075787120721424325775003840341552673589487134830298427997676238039214108, 4943092972488023184271739094993470430272327679424224016751930100362045115374960494124801675393555642497051610643836, 6774612894247319645272578624765063875876643849415903973872536662648051668240882405640569448229188596797636795502471, 9334780454901460926052785252362305555845335155501888087843525321238695716687151256717815518958670595053951084051571, 2615136943375677027346821049033296095071476608523371102901038444464314877549948107134114941301290458464611872942706, 11755491858586722647182265446253701221615594136571038555321378377363341368427070357031882725576677912630050307145062, 7752070270905673490804344757589080653234375679657568428025599872155387643476306575613147681330227562712490805492345, 8402957532602451691327737154745340793606649602871190615837661809359377788072256203797817090151599031273142680590748, 2802440081918604590502596146113670094262600952020687184659605307695151120589816943051322503094363578916773414004662, 5627226318035765837286789021891141596394835871645925685252241680021740265826179768429792645576780380635014113687982]
t = []
for i in range(9): # len(out) - 1
    t.append(s[i+1]-s[i])

for i in range(6): # len(t) - 3
    n = gmpy2.gcd(t[i+3] * t[i+1] - t[i+2] * t[i+2],t[i+2] * t[i] - t[i+1] * t[i+1])
    # inv = gmpy2.invert(s[1] - s[0],n) % n # 可恶,这个求逆元竟然报错
    inv = MMI(s[1] - s[0], n) % n
    a = (s[2] - s[1]) * inv % n
    b = (s[1] - a * s[0]) % n
    # inv_a = gmpy2.invert(a,n) 
    inv_a = MMI(a, n)
    seed = (s[0] - b) * inv_a % n
    print(long_to_bytes(seed))
# Spirit{final__lcg__is__co0m1ing__are_you_ready?}

题六(output)

题目描述:

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
bit_len = m.bit_length()
a = getPrime(bit_len)
b = getPrime(bit_len)
p = getPrime(bit_len+1)

seed = m
result = []
for i in range(10):
    seed = (a*seed+b)%p
    result.append(seed)
print(result)

result = [699175025435513913222265085178805479192132631113784770123757454808149151697608216361550466652878, 193316257467202036043918706856603526262215679149886976392930192639917920593706895122296071643390, 1624937780477561769577140419364339298985292198464188802403816662221142156714021229977403603922943, 659236391930254891621938248429619132720452597526316230221895367798170380093631947248925278766506, 111407194162820942281872438978366964960570302720229611594374532025973998885554449685055172110829, 1415787594624585063605356859393351333923892058922987749824214311091742328340293435914830175796909, 655057648553921580727111809001898496375489870757705297406250204329094679858718932270475755075698, 1683427135823894785654993254138434580152093609545092045940376086714124324274044014654085676620851, 492953986125248558013838257810313149490245209968714980288031443714890115686764222999717055064509, 70048773361068060773257074705619791938224397526269544533030294499007242937089146507674570192265]

解法和上题一毛一样,变换下数据即可

import gmpy2
from Crypto.Util.number import *

MMI = lambda A, n,s=1,t=0,N=0: (n < 2 and t%N or MMI(n, A%n, t, s-A//n*t, N or n),-1)[n<1] # 逆元计算

s = [699175025435513913222265085178805479192132631113784770123757454808149151697608216361550466652878, 193316257467202036043918706856603526262215679149886976392930192639917920593706895122296071643390, 1624937780477561769577140419364339298985292198464188802403816662221142156714021229977403603922943, 659236391930254891621938248429619132720452597526316230221895367798170380093631947248925278766506, 111407194162820942281872438978366964960570302720229611594374532025973998885554449685055172110829, 1415787594624585063605356859393351333923892058922987749824214311091742328340293435914830175796909, 655057648553921580727111809001898496375489870757705297406250204329094679858718932270475755075698, 1683427135823894785654993254138434580152093609545092045940376086714124324274044014654085676620851, 492953986125248558013838257810313149490245209968714980288031443714890115686764222999717055064509, 70048773361068060773257074705619791938224397526269544533030294499007242937089146507674570192265]
t = []
for i in range(9): # len(out) - 1
    t.append(s[i+1]-s[i])

for i in range(6): # len(t) - 3
    n = gmpy2.gcd(t[i+3] * t[i+1] - t[i+2] * t[i+2],t[i+2] * t[i] - t[i+1] * t[i+1])
    # inv = gmpy2.invert(s[1] - s[0],n) % n # 可恶,这个求逆元竟然报错
    inv = MMI(s[1] - s[0], n) % n
    a = (s[2] - s[1]) * inv % n
    b = (s[1] - a * s[0]) % n
    # inv_a = gmpy2.invert(a,n) 
    inv_a = MMI(a, n)
    seed = (s[0] - b) * inv_a % n
    print(long_to_bytes(seed))
# LitCTF{31fcd7832029a87f6c9f760fcf297b2f}

题七(二元LCG)

题目描述:

from secret import flag

assert flag[:5] == b'cazy{'
assert flag[-1:] == b'}'
flag = flag[5:-1]
assert (len(flag) == 24)


class my_LCG:
    def __init__(self, seed1, seed2):
        self.state = [seed1, seed2]
        self.n = getPrime(64)
        while 1:
            self.a = bytes_to_long(flag[:8])
            self.b = bytes_to_long(flag[8:16])
            self.c = bytes_to_long(flag[16:])
            if self.a < self.n and self.b < self.n and self.c < self.n:
                break

    def next(self):
        new = (self.a * self.state[-1] + self.b * self.state[-2] + self.c) % self.n
        self.state.append(new)
        return new


def main():
    lcg = my_LCG(getRandomInteger(64), getRandomInteger(64))
    print("data = " + str([lcg.next() for _ in range(5)]))
    print("n = " + str(lcg.n))


if __name__ == "__main__":
    main()

# data = [2626199569775466793, 8922951687182166500, 454458498974504742, 7289424376539417914, 8673638837300855396]
# n = 10104483468358610819

解题:
二元LCG就是多了一组生成器,解题思路和一元一样,还是推出相关等式
在这里插入图片描述
代码:

import gmpy2
from Crypto.Util.number import *
data = [2626199569775466793, 8922951687182166500, 454458498974504742, 7289424376539417914, 8673638837300855396]
n = 10104483468358610819

tmp = [0]
for i in range(1,5):
    tmp.append(data[i] - data[i-1])

a = ((tmp[3] * tmp[2] - tmp[4] * tmp[1]) * gmpy2.invert(tmp[2] * tmp[2] - tmp[3] * tmp[1],n)) % n
b = ((tmp[3] - a * tmp[2]) * gmpy2.invert(tmp[1],n)) % n
c = (data[2] - a * data[1] - b * data[0]) % n
print(b'cazy{' + long_to_bytes(a) + long_to_bytes(b) + long_to_bytes(c) + b'}')
# cazy{L1near_Equ4t1on6_1s_34sy}

题八(三元LCG)

题目描述:

from Crypto.Util.number import *
from secret import FLAG
p = getPrime(128)
step = len(FLAG) // 3
xs = [bytes_to_long(FLAG[:step]), bytes_to_long(FLAG[step:2*step]), bytes_to_long(FLAG[2*step:])]
a = getPrime(64)
b = getPrime(64)
c = getPrime(64)
a = 18038175596386287827
b = 15503291946093443851
c = 17270168560153510007
p = 307956849617421078439840909609638388517

for _ in range(10):
    new_state = (a*xs[0] + b*xs[1] + c*xs[2]) % p
    xs = xs[1:] + [new_state]
    #print(xs)
print(xs)
print(a, b, c, p)

解题:
x_{n+3} = (ax_{n} + bx_{n+1} + cx_{n+2}) % p

xs’ = [x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12]
(其中x0,x1,x2分别是flag中的三部分)
xs = [x3,x4,x5,x6,x7,x8,x9,x10,x11,x12] 已知,又
在这里插入图片描述
直接可以求出x2,然后按这样类似求解x1,x0便出来了,最终flag就出来了
持续更新中。。。。。。

参考:https://blog.csdn.net/superprintf/article/details/108964563

https://xie-yuanhao.gitee.io/2022/01/10/Crypto-LCG%E7%BA%BF%E6%80%A7%E5%90%8C%E4%BD%99/

题九(seed>>64)

2023-08-08 记录
题目描述:

from Crypto.Util.number import *
flag = b'Spirit{*****************}'

plaintext = bytes_to_long(flag)
length = plaintext.bit_length()

a = getPrime(length)
b = getPrime(length)
n = getPrime(length)

seed = plaintext

output = []
for i in range(10):
    seed = (seed*a+b)%n
    output.append(seed>>64)
print("a = ",a)
print("b = ",b)
print("n = ",n)
print("output = ",output)
a =  731111971045863129770849213414583830513204814328949766909151
b =  456671883153709362919394459405008275757410555181682705944711
n =  666147691257100304060287710111266554526660232037647662561651
output =  [16985619148410545083429542035273917746612, 32633736473029292963326093326932585135645, 20531875000321097472853248514822638673918, 37524613187648387324374487657224279011, 21531154020699900519763323600774720747179, 1785016578450326289280053428455439687732, 15859114177482712954359285501450873939895, 10077571899928395052806024133320973530689, 30199391683019296398254401666338410561714, 21303634014034358798100587236618579995634]

题目分析:
二元copper
解题代码:

# sage
output =  [16985619148410545083429542035273917746612, 32633736473029292963326093326932585135645, 20531875000321097472853248514822638673918, 37524613187648387324374487657224279011, 21531154020699900519763323600774720747179, 1785016578450326289280053428455439687732, 15859114177482712954359285501450873939895, 10077571899928395052806024133320973530689, 30199391683019296398254401666338410561714, 21303634014034358798100587236618579995634]
a =  731111971045863129770849213414583830513204814328949766909151
b =  456671883153709362919394459405008275757410555181682705944711
n =  666147691257100304060287710111266554526660232037647662561651

PR.<x,y> = PolynomialRing(Zmod(n))
f = ((output[0]<<64)+ x) * a + b - ((output[1]<<64) + y)
roots = small_roots(f,(2^64, 2^64), m=4, d=4)
s1 = (output[0]<<64) + roots[0][0]
m = (s1 - b) * inverse_mod(a, n) % n
print(bytes.fromhex(hex(m)[2:]))
# b'Spirit{King__of__LCG_qWq}'

其中small_roots()单独定义,其中small_roots()中的m和d类似于一元coppersmith里的beta和epsilon,控制格的参数

import itertools
def small_roots(f, bounds, m=1, d=None):
    if not d:
        d = f.degree()
    R = f.base_ring()
    N = R.cardinality()
    f /= f.coefficients().pop(0)
    f = f.change_ring(ZZ)
    G = Sequence([], f.parent())
    for i in range(m+1):
        base = N^(m-i) * f^i
        for shifts in itertools.product(range(d), repeat=f.nvariables()):
            g = base * prod(map(power, f.variables(), shifts))
            G.append(g)
    B, monomials = G.coefficient_matrix()
    monomials = vector(monomials)
    factors = [monomial(*bounds) for monomial in monomials]
    for i, factor in enumerate(factors):
        B.rescale_col(i, factor)
    B = B.dense_matrix().LLL()
    B = B.change_ring(QQ)
    for i, factor in enumerate(factors):
        B.rescale_col(i, 1/factor)
    H = Sequence([], f.parent().change_ring(QQ))
    for h in filter(None, B*monomials):
        H.append(h)
        I = H.ideal()
        if I.dimension() == -1:
            H.pop()
        elif I.dimension() == 0:
            roots = []
            for root in I.variety(ring=ZZ):
                root = tuple(R(root[var]) for var in f.variables())
                roots.append(root)
            return roots
    return []

两串代码结合一下便能出结果

Emmaaaaaaaaaa
关注
  • 6
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
LCA练习题
卡西莫多
11-11 1135
poj1330题意:求祖先,解释了啥是LCA。 想法:模板。#include<cstdio> #include<algorithm> #include<cstring> #include<vector> using namespace std; #define M 100009 int f[M],in[M],ancestor[M]; vector<int> tree[M],query[M]; in
CTF-Crypto 出题思路与解题思路
Jang2023的博客
06-30 3553
ctf 夺旗赛解题思路 crypto密码学
ctf之lcg算法
热门推荐
superprintf的博客
10-08 1万+
线性同余方法(LCG)是一种产生伪随机数的方法。 线性同余法最重要的是定义了三个整数,乘数 a、增量 b和模数 m,其中a,b,m是产生器设定的常数。 为了方便理解,我打个比方 假设现在有随机数X1=1234,乘数a=2,增量b=3,模数m=1000 那么下一个随机数X2=(2*1234+3)%1000=2471%1000=471 解题用到的公式: Xn=(a-1 (Xn+1 - b))%n a=((Xn+2-Xn+1)(Xn+1-Xn)-1)%n b=(Xn+1 - aXn)%n 好了,然后根据lcg
crypto581-easywork(网鼎杯2022)
耐酸碱高温固化材料近距离传输研究
10-16 500
求出a,b,p后问题就变为解决my_func()函数递归时间复杂度的问题。基本的逻辑是已知LCG随机数种子和前6个随机数,要反推参数a,b和p。然后根据sol的算法解出flag。lcg-5这种情况,推演一下设。LCG题,整理一下做法。
[Dragon Knight CTF] crypto/pwn
最新发布
weixin_52640415的博客
05-27 456
LCG求groebner基 DES弱密钥 共模攻击 模p下4阶矩阵的阶 移栈 fork爆破canary sigreturn的SROP chmod+open+read+write
2023 金砖ctf 密码wp
2202_75413341的博客
11-24 799
重点在于这个,hint = powmod(2023 * q + 231103, p, n)分析题目显然的第一段flag使用了lcg加密,套个模板脚本即可解密。由于p和q都是512为所以遍历一下即可的q,r自然就可以求出。题目的核心在于将这些式子联立,最终与n进行gcd 求出p。所以可得gcd((a-(c-e)^e),n)=p。所以得gcd(h-(231103)^n,n)=q。由于p已经求出 可得q=k*p+(c-e)%p。最后即可正常的求出rsa解密即可。因为模n和模p一定是同余的。(从别的师傅那问的)
NewStarCTF公开赛week4密码学前两道题的wp
Altering_Ji的博客
12-23 787
因为week4也只能看明白前两道题,所以整理两道题的wp,涉及LCG和在Python中调用扩展欧几里得函数gcdext帮助解题。
流密码:线性同余生成器 LCG
m0_62506844的博客
07-27 1588
在介绍流密码之前,我们先引入OTP(One-timePassword,一次性密码)这样一个概念。所谓一次性密码,是一次加密使用一次密钥,这次加密过程中使用的密钥不能在下一次加密中继续使用,密钥是一次性的,使用一次当即作废。例如我们想加密abcdefg这串字符。想要加密所有明文,就要用与明文等长的密钥来加密。比如利用密钥1234567加密,1代表在字母表的顺序向后移动一位,2代表移动2位,等等,和凯撒的原理相同,只不过这里使用了多个密钥。...
lcg.rar_lcg
09-21
线性同余发生器(Linear Congruential Generator,简称LCG)是一种常见的伪随机数生成算法,广泛应用于各种计算和模拟任务中,包括MATLAB编程环境。在MATLAB中实现LCG,我们可以根据其数学原理编写函数,以便生成一...
LCG.rar_C Builder_lcg
09-20
LCG(Linear Congruential Generator)线性同余发生器是一种常见的伪随机数生成算法,广泛应用于各种领域,包括计算机图形学、统计模拟和游戏开发等。C++ Builder是一款集成开发环境,它提供了丰富的工具和库,使得...
zgen-lcg
03-11
《深入理解Rust编程语言:以zgen-lcg为例》 在编程领域,Rust语言以其卓越的安全性、性能和并发能力受到了广泛的关注。本文将深入探讨Rust语言,并以"zgen-lcg"项目为例,揭示其在实际应用中的核心概念和技术。 ...
php lcg_value与mt_rand生成0~1随机小数的效果对比分析
10-20
但相较于lcg_value(),mt_rand()生成随机数的过程涉及到对两个函数的调用和计算,因而执行时间会长一些,大约慢lcg_value()三倍。 在执行时间对比中,作者进行了一个实验,执行10万次两种方法生成随机数的操作,并...
LCG.rar_LCG随机数_M?n_lcg 线性随
09-14
线性同余产生随机数,线性同余方法(LCG)是个产生伪随机数的方法。它是根据递归公式:N_{j+1} \equiv (A \times N_j + B ) \pmod{M} 其中A,B,M是产生器设定的常数
crypto-babyLCG(NPUCTF2020)
耐酸碱高温固化材料近距离传输研究
11-30 1347
显然如果要解密出flag明文那必须要反推出最初的seed参数,将后面产生的随机数全部复原。的原因是为了保持向量各个数值bit位保持一致(关于格密码基础概念推荐这篇。因为前20个随机数的高位是已知的,接下来思路是针对这个式子做变形。其中A,B均可通过a,b,h推出。现在将以上关系式写成矩阵形式。由于h均为已知,那么现在找到低位l递推的关系式,又因为。近期研究格密码过程中遇到的一个很好的题目,录一下。则可以推出所有低位l与l1的关系式,简写为。构造lattice,最后一项取2。将s拆分为高位h和低位l变为。
lcg随机数破解
weixin_44159598的博客
11-08 4970
题目链接 根据线性同余生成器lcg可得:lcg=(a*x+c)%m 根据题目,当输入数字时,可以得到多个连续随机数,根据伪随机数生成的机制,可以了解到,随机数的生成只要知道随机数种子就可以破解 类推到线性同余方程组,也就是说当知道a,c,m时即可知道随机数的整个序列 例如:假设我们知道lcg0,那么lcg1=(alcg0+c)%m,同理lcg2=(alcg1+c)%m 此时我们随意提交多次,可以从中得到连续的随机数,类比于lcg0,lcg1,lcg2的关系 lcg0=32081 lcg1=2381
[第一届 帕鲁杯 CTF挑战赛 2024] Crypto/PWN/Reverse
weixin_52640415的博客
04-22 1909
最大不可能K=mp+nq=phi-1 LCG样式a=2,b=0,有限域一元二次多项式求解 HGCD p|q,p&q分解n
A立方CTF部分wp
weixin_45883223的博客
01-10 975
A立方CTF部分wpeasycpt1cpt2cpt3cpt4cpt5 easy 修复zip头部,stegdetect,发现是jphide,key是另一个文件里的md5在线网站解密 cpt1 把key用base64解密,再维吉尼亚,再base32 cpt2 from Crypto.Util.number import * import gmpy2 msg1 = '**********************************' msg2 = '*****************************
LCG(流密码)
Tinyyy1的博客
11-21 297
下面是公式证明:其实公式证明挺复杂的可以最后看,先看看例题也不错哦公式1:模逆运算用到扩展欧几里得算法MMI = lambda A, n,s=1,t=0,N=0: (n < 2 and t%N or MMI(n, A%n, t, s-A//n*t, N or n),-1)[n
LCG入门
刘十三t的博客
09-14 2834
这里,讲一下我的做法。前面已经说过,本题进行了两轮加密,所给输出是间隔的。这里还定义了三个整数:a乘数、b增量、m模数,是产生器设定的常数。LCG属于PRNG(伪随机数生成器)和stream cipher(流密码)的一种,是一种产生伪随机数的方法。1、m是随机序列的模数,必须一个大于0的正整数。一般是一个比较大的素数或者是2的幂,以便提供较长的周期长度。LCG的性质与参数的选择密切相关,不同的参数可能导致不同的随机序列。3、b是增量,也必须是一个与m互素的正整数。2、a是乘数,必须是一个与m互素的正整数。
LCG python
09-19
引用和引用[2]提供了关于LCG(线性同余发生器)算法的Python实现。LCG是一种伪随机数生成器算法,通过使用乘法、增量和取模等操作来生成一系列的随机数。在这些实现中,乘数、增量和模数是算法的关键参数,种子是初始状态值。每次调用next()方法,根据当前的状态值计算下一个随机数并更新状态值。这些实现都是循环的,所以可以无限地生成随机数序列。 在引用的实现中,LCG类的实例化需要传入乘数、增量、模数和种子。next_number()方法根据乘数、增量和模数计算下一个随机数并更新种子的值。 在引用的实现中,LCG类的实例化只需要传入种子。next()方法根据乘数、增量和模数计算下一个随机数并更新状态值。 所以LCG算法的Python实现需要提供乘数、增量、模数和种子作为输入参数,并且可以通过调用相应的方法来生成随机数序列。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值