RSA-PUBLICEXPONENT目录
1. Salty
这道题的题目就是大大的提示
解题重点在于 e = 1
具体原理讲解在下面链接里,(建议)简单阅读一下:
解题思路:
因为已知N是非常大的数字,所以我们能够得出结论m一定小于N 既 c = m
from Crypto.Util.number import *
n=110581795715958566206600392161360212579669637391437097703685154237017351570464767725324182051199901920318211290404777259728923614917211291562555864753005179326101890427669819834642007924406862482343614488768256951616086287044725034412802176312273081322195866046098595306261781788276570920467840172004530873767
e = 1
ct = 44981230718212183604274785925793145442655465025264554046028251311164494127485
print(long_to_bytes(ct))
#crypto{saltstack_fell_for_*****}
2. Modulus Inutilis
这道题的解题重点在于 e = 3
解题思路:
单纯的立方根会导致失去一部分的m,所以先提高精准度
下面是关于gmpy.get_context().precision具体讲解:
https://gmpy2.readthedocs.io/en/latest/mpfr.html
from Crypto.Util.number import *
from gmpy2 import *
n=17258212916191948536348548470938004244269544560039009244721959293554822498047075403658429865201816363311805874117705688359853941515579440852166618074161313773416434156467811969628473425365608002907061241714688204565170146117869742910273064909154666642642308154422770994836108669814632309362483307560217924183202838588431342622551598499747369771295105890359290073146330677383341121242366368309126850094371525078749496850520075015636716490087482193603562501577348571256210991732071282478547626856068209192987351212490642903450263288650415552403935705444809043563866466823492258216747445926536608548665086042098252335883
e = 3
ct=243251053617903760309941844835411292373350655973075480264001352919865180151222189820473358411037759381328642957324889519192337152355302808400638052620580409813222660643570085177957
ctx=get_context()
ctx.precision = 3000 #提高精准度
m = cbrt(ct) #求出cube root
print(long_to_bytes(m))
#crypto{****_m04R_p4dd1ng}
3. Everything is Big
这道题的解题重点在于e的值非常大,自然d的值就非常小了
解题思路:利用 Wiener's Attack
from __future__ import print_function
import libnum
def continued_fractions_expansion(numerator,denominator):#(e,N)
result=[]
divident = numerator % denominator
quotient = numerator //denominator
result.append(quotient)
while divident != 0:
numerator = numerator - quotient * denominator
tmp = denominator
denominator = numerator
numerator = tmp
divident = numerator % denominator
quotient = numerator //denominator
result.append(quotient)
return result
def convergents(expansion):
convergents=[(expansion[0], 1)]
for i in range(1, len(expansion)):
numerat