RSA破解作业

最新推荐文章于 2024-04-12 17:16:38 发布

jaymegs

最新推荐文章于 2024-04-12 17:16:38 发布

阅读量479

点赞数 1

分类专栏： RSA 文章标签： rsa 破解密码学

本文链接：https://blog.csdn.net/jaymegs/article/details/78499164

版权

RSA 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

Alice decides to use RSA with the public key N = 1889570071. In order to guard against transmission errors, Alice has Bob encrypt his message twice, once using the encryption exponent e1 = 1021763679 and once using the encryption exponent e2 = 519424709. Eve intercepts the two encrypted messages
c1 = 1244183534 and c2 = 732959706. Assuming that Eve also knows N and the two encryption exponents e1 and e2. Please help Eve recover Bob’s plaintext without finding a factorization of N.

选做，交电子版，写成md文档，交链接。提示：简单题，不同于共用模数攻击。

易得：

$gcd(e_1,e_2)=1$

则存在一对正反整数s1、s2使得：

$e_1*s_1+e_2*s_2=1$

由egcd可求出s1、s2:

def egcd(a, b):
    if a == 0:
        return (b, 0, 1)
    else:
        g, y, x = egcd(b % a, a)
        return (g, x - (b // a) * y, y)

$s_1=252426389$
$s_2=-496549570$

公式变换：

$c 1 = m e 1 m o d N$ $c_1=m^{e_1}modN$ $c 2 = m e 2 m o d N$ $c_2=m^{e_2}modN$ $c s 1 1 * c s 2 2 = (m e 1 m o d N) s 1 * (m e 2 m o d N) s 2$ $c_1^{s_1}*c_2^{s_2}=(m^{e_1}modN)^{s_1}*(m^{e_2}modN)^{s_2}$ $(c s 1 1 * c s 2 2) m o d N = ((m e 1 m o d N) s 1 * (m e 2 m o d N) s 2) m o d N$ $(c_1^{s_1}*c_2^{s_2})modN=((m^{e_1}modN)^{s_1}*(m^{e_2}modN)^{s_2})modN$ $(c s 1 1 * c s 2 2) m o d N = ((m e 1) s 1 * (m e 2) s 2) m o d N$ $(c_1^{s_1}*c_2^{s_2})modN=((m^{e_1})^{s_1}*(m^{e_2})^{s_2})modN$ $(c s 1 1 * c s 2 2) m o d N = (m e 1 * s 1 + e 2 * s 2) m o d N$ $(c_1^{s_1}*c_2^{s_2})modN=(m^{e_1*s_1+e_2*s_2})modN$

由前面的 $e_1*s_1+e_2*s_2=1$ 得：

$(c s 1 1 * c s 2 2) m o d N = (m 1) m o d N$ $(c_1^{s_1}*c_2^{s_2})modN=(m^1)modN$

由RSA的解密公式可得 $m<N$ ,所以

$(c s 1 1 * c s 2 2) m o d N = m$ $(c_1^{s_1}*c_2^{s_2})modN=m$

最后就用快速幂取模算法求解： $(c_1^{s_1}*c_2^{s_2})modN$

def fastExpMod(b, e, m):
    result = 1
    while e != 0:
        if (e&1) == 1:
            result = (result * b) % m
        e >>= 1
        b = (b*b) % m
    return result