简单的有限域运算与欧几里得算法

最新推荐文章于 2022-11-28 14:37:50 发布

RayLee23333

最新推荐文章于 2022-11-28 14:37:50 发布

阅读量1.1k

点赞数

分类专栏： crypto

本文链接：https://blog.csdn.net/qq_33458986/article/details/102961445

版权

本文介绍了上海CTF比赛中一道涉及有限域的题目，解析了解题过程，强调了有限域上的多项式运算和欧几里得算法的重要性。通过举例说明了欧几里得算法在找寻最大公约数和计算乘法逆中的应用，展示了如何利用这些理论解决实际问题。

摘要由CSDN通过智能技术生成

上海CTF的一道关于有限域的题目

import os
load("secret.sage")
def genstr(n):
	return os.urandom(n)

def encrypt(msg, base, key):
	key_1, key_2 = key
	m = bin(int(msg.encode('hex'), 16))[2  :]
	key1 = bin(key_1)[2:]
	key2 = bin(key_2)[2:]

	assert len(m) <= 256  
	f1, ii = 0  ,0  
	for cc in m[::-1]:
		f1 += int(cc) * x**ii
		ii +=1   
	key_1 = 0
	ii = 0
	for cc in key1[::-1]:
		key_1 += int(cc) * x**ii
		ii +=1   
	key_2 = 0
	ii = 0
	for cc in key2[::-1]:
		key_2 += int(cc) * x**ii
		ii +=1   

	assert(key_1<base)
	assert(f1<base)
	assert(key_2<base)
	h = (key_1 * f1 + key_2 ) % base
	tmp = h.exponents()
	enc = ''
	for i in range(256):
		if i in tmp:
			enc += '1'
		else:
			enc += '0'
	enc = hex(int(enc[::-1],2)).lstrip('0x').rstrip('L').zfill(64)
	return enc

#P=PolynomialRing(GF(2),'x')
F.<x> = GF(2)[]
pol = x**255+ x**143+ x**47 + x**3 + 1  

r1 = genstr(30)
r2 = genstr(30)
FF = GF(2**256)

c1 = encrypt(r1, pol, key)
c2 = encrypt(r2, pol, key)
print r1.encode("hex")
print r2.encode("hex")
print c1
print c2
assert(len(flag)==60)
msg = (flag[:30],flag[30:])
print encrypt(msg[0], pol, key)
print encrypt(msg[1], pol, key)

解题脚本

P = PolynomialRing(GF(2),'x')
T.<x> = GF(2)[]
pol = x**255 + x**143 + x**47 + x**3 +1
F=GF(2**256)
r1 = 0x8eeb27d8c2776920bd4672bbcee6d1ebf357c81419e2c3e2073a1e241dbd
r2 = 0x8e4188999c007557e481d4dfcf51a8bb92a752ebac7015967f1133387c7c
c1 = 0x237b20405cf83f261749fba5507ed14cb566e3722a93308c7752297d92a8338c
c2 = 0x1f8fe9b5e32500c3d306924938d1f443b3718ec410c380944503311ff932f528
c3 = 0x1a99ff13954d42e6a21af67aa58e2df8b7bec68f499edf992c95b25326ed768c
c4 = 0x1e63622141285872093eda8da6c7a94ad7c50e695fdc6ed9bd8adaf4c6c40b14
r1 = P(F.fetch_int(r1))#turn r1 into poly type
r2 = P(F.fetch_int(r2))
c1 = P(F.fetch_int(c1))
c2 = P(F.fetch_int(c2))
c3 = P(F.fetch_int(c3))
c4 = P(F.fetch_int(c4))
k1 = (c1 - c2) * inverse_mod(r1 - r2,pol)
R = GF(2**256)
print R(k1).integer_representation()
k2 = c1 - k1 * r1
m3 = (c3 - k2) * inverse_mod(k1,pol) % pol
m4 = (c4 - k2) * inverse_mod(k1,pol) % pol
print m3
print m4
m3 = R(m3).integer_representation()
m4 = R(m4).integer_representation()
print hex(m3)[2:-1].decode("hex")
print hex(m4)[2:-1].decode("hex")

运行结果：

Good!This_is_flag:flag{724240c9-56cd-4cab-b0c3-96b3196eb021}

尝试一下sage中的有限域运算

sage: m3 = inverse_mod(k1,pol)
x^254 + x^248 + x^245 + x^243 + x^240 + x^237 + x^236 + x^235 + x^234 + x^230 + x^229 + x^228 + x^227 + x^226 + x^225 + x^224 + x^223 + x^220 + x^219 + x^218 + x^214 + x^213 + x^211 + x^210 + x^209 + x^207 + x^206 + x^205 + x^203 + x^199 + x^196 + x^193 + x^189 + x^188 + x^185 + x^184 + x^179 + x^177 + x^176 + x^175 + x^174 + x^173 + x^172 + x^170 + x^167 + x^166 + x^165 + x^164 + x^162 + x^161 + x^157 + x^156 + x^154 + x^153 + x^152 + x^150 + x^149 + x^147 + x^143 + x^142 + x^141 + x^140 + x^138 + x^137 + x^136 + x^135 + x^131 + x^128 + x^125 + x^124 + x^123 + x^120 + x^118 + x^114 + x^111 + x^110 + x^107 + x^106 + x^105 + x^104 + x^103 + x^101 + x^98 + x^97 + x^96 + x^95 + x^94 + x^93 + x^92 + x^91 + x^85 + x^84 + x^82 + x^81 + x^79 + x^77 + x^76 + x^75 + x^74 + x^73 + x^70 + x^65 + x^55 + x^54 + x^53 + x^52 + x^51 + x^50 + x^47 + x^46 + x^41 + x^39 + x^37 + x^36 + x^30 + x^29 + x^27 + x^25 + x^24 + x^23 + x^20 + x^19 + x^18 + x^16 + x^14 + x^12 + x^9 + x^7 + x^6 + x^4 + x^3 + x + 1 
sage: k1
x^503 + x^502 + x^498 + x^497 + x^495 + x^493 + x^492 + x^489 + x^488 + x^487 + x^485 + x^484 + x^482 + x^481 + x^480 + x^479 + x^478 + x^476 + x^475 + x^474 + x^472 + x^469 + x^468 + x^467 + x^464 + x^463 + x^462 + x^460 + x^459 + x^458 + x^456 + x^454 + x^450 + x^447 + x^446 + x^444 + x^443 + x^440 + x^439 + x^435 + x^434 + x^432 + x^431 + x^429 + x^428 + x^426 + x^424 + x^422 + x^420 + x^418 + x^417 + x^416 + x^412 + x^411 + x^406 + x^403 + x^402 + x^401 + x^400 + x^399 + x^397 + x^396 + x^395 + x^394 + x^392 + x^390 + x^388 + x^387 + x^384 + x^383 + x^382 + x^381 + x^380 + x^379 + x^377 + x^374 + x^370 + x^368 + x^366 + x^365 + x^364 + x^362 + x^358 + x^355 + x^353 + x^351 + x^350 + x^348 + x^347 + x^346 + x^345 + x^343 + x^342 + x^340 + x^339 + x^336 + x^333 + x^331 + x^329 + x^328 + x^327 + x^324 + x^323 + x^321 + x^319 + x^318 + x^315 + x^314 + x^313 + x^312 + x^311 + x^306 + x^303 + x^302 + x^301 + x^299 + x^298 + x^297 + x^295 + x^294 + x^293 + x^292 + x^288 + x^287 + x^285 + x^282 + x^281 + x^280 + x^279 + x^278 + x^277 + x^275 + x^273 + x^271 + x^269 + x^267 + x^266 + x^