lattice入门学习

已于 2024-03-03 11:51:11 修改
阅读量2k 收藏 18
点赞数 9
文章标签: 学习
于 2023-04-05 14:07:48 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_41626232/article/details/129964038
版权

起初是想做一下去年红明谷的SM2

然后在安全客上看了一篇文章,学习到了HNP,突然感觉摸到了格的门槛

\left\{\begin{array}{lll} A_1\times x+B_1=k_1\ mod \ p\\ \ \ \ \ \ \ \ \vdots\\ A_i\times x+B_i=k_i\ mod \ p \end{array}\right.

有这样的一些等式,然后A,B已知,k的bit位数要小于p的bit位数,等式数量足够的情况下,少6bit位数可以求解k

具体构造如下矩阵

M=\begin{pmatrix} p & & & &\\ & \ddots & & &\\ & & p & &\\ A_1 &\cdots &A_i & Z&\\ B_1 & \cdots &B_i & & K \end{pmatrix}

其中K为ki同bit位数的数(bit_length(ki)=250   K=2^250)

Z为需要自己构造的数

\begin{pmatrix} l_1 &\cdots&l_i&x&1 \end{pmatrix}\times M=\begin{pmatrix} k_1&\cdots&k_i&Z*x&K \end{pmatrix}

要尽可能的满足Z*x的bit位数与K一致

MTCTF2022 strange_rsa3

这个是我初学打美团的CTF遇见的,一直不会,突然懂了一点格,又回头去看一看,没想到一下就知道怎么做了

from Crypto.Util.number import *
from secret import flag3


qBits = 2048
pBits = 512
num = 2
q = getPrime(qBits)
p = [getPrime(pBits) for _ in range(num)]
r = [getRandomRange(1, 2**(pBits * 2))]

a = getRandomRange(1, 2**pBits)
b = getRandomRange(1, 2**pBits)
gift = (p[0] * a - p[1]) * inverse(b, p[0] * p[1]**2) % (p[0] * p[1]**2)
r.append(a * r[0] % p[1]**2)

n = [p[i] * q + r[i] for i in range(num)]
e = 0x10001
c = pow(bytes_to_long(flag3), e, q)

output = open('output.txt', 'w')
output.write('n = ' + str(n) + '\n')
output.write('c = ' + str(c) + '\n')
output.write('gift = ' + str(gift) + '\n')

简单叙述一下题目

\noindent \\ p0\ p1 \ \ 512bits\\ q \ \ 2048bits \\ a \ b \ \ 512bits\\ r0 \ r1 \ \ 1024bits\\ n0=p0\times q + r0\\ n1=p1\times q + r1\\ gift\times b =a\times p0 - p1 \ mod \ p0*p1^2

这里给了n0,n1。第一步是连分数求出来p0,p1。

\frac{n0}{n1}=\frac{p0*q+r0}{p1*q+r1}=\frac{p0+\frac{r0}{q}}{p1+\frac{r1}{q}}\approx \frac{p0}{p1}

然后就是通过gift的那个式子构造格子求解出a,b。先变化一下成文章开头的那种形式

a\times p0\times gift^{-1}-p1\times gift^{-1}=b \ mod \ p0p1^2

a,b未知,然后a,b的bit位数远小于mod=p0p1^2.构造格子

\noindent \\ M=\begin{pmatrix} mod & &\\ A & 1 & \\ B & & K \end{pmatrix}\\ \\ A=p0*gift^{-1}\\ B=p1*gift^{-1}\\mod=p0*p1^2\\ \\K=2^{512}

\begin{pmatrix} k & a & -1 \end{pmatrix}\times M = \begin{pmatrix}k*p+A*a-B & a & -K\end{pmatrix}=\begin{pmatrix}b & a & -K \end{pmatrix}

在一个p0*p1^2 (1536bits) 的格上 有一个 512bits的向量 ,用LLL很容易求出来。

求出a,b之后就是简单的等式变换求出r0,得到q,然后rsa解密

\noindent\\ a*r0=r1 \ mod\ p1^2\Rightarrow a*p0*r0 = r1*p0 \ mod \ p0*p1^2\\ p1*n0=p0*p1*q+r0*p1\\p0*n1=p0*p1*q+r1*p0\\ p0*n1-p1*n0=r1*p0-r0*p1\\ a*r0*p0-r0*p1\equiv r0*(a*p0-p1) \ mod \ p0*p1^2 \\ r0=(a*p0-p1)^{-1}*(p0*n1-p1*n0)=gift^{-1}*b^{-1}*(p0*n1-p1*n0)

from Crypto.Util.number import *
n = [334024028297795358428409534536782438908850190596668304865805437854374647984162763213581202801755428896203566172506219587266859416880045688129543855047675462354257676254231028533265496444966553195988075269677126779791155950793986187076641998741755872346979307739639779735262978907659727511419480461209503641512912873117056664008629779726881137366723127568036608925132936367006658464077463797854166622020483102972486974655232026096153672010479488999300909745157075526157596970246521452157940857495163175605553461432715056788388724755538433445976849818771932805940067427962262593386608298455471107791678224956504101174392785507134071131842103995133811964997751791768061100121699973057595724142612170517768245173187399850847945628945800042668385798893530527806229363060713249, 270672332309468804376393577492871858269490099887383011988714622534037610808764741901954257217313289938393835900354736668003700671505047142365053976908516056996483106174902631762442253779775073373220342445779447626486345253598470015470094856727845150372622299396840670432953284676150980428391739322739397783248924710490946083987879121564403742528241040454099534823772379455574658130173290640751198753015984316400694738114541263533626932367096040344071742474883684682734122111076840572805111010694147825191233741720325878397443178835435703420465683485344417909319591496135706730327376897531024858122747777315158814568580929655522627811650949169204543250919027738723235091257934106114809110289433115714333069841583284243937630033653684708127947780848521445941847102881070046]
p = [10946837640113493291358837873345799060524211396318128031616119937230375611461398026242887066008841733944238658233988256373284494642790134423412452126096931,8870637512403646759604184989075036324872077413980854140857074514347730644595095752344958376649371893483720976713973475270507678333288479309954238685161531]
c = 24426016715355498456650532748209528249200902516644306644652290745346403378221744208791754411669322694597831272399935610924080672864361088045894354412944203199767471898920740773322967470374385635042086816010876203117884874681450622109443867183037282062248951073356702181165103759051513426785435705002047708435055880616309144483691648077981524802908185706596363674820857151388761087408514551645305031742705266691826719380663571699663832536944531865183586885154128228789310222929701360939023228059118720311899056620389378996862413971733056546988166759451010742768802840638380019172710929867945108511664271273569394689619
gift = 173299379625576798749821685155193435290573235640007530711924098468561852299646118206367598564087551037396665586630782838190274697684611102346492601699992667822233634078800006099513099432664305226448819277556828816420517850404262393535832488384876680039695417291460237594174659357055221582914415278609167623124281569332881993050546046852564902573985929794261636296569394448935231131668411811662581097119330330246497311885207256858435515769776396794250803110128999


mod=(p[0] * p[1]**2)
A=p[0]*inverse(gift,mod) %mod
B=p[1]*inverse(gift,mod)

M=[[mod,0,0],[A,1,0],[B,0,2**512]]
M=Matrix(M)
M.LLL()
#手动取a,b


b = 9864245136392130046455737513510508070496025625897918994462477425135301427183420481191209852444833597428299605829396903107753368813219485870517193682708546
a = 11022212982424652632647405376934304592755205611710996956605750639057526541029596360155260174701488414125581957719469209021506720182948113423105539872264354                                                                              
r=((p[0] * n[1] - n[0] * p[1]) * inverse(b, p[0] * p[1] ** 2) * inverse(gift, p[0] * p[1] ** 2)) % (p[0] * p[1] ** 2)

assert gcd(n[0]-ZZ(r),p[0])==p[0]
q=(n[0]-ZZ(r))//p[0]
e=0x10001
d=inverse(e,ZZ(q)-1)
long_to_bytes(ZZ(pow(c,d,q)))

No Random, No Bias

这题也是初学遇见的,一直放着没解出来,然后用格就好了

但是是CryptoHack上的,就不具体说怎么解了,反正用这上面的方法。

红明谷CTF 2022 sm2

from Crypto.Util.number import long_to_bytes
from Crypto.Util.Padding import pad
from Crypto.Cipher import AES
from random import getrandbits
import hashlib
import base64

flag = b"flag{**********REDACTED**********}"

ecc_table = {
    'n': 'FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123',
    'p': 'FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF',
    'g': '32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7'
         'bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0',
    'a': 'FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC',
    'b': '28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93',
}


class TSM2(object):
    def __init__(self, sk):
        self.ecc_table = ecc_table
        self.n = int(ecc_table['n'], 16)
        self.para_len = len(ecc_table['n'])
        self.ecc_a3 = (int(ecc_table['a'], base=16) +
                       3) % int(ecc_table['p'], base=16)

        self.sk = sk
        self.pk = self._kg(self.sk, ecc_table['g'])

    def sign(self, data, K):
        e = data
        d = self.sk
        k = K

        P1 = self._kg(k, self.ecc_table['g'])
        x = int(P1[0:self.para_len], 16)
        R = ((e + x) % int(self.ecc_table['n'], base=16))
        if R == 0 or R + k == int(self.ecc_table['n'], base=16):
            return None
        d_1 = pow(
            d+1, int(self.ecc_table['n'], base=16) - 2, int(self.ecc_table['n'], base=16))
        S = (d_1*(k + R) - R) % int(self.ecc_table['n'], base=16)
        if S == 0:
            return None
        else:
            return '%064x%064x' % (R, S)

    def verify(self, Sign, data):
        r = int(Sign[0:self.para_len], 16)
        s = int(Sign[self.para_len:2 * self.para_len], 16)
        e = int(data.hex(), 16)
        t = (r + s) % self.n
        if t == 0:
            return 0

        P1 = self._kg(s, self.ecc_table['g'])
        P2 = self._kg(t, self.pk)

        if P1 == P2:
            P1 = '%s%s' % (P1, 1)
            P1 = self._double_point(P1)
        else:
            P1 = '%s%s' % (P1, 1)
            P1 = self._add_point(P1, P2)
            P1 = self._convert_jacb_to_nor(P1)

        x = int(P1[0:self.para_len], 16)
        return r == ((e + x) % self.n)

    def _kg(self, k, Point):
        if (k % self.n) == 0:
            return '0' * 128
        Point = '%s%s' % (Point, '1')
        mask_str = '8'
        for i in range(self.para_len - 1):
            mask_str += '0'
        mask = int(mask_str, 16)
        Temp = Point
        flag = False
        for n in range(self.para_len * 4):
            if flag:
                Temp = self._double_point(Temp)
            if (k & mask) != 0:
                if flag:
                    Temp = self._add_point(Temp, Point)
                else:
                    flag = True
                    Temp = Point
            k = k << 1
        return self._convert_jacb_to_nor(Temp)

    def _double_point(self, Point):
        l = len(Point)
        len_2 = 2 * self.para_len
        if l < self.para_len * 2:
            return None
        else:
            x1 = int(Point[0:self.para_len], 16)
            y1 = int(Point[self.para_len:len_2], 16)
            if l == len_2:
                z1 = 1
            else:
                z1 = int(Point[len_2:], 16)

            T6 = (z1 * z1) % int(self.ecc_table['p'], base=16)
            T2 = (y1 * y1) % int(self.ecc_table['p'], base=16)
            T3 = (x1 + T6) % int(self.ecc_table['p'], base=16)
            T4 = (x1 - T6) % int(self.ecc_table['p'], base=16)
            T1 = (T3 * T4) % int(self.ecc_table['p'], base=16)
            T3 = (y1 * z1) % int(self.ecc_table['p'], base=16)
            T4 = (T2 * 8) % int(self.ecc_table['p'], base=16)
            T5 = (x1 * T4) % int(self.ecc_table['p'], base=16)
            T1 = (T1 * 3) % int(self.ecc_table['p'], base=16)
            T6 = (T6 * T6) % int(self.ecc_table['p'], base=16)
            T6 = (self.ecc_a3 * T6) % int(self.ecc_table['p'], base=16)
            T1 = (T1 + T6) % int(self.ecc_table['p'], base=16)
            z3 = (T3 + T3) % int(self.ecc_table['p'], base=16)
            T3 = (T1 * T1) % int(self.ecc_table['p'], base=16)
            T2 = (T2 * T4) % int(self.ecc_table['p'], base=16)
            x3 = (T3 - T5) % int(self.ecc_table['p'], base=16)

            if (T5 % 2) == 1:
                T4 = (T5 + ((T5 + int(self.ecc_table['p'], base=16)) >> 1) - T3) % int(
                    self.ecc_table['p'], base=16)
            else:
                T4 = (T5 + (T5 >> 1) - T3) % int(self.ecc_table['p'], base=16)

            T1 = (T1 * T4) % int(self.ecc_table['p'], base=16)
            y3 = (T1 - T2) % int(self.ecc_table['p'], base=16)

            form = '%%0%dx' % self.para_len
            form = form * 3
            return form % (x3, y3, z3)

    def _add_point(self, P1, P2):
        if P1 == '0' * 128:
            return '%s%s' % (P2, '1')
        if P2 == '0' * 128:
            return '%s%s' % (P1, '1')
        len_2 = 2 * self.para_len
        l1 = len(P1)
        l2 = len(P2)
        if (l1 < len_2) or (l2 < len_2):
            return None
        else:
            X1 = int(P1[0:self.para_len], 16)
            Y1 = int(P1[self.para_len:len_2], 16)
            if l1 == len_2:
                Z1 = 1
            else:
                Z1 = int(P1[len_2:], 16)
            x2 = int(P2[0:self.para_len], 16)
            y2 = int(P2[self.para_len:len_2], 16)

            T1 = (Z1 * Z1) % int(self.ecc_table['p'], base=16)
            T2 = (y2 * Z1) % int(self.ecc_table['p'], base=16)
            T3 = (x2 * T1) % int(self.ecc_table['p'], base=16)
            T1 = (T1 * T2) % int(self.ecc_table['p'], base=16)
            T2 = (T3 - X1) % int(self.ecc_table['p'], base=16)
            T3 = (T3 + X1) % int(self.ecc_table['p'], base=16)
            T4 = (T2 * T2) % int(self.ecc_table['p'], base=16)
            T1 = (T1 - Y1) % int(self.ecc_table['p'], base=16)
            Z3 = (Z1 * T2) % int(self.ecc_table['p'], base=16)
            T2 = (T2 * T4) % int(self.ecc_table['p'], base=16)
            T3 = (T3 * T4) % int(self.ecc_table['p'], base=16)
            T5 = (T1 * T1) % int(self.ecc_table['p'], base=16)
            T4 = (X1 * T4) % int(self.ecc_table['p'], base=16)
            X3 = (T5 - T3) % int(self.ecc_table['p'], base=16)
            T2 = (Y1 * T2) % int(self.ecc_table['p'], base=16)
            T3 = (T4 - X3) % int(self.ecc_table['p'], base=16)
            T1 = (T1 * T3) % int(self.ecc_table['p'], base=16)
            Y3 = (T1 - T2) % int(self.ecc_table['p'], base=16)

            form = '%%0%dx' % self.para_len
            form = form * 3
            return form % (X3, Y3, Z3)

    def _convert_jacb_to_nor(self, Point):
        len_2 = 2 * self.para_len
        x = int(Point[0:self.para_len], 16)
        y = int(Point[self.para_len:len_2], 16)
        z = int(Point[len_2:], 16)
        z_inv = pow(
            z, int(self.ecc_table['p'], base=16) - 2, int(self.ecc_table['p'], base=16))
        z_invSquar = (z_inv * z_inv) % int(self.ecc_table['p'], base=16)
        z_invQube = (z_invSquar * z_inv) % int(self.ecc_table['p'], base=16)
        x_new = (x * z_invSquar) % int(self.ecc_table['p'], base=16)
        y_new = (y * z_invQube) % int(self.ecc_table['p'], base=16)
        z_new = (z * z_inv) % int(self.ecc_table['p'], base=16)
        if z_new == 1:
            form = '%%0%dx' % self.para_len
            form = form * 2
            return form % (x_new, y_new)
        else:
            return None


sk = getrandbits(250) % int(ecc_table['n'], 16)

key = hashlib.sha256(long_to_bytes(sk)).digest()
cipher = AES.new(key, AES.MODE_ECB)

message = cipher.encrypt(pad(b"Here is your flag: " + flag, 16))

print(base64.b64encode(message).decode())

sm2 = TSM2(sk)

sigs = []

for idx in range(100):
    msg = getrandbits(250) % int(ecc_table['n'], 16)
    k = getrandbits(250) % int(ecc_table['n'], 16)
    sigs.append(sm2.sign(msg, k))

print(sigs)

看着一大团子。其实把椭圆曲线的add和double运算写出来而已,这题就是求私钥sk,通过给的100个签名,具体的sm2签名过程参考文章

这个题

\noindent\\ r_i=msg_i+x_i \ mod \ n\\ s_i=(1+sk)^{-1}*(k_i-sk*r_i) \ mod \ n

突破点是ki和msg是250bits,而r,s的运算是在n 256bits上,相差6bits,而且等式足够多有100个

简单化简成文章开头的形式

\noindent \\ (sk+1)*s_i=k_i-r_i*sk\\ sk*s_i+sk*r_i+s_i=k_i\\ (s_i+r_i)*sk+s_i=k_i

\noindent\\ A_i=s_i+r_i\\ B_i=s_i\\K=2^{250}

M=\begin{pmatrix} n & &&&\\ & \ddots & &&\\ & & n&&\\ A_1&\cdots&A_i&K/n&\\ B_1&\cdots&B_i&&K \end{pmatrix}

\begin{pmatrix} l_1&\cdots&l_i&sk&1 \end{pmatrix}\times M = \begin{pmatrix} k_1&\cdots*k_i&K*sk/n&K&\end{pmatrix}

from Crypto.Util.number import *
sigs = ['0299f768be70f857f72b2f51ff1ea9c6a4150fc327d833f309cc4785e24e02e3da6eb00040d332a485055d5e4e1f100f11b5af7193fa0f563558198234493961', '56d69878a81b614df64df2dcba2ebafbedab1bbda6fc08fd284c513caff0d8c212989c49412bd07c45d28fa08f5d18db620ccb92a044c67dc0791b3b011674cb', '30d04db3ad528f895fb6693a5e04485cf66ebe05cc52af8816716540f19b72f2a2197e783c620a385a16cb8997721499cc4aa768616ca15d2db0f9fca8fd4cdb', '8da002a89caf9202d049992908261b71711b0961755374f3e0e7ce75808804e1f5c2e6cc16e98717af044a07094e48c4f99ddc3fbd980e5dce5bd383cab5933a', 'eb4ad94b8473ebe0f574ca9fd15a9e58feb26fc7b9a009c4659f018506e4c008f1ddb3a18fae3edbc7764e2f9fce69bac710aceff99b23d5d438242d36be9d69', '309bc1d88c74fffada98cc9894686d128498c2442d19d884a2567377aa3cd48fe3d965e3c8aa08b8b76ffd0e767b4c0021616df8dc841558b1a5a0c70bccbead', 'bff192d180050f161d739e73d5cb8885a5e2f14a218242d7fe7c1ac41ab6cb2a0b3beb1382280a08485657b1a0f739e87dad40173f7e2540049cbf1ec0a447e7', 'ab5b182c463193088e05d93d434b6bc85520b786c6d6d1bcb5e64d456611f94beb7851d9b8c9b0ef90c3b998e1513c6300a02e0116eb494bc08afb47a20f452d', '1dabd46bd2d6140d44a30755e704874c680d7c0dcfec873f552ae59e7507e287c5f78dd3a3c06a4cecd793dac7308943d4c8a7c67bcad9b3413429ccbab194d2', 'f963717351045558d74a1a9412a4077216472fd4e8bc9a9ca58bef7d04bdb242e7c01c322250482a2389a2e78b26d0576c1268a5d8075b2a64948629e40a8b4b', '7b5a09b1e6c56b045833bf29d270c4a9bf4b1bfc247bffb2a61593f42d041166c5a930a8859aa4d1974df71eac43b4901bd7850965620fbce4cfc14990e9ec3d', '9633edc09d43d120c14afda218ecc55c8dfe1ba300811179d64b18f8b42eb8864a31252329c2cc3b19a4c0aa617fc14904c10c0f8ec5733c5d495ccf337e00d3', 'f2cfe285bbff01789cd891c3aca036af4fb54fb9a65e76184c6cf5543772725b6c7d7db615457662da09136d8318028f2cb5b47296390d3c4381f9e9f75fb05c', 'cf6780d28db3611cbc7aa9f161f2a709fbbd29983be59ccb97631549ac2a929fe4924a4cd923c2e48db95d7bc4fac45bf537d6f13b3d8348f7b94ecc11c03854', '50323cfc4beda4f2542c9e509bb043ecc6aa8a898915db8e907843bb56a080d8a52929340fb56b5de43f956dd1173120b88c5c8718297d7d633469c5dc0f8ed9', 'b143d8f36fc56cfb0467dd54af9ce8bffdac3bb5b8aa1df7290a7f4ff632f834fb38917b1f02a82f50a9e7663ba8ec26357fded3ea7870bb463ac219b7a04cf9', '8a5450ca4d771dd63e974de33fcaedad6e53f94fb92d251dfba62c7121d27d6294d986325880d46cee0250a4a56558bb2fd7aa619bb0309b4c65b3cf11f6d4aa', '3ae81196d24fc740348dba4e03a5bc45a75d9fe41f52160870631b0ab3a71f9c63aa4cc247e2f285cf4803c564413283694fc3a75a673aa4f54374f1460e7421', 'a409b15c00793d88435bc31f538d318b69f66bb029c13a5ce298ede2db788cfa5dc39473f13417bdde338e509e85781cdfe54168d26a03fb35438b917506c24c', '0d12d48fdbce87d9584c1355f9fc3610db77e8df7514bd80479fa12fc960da39865d745ec49e266ac0ac3a7ce330c7cf406c9d124feefd8cc927e68f64155a0f', '3dd63eb496f64e61ca687c3daf437bc31f0b563b51bd4eded71d6eeb56d25089c4e2b09250984271d7a69540c4b39d70127ea38e3c126c35baa94aae92281a08', '38c9571625b7da8aaef69e21a1d225082e4772a0cf5d3c23f3e783c529adef1469588302e91a8c44511f037b5b3aeffa60dab7ff1b5900ec35431a9f846baa74', 'a8b7adda8626a880394b7c47142558ff113c8d7f7c69dfc562a5ad7a3ffd6692f2d7a4f4ef19404c5a4a1f80817a2f7fd0e6fa277418610ef2d2d6b97346b2e7', 'a86a30d05909d45683c0745102c095459582d8273e7f69d0f42b11511ec53a498ce6a5572698efaf632f4da2435b512ae97908d00052194f89ed1921c5a5e9da', '1c3371ed8aa9f914f71276eee3fd25cbd87780a68ef724ed28842bc83e0d02ef5867c3264563197c27bb1e5ec2ffd634e32b720c4f6d5725300350b8d5cca2d5', 'f064b874158ff296e07f75def08c63884fcca93fa2bc018c607736614bcab3e2f692d9b52ed106b8abf68eb564ba999c5fa094967f10630014f2c583e4db107b', 'e5e37d9857e638cc41af7bf75280108b2f86f64617e21057e246102262b0eebb20307f7f359375761bbd366b7e9c1c9914623f200098e713730b6160d09bd0cb', 'bc18436538ab7bcf1789fcbe58f860c5ee9c779a6ea465531febb6f50b57e71b74d2ea9e664739225c0979e8ff77f189c50f5872f5c5a4c042d21b49f3e995f1', 'b45968deda83d9f42a255d627b53a01c5e665b39d67d7516f4a7ad703be810df3fae0374a1ef30f1da8ac87e5b86694882c1cd14cf69dd56b3689b84160aeb5a', '7aa8380c566d543582b462355dc82deb8812d01513f0c4d779af11bf06b003cad9a0e79316b6fe587cc45d47b1c43ed8924b6e397a4294ec6f8aef3d93403dab', 'e8e27863fbf8bee56c1c6338646445d6167c0dfde67c8f3d9f6fb47a8aebbb5766e7c6357b9ff5a2ea60e66ec87fe39750d19e4479cfce3f6826ff3a0a9cd570', '1e811334bf425f4b43d4a7a72923cda3b0de937bffb79e28b77bf01a3ae71195015144ab4579ba35486d83bb7412da260710349c7219403c66666dedac3c0583', '128433bb842d8cafba6e3d5c46eb3a220100f402da2298198d842742afebad7829cbe85629d3d833581aaa60e8c9431316eab3dd0ed541a766b96ce37b30bc2a', '0b48699327e0aa9918c11eefe095e739468f363e7c5476d0d12d84de8321deeaed2c0fd2e106925b8848935e91ab23e12b70c09239376122e0d36b84b455b2fd', '7ef2e62c79c62cc8ea9389f624c614c7b5a0086b50e7e0fdec5130567af4793ef785bde90fbc6e54f6b5e5ead5c77d05d4c96eaf828a0829412c653257ac6229', '468e2aa659e9b35b97d5bac24f417bab88ffd9a4242cc8692206ac316bed0faca9de2eab82571ff2914afae01212d96215bf2227040385b289fb9ebd140b06da', '4b81db768fc5e8c120ead0153430d75c45df0393f933bf71da457c4c6755ec69e3d0f99e216cf2afc216436877bd1f148d952adb41b28f610579ce5503b17549', '58e9e0f30175ef2b88ea4ee9053a440bbcb7e3d16d94ace741fa719c3815bf176f2ce06e7f6e10f54efac521bfec84af91b4ca1b04c1dcb8e7d03e32ea38596a', '45e85224c9e50d36cf1b9062bf13a7764b11b73b8ae717f246d66c85ca4f0c31088b37a04f83ec3763d3fbb466acdc6ea683f36e9073fdbb22cf319dd58e9024', '927fa98f6a9e9de8173235bed1ff048eeacbe9b3e46bc8885435283d1c61e2a074703f4e8dd1191f5dedc2089738f2af1c89936e44d72ababa7c3a4f9359cd43', '2afe144b238287f4adce58daa21311cd0f0ae26487db8e256678606ab4e4e400a25ce747bb7c416e7eb7f5a97c280da450a69fe32a246846176f4d910de748ba', '6759b6a2cf566d1ebc2748dd318222722c00b2fba287cbb6e1da7d356d65c3d31fa0d9757dcdc1953b515fd6e190ba16180666506b6bf3a438ddc75815a86e57', 'd539f75eb9f7d30dac3987cc959e5c169b33b027f021e29479c8167d982ef36a7557fcf54cf31e6108f2c9df9d507eea90ff4fc49239e80b47c7d7605d6e5534', '25da3affe6289855a864ed7811e147f4bc8520a1f3c62791b0f3059265e9d2bb184522fa7411c532a68febfaaa50cb100b264abb349eec7302849f52cb265e09', '4fcb0ad6726e9035f5cc5c45d5a8830e09e493661f58a520dc2bba46f65052757037b356c410f26289293c7071b4b775fa12b1f2fae0ead76d8ca02123b3808f', '64acde0ca5323a8a259d012b44dc423592573f9401d4648434447103c49a267b73f3a3947decc7d236265bb4391ec4bd94e425d8d5041ce563cebf044b67ba38', 'd725c7c0a04b674beb0b089aa3bc7c97c2044e6304254795c7c61b07c55eaeb7eb6d737047e2b45ae4cd96843448aebeb194c4e834b3c9664fca726be0c5d890', 'bf6210ced2953b98f9b82f58c84f37a4206aedb2a85f52f9ce019b64d8425e63f60e09dbda36a0160fd9d35bbaffa8de04b15e1aea243603068de034ed9d2ea3', 'c9e4647355c337b78edaa909c95c1d619a121afc7c34ec7557a5b09d6b182430db152568b256c7315578bab5cde92278a378f0de495ff857078aabbee3ab3690', 'a869f86697738e6bbdd0748f6bf701d489a32719f89adb4cc7996fc4bb540fd3e1a4e5af001ca81e76a1cea03113778f9f16c3627b8185a2db6c6ffca8a177f4', '29076654d718d92d0a52942c18ca5b9f6891dc1cde7f12fed60ac9d67c5ed1689a9696f6db786f89e9b7a0499f97574365035ee37f8b7d444a2460f7774f00dd', '85c902a3c3e39e6e233ba1699b472b70489a44564cb5987893afdf956350be736d3b0478c5df62e9e0f6397d361ca1ae04d5e3b8557f7ca0c1d1ad3c82b973f4', '826f5436ab916daa63990daa4153aa848ccf90230eecd8b86a1de836656685752e39f8b41561bb07c39c9e40056e92dbb474ef432bf0f1617a460a7a90c51dee', 'd4dba42e273affc76b7d1fff4f91cc37b7a23869bd75583cdb70a3ffdc5c58bcc71c32f591721b59e2358542af0be90f8137e4cbbc042e25b76e7f1380a65812', 'c4edd8ab085d0ee366856a48cb83b09dfada84e99b2d9b2a4f909986bc78cf4abd63e2ae893e0535362b27475f292ece70a6c070bc6a927cd924ad013b311caa', '44c51530b472a040413e18ce80239a240fe3c312c7625b98cbbe74f3aafa1c60f1489b689478b7954c815f8cec382e796b7344cd8f3628ae7b776231cf4f5384', '23c81e80ce0350f7b95075f03d2381a1aea6d13cddf111ea8110891e2e7086ecc69f43e66393b62ed5ee2ad6e74bf0c91239c5bad6044cea2812002ef0b876ea', '4ca1353f26ad12589100ebc5d44801816741a77ebfb19e0f2b9be97407f7ae10e192bb6b9d34914a637cd1fa5c49b362bfeaab697d758e5de3d7e0637c973727', '44bd1dd24b438b95d4085ceba4203b74ecbf0baa6008bce817f4399c3e3d733d7a087ed26a85504cb75adc2656a5822779be0806be2032a56f2ae3cfee9e4aa1', '608737b1aa1574a61351c972b4599a598190e1ef0282330c667805a8587707cc0b26903360472e19b53a60925e67249bc87dc0b907b51a5213685455bc8c3df4', '08e0e133ffbc775f9a8b08e7409fbf9e5fa83dfc0adbefb8408f28f043e6c57dc8128cd0d159f27d24631b3df54f0ed26c177ab908cdeb081fb0503a3bf76a62', 'fa55166ae9de2a6ca9c1cc66097821fa3d277956196c540f6e64aa4d75f887d9610521dcdfd2a2a579edf720353feec8067848a62edcb71d262724175d04929f', '896941de4316b1a784a8519ee4c31fdb63602aa529a1285cf81429c87c79d4d8828c5971194f884db7d675f4f64d42dfbe6c8b8f273e980122757d4ee09e91e9', '8c1d5b553d6457648c5fb390e10f402492336bf1752ab89ea67dc8d20840b0a8f6db5d8fbb18a6e8a56e62b220888720975df86c270c879708923c0ce5fc6fee', '264a9ad4f673b591e24d127be855934b3cc35bce89dbc53e2f068418b0a941b59d62d406ff816c182795f98a1d5f62fb160c7d03eea09a36ce615fae3c898050', 'ad5012241bbf11ec772ad0d00b77b2ed9f6789cf8a67ff3575e5226b0b1c6c6d097e5fa05fd48ab40659b2712c1f721cc80b206d10d6c56a8f0f1281db254552', '42fd2268e0a01f33768f55d10b11410641648a1e627e43d1e7ac5e066446a2f07c5ff22ba0749f150f41dd01cc90230f6fd3bd3e205a826702f68db1f530dadf', '67115049d6fb02b7399e73296d0533865b36adfc481a1e420d4ed384ceda596751bbea39709edcf9718489bab95faa1a21e89c00311d4d5a0d7bc84f514f26ed', 'f341ba3ec6df033dcaf0d3a8778ccbdce9408426fce2e97dfef529514f4f331caf384fb0828c3bd39aa1e379a8af3e39d838b350b7d8605751f34ca4024409f8', 'fa4c46c9a107ac1346ffa3cb8b30a9162bce792665d674400f4383c5f683fb062e3b13afe1382bd655308f1514db83e3e369cdfff72338b97493abebabbfb719', '9101346e190dd0e8f3fff68e9023f55aa657d71710e80380ebfb3bf4a093d3ef44f3097e5983049304b1048233e9b399fe512d2856893ee201ddd030ea8e06a8', '4e9c6150d09367c92a617477cfe98818d39db8e5f32311e9c67d17a5a02c20d1c4d884f98f60aa6be3bdf4dbd6b48dde755cc2098744f79fa5484ecf5520ae7f', '8642c3bc162ac445c8fd7bed403bfe0dd657dbfcb7f979b57580ab96159ce6ff612fa51e08481d89da782e981eedcbfb2522ccfff245726544330194c07a1717', '346afb577fcd8eaee4202ddeb8d7e73610e7c2cfc57e9c6626f61e05eb4361d02939c581f119345ca38710a6535fd12bd0384fec6b3764e760e9a6736660ec6f', '074da8a90f3db7e72072e8c16cbbf43c4231e603fe0a7503891cec6f7aa29b2238bca9008075959297ff406337e3d30c7188f44ab04490bad127979a7b98b088', '3ebac333cfa50b6ed33eeb5f37b46b5e31e2fd4af8ef11de3c9a72370e6abe18feefde25d20942578ccbab553f8fb16d190a5d28b729459b3382c172ebc18ba6', 'd05f26a96fd7f9f1091b460a9a55689263ad3256e0be781e9bd7a99050c16fe3707a7feb7f05331fd013757c63a792ea55374a992e447aa96a9f73428c60be1c', 'b714a57d0ebad5fa792b4a0c83af943b690157fe0780b068e1520bd72025bd1eb62d7852ec937394ea335cd83341481d7522f50b663777ae69786ae29c622c6a', '91f7a98cbad99f6e91014cae50076cab5b8c6a5c58c5858bf2d91102501b43ff31dc73e7723964972371c009bd72f2a795f74a8cb6ae9c50e8970631d0cd2a93', 'fd38b957099419344feb7e371b0aeff55a09ef99fedc17fc41a4ea85e755a5883c947a881d02c29c91e101b3420ab6c81a6ea171984245a142b1d92bf540a8c7', '02d8390a6f7045650dda88d41b0fe79c9b864da60b0df5973d1282a8b6f82a56afce5c44d94bf192b2358f9954e09ac7523c2f65a70249b2e7a7cc02da700f8e', 'a78e05af0126a939666c36a627efae721eee96be180b3794dcd60e4bceb41fa89f2d10dcdbef9382a90cd4383870d360aa3a71da027dd86ecdad5724a094c9e4', 'f020f03ba9f2cf28206223bc62421d72b7fe3c9e81e6b65aba7d760fc517d9bde64a82be98cd6ae48f13fd504008bdcc464a588c97ee17dfd783602ca69fd351', '6001f080a74f916581324eea8809b16b82b65ec6836f8c01238a365d0f640e461d6acf2288dd05c9e5bf6e49edd2ffb52edef2f6018dfea19ab9c8b3f12a06ca', '29894e9432aeb736623a2d753dfe76f89310b301c5ea4e33e0ab2e706ff3daa51c955137299428af402ebbd3e6fc21105234616fefec9703e910686e33eceea4', 'bbc9bbe8f52c4e369cf314019054363186e7ca2f3912b926ff28f00dfb15a95c70fb8a88d82da465f657381056cbef51922eb956804042d5f8709d4cc8e244c6', '88f2adfbdc29c83694619a42fb23e9ed172c48bac2c72f0c966172ff4906ecdac482b11f8757536c64382ce5f210bdc3d49c84bf44348fea50ce3d710a7d9383', '65c544b2d7d7d28ae51611e96c9515cdc11bd4f00d4d96e0273c45af09ad925e7e3a01e5036d1533b59db1ceac1f145ccbe8fcd43c1e027f6aca957e67de0274', 'abd41a53271f5c4c8356a97489a0f4418877d67937f2fdb829b4b71eaf64c72db3a821bb91f270d3e01d2da112d12c9ca3c6d2964635f18d989dfaf6bf8fdeb7', 'c2d11c45906c48e254665d0693d843134c5365e134ba487c8ef3da0584ca566f537092c89993ad4071d3fe17d75a513f95d8be218ccf41226ce0fac1cf3947ac', '05488f64fb8bd8b2b3bcfb99925525aafbae1b1262d3ecc1f4176761b137ee3bbc9769f28a6d13a3181291083fa3b39c0702db5679837be353472301a1f5e318', '95792f73d843ff4ccc62c53da8c58db48f56e22c0f38aa0ac4b0275e3a305a3a812425efd2d6203aa4a35c7732e4712c46ff5d38c933eab5ce286cee4b85538b', 'b39b004b6c12c0635e51487926623f18f0f5c52eaa81df6a8e3b64398ce020ae49c097b164c734aa851c1e4ca1dbaf1e23947dfdae1257522243e720951e8862', '6891720082ff1885fc095767a2114a2322f326ce48af92453ea76d57c99c2aad7d0dcbd9cb80d36007913209d14051947b026acfbeb7ea8078df4f9a576fbfc9', '93351dad07711cf9501e6e565025a6414da57f52260a3fb1f30aa3bbd1d9318b063305c203c68f93b2a6555b574c02a836ced1b5acc765d8047c033446e19616', '9ea4e43207d9f5a10c32608e782687d177107699cf9dfc9faedba09a477c3f6b8bc1677a0b17c70f94c3f9f8a857aa63cfaccb4a2c0ddd9373de7ac0eef6966f', 'b51db0b7a06dd6b1721a0362b89d6ede3613bf03f7bf4efa5444cfe7fec06c7cbc2e848f53eff793785594d302564551d751c70f033b3f9cabd7f795b205f3a5', 'f551370d4659c0f85253c345a8a80ea3e98e41dc61fd5ee9a77982c2586ce5847d76aebff3e0a63c5b5ac9376baf65abbb15f0f5d33b6b0e02ca9fdb2f1d5fcf', '324b9f33d41c2fae485c0150e695832ed4f885f5df8d0beff39a982fb9198175cc3211d06f46f9fed0a39338c9cec971b1f7d0568008823f3ac0b588ec8f17ce', '6d27e580c4f673b24ec4ffe12d8f6c4e15897bdba0628627930b267aa0da0f66e2ae143ae1eef11e246c85b15d0c17b06df77ab9b13ea812514175779721c915']
R=[]
S=[]

n=ZZ('FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123',16)
for i in range(100):
    r, s = int(sigs[i][:64], 16), int(sigs[i][64:], 16)
    R.append(r+s)
    S.append(s)
    
    
RR=RationalField(256)
M=Matrix(RR,102,102)
for i in range(100):
    M[i,i]=n
for i in range(100):
    M[100,i]=R[i]
    M[101,i]=S[i]
M[100,100]=RR(2^250)/RR(n)
M[101,101]=2^250
res=M.LLL()
#print(res[1])
assert gcd(res[1][-2].numerator(),2^250)==2^250
sk=res[1][-2].numerator()/2^250
sk

奇怪的是我一开始没看见sk是250bits,按理说构造的时候把K/n换成1更好一些,但是实际上换了之后求不出来了。

还有就是看别人的wp是CVP解法

无趣的浅
关注
  • 9
    点赞
  • 18
    收藏
    觉得还不错? 一键收藏
  • 3
    评论
Apollo规划模块:lattice算法原理解析
qq_41667348的博客
07-10 4755
Apollo规划模块以预测模块、routing模块、高精地图和定位的结果作为输入,输出一条平稳、舒适、安全的轨迹,下游交给控制模块去执行,由控制器完成对局部轨迹的跟踪控制。 Lattice算法属于规划模块,是一种局部轨迹规划器,输出是一条光滑无碰撞满足车辆运动学约束和速度约束的平稳安全的局部轨迹。输入端主要由三部分组成,感知及障碍物信息、参考线信息及定位信息。(预测模块、routing模块、高精地图和定位的结果)输出是带有位置、速度信息的一系列轨迹点组成的平稳、舒适、安全的轨迹。Lattice规划算法是一
Lattice Cryptography 格密码基础入门01、02 阅读材料
03-14
通过对"格密码基础入门01、02"的学习,我们可以深入了解这一领域的基本原理,为更高级的密码学研究打下坚实基础。同时,掌握格密码学的知识有助于我们应对未来的密码安全挑战,尤其是随着量子计算的发展。
【自动驾驶规划】Lattice Planner
uytguytgf的博客
09-01 5145
Lattice Planner简介 LatticePlanner算法属于一种局部轨迹规划器,输出轨迹将直接输入到控制器,由控制器完成对局部轨迹的跟踪控制。因此,Lattice Planner输出的轨迹是一条光滑无碰撞满足车辆运动学约束和速度约束的平稳安全的局部轨迹。Lattice Planner的输入端主要由三部分组成,感知及障碍物信息、参考线信息及定位信息。局部规划模块的输出是带有速度信息的一系列轨迹点组成的轨迹,其保证了车辆控制器在车辆跟踪控制过程中的平稳性和安全性。 局部规划模块的输出是带有速
Lattice超精简8位CPU设计,源代码和例程
05-25
Lattice超精简8位CPU设计,仅用100个左右LUTS,可在CPLD上运行,可谓超牛的设计,无论是设计还是学习都有极高的参考价值
CTF竞赛介绍以及刷题网址(非常详细)零基础入门到精通,收藏这一篇就够了
最新发布
logic1001的博客
04-30 1385
CTF是一种流行的信息安全竞赛形式,其英文名可直译为“夺得Flag”,也可意译为“夺旗赛”。其大致流程是,参赛团队之间通过进行攻防对抗、程序分析等形式,率先从主办方给出的比赛环境中得到一串具有一定格式的字符串或其他内容,并将其提交给主办方,从而夺得分数。为了方便称呼,我们把这样的内容称之为“Flag”。PWN(溢出):PWN在黑客俚语中代表着攻破,取得权限,在CTF比赛中它代表着溢出类的题目,其中常见类型溢出漏洞有栈溢出、堆溢出。
lattice 参考代码
hoppss
10-16 380
网址参考摘要
lattice
qq_14962179的博客
03-02 2311
lattice 在实际的语音识别系统中,最优路径不一定与实际字序列匹配,我们一般希望能够得到得分最靠前的多条候选路径,即N-best。为了紧凑地保存候选路径,我们一般采用lattice(词图)来保存识别的候选序列。lattice本质上是一个有向无环图。图上的每个节点代表一个词的结束时间点,每条边代表一个可能的词,以及该词发生的声学得分和语言模型得分。 在生成one-best结果时,只需要从最优...
基于Permutohedral Lattice 的Bilateral filter 源码及部分注释【C++】
ShaderJoy 的兴趣技术杂货铺
10-22 4278
基于Permutohedral Lattice 的Bilateral filter 源码及部分注释【来自于网络】 实现基于论文《Fast High-Dimensional Filtering Using the Permutohedral Lattice》 . 1.bilateralPermutohedral 方法: static Mat bilateralPermuto
lattice ddr3 demo
05-10
DDR3是一种广泛应用于计算机和其他电子设备的内存技术,全称为Double Data Rate Third Generation Synchronous ...此外,这个项目还可以作为实际应用的基础,例如在嵌入式系统、数据处理或通信设备中集成DDR3内存功能。
Reciprocal_Lattice_Calculation.zip_lattice
07-15
学习倒格子计算不仅涉及基础数学,还需要深入理解量子力学和固体物理的概念。熟练掌握这一技能,能够帮助科研人员更好地理解和设计新材料,尤其是在纳米技术和量子计算领域。通过运行"Reciprocal_Lattice_...
Lattice Multivariate Data Visualization with R
05-21
1. **Lattice基础**:了解Lattice的基本概念和语法,包括如何创建基本的双变量图,如散点图、直方图和箱线图,以及如何调整图形的各个方面,如颜色、大小和标签。 2. **多变量图形**:探索如何通过Lattice创建多...
LATTICE_synplifyPro_basic_flow.zip_lattice_zip
09-22
总的来说,"LATTICE_synplifyPro_basic_flow.zip"压缩包提供了一个全面的LATTICE FPGA设计入门教程,涵盖了SynplifyPro的基本使用和设计流程,是学习和提升FPGA设计技能的理想资源。通过深入研究和实践,设计师能够...
Apollo6.0代码Lattice算法详解——Part4:计算障碍物ST/SL图
weixin_44558122的博客
05-12 6352
Apollo6.0代码Lattice算法详解——Part4:计算障碍物ST/SL图0.前置知识1.涉及主要函数2.函数关系3.部分函数代码详解    3.1 lattice_planner.cc中代码部分    3.2 函数-GetReferencePoint    3.3 函数-GetSpeedLimitFromS   &nbs
VBS木马源码(virus.vbs.writebin.a)
热门推荐
liujiayu2的专栏
08-31 10万+
先贴出来源代码: &lt;SCRIPT Language=VBScript&gt;&lt;!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000 00000000000000000000000...
SM2加解密、签名验签
qq_42873640的博客
08-11 1万+
加密流程。
粉丝答疑:CTF可以一个人参加比赛吗?
Libra1313的博客
03-15 1319
WEB(web类):WEB应用在今天越来越广泛,也是CTF夺旗竞赛中的主要题型,题目涉及到常见的Web漏洞,诸如注入、XSS、文件包含、代码审计、上传等漏洞。话虽如此,现在 CTF 大赛都已经往实战的方向走了,高水准的 CTF 题目很多都会模拟真实的网站,让你更加有真实渗透的代入感,渗透手法也更加贴近实战。内容概要:包括 内网、操作系统、协议、渗透测试、安服、漏洞、注入、XSS、CSRF、SSRF、文件上传、文件下载、文件包含、XXE、逻辑漏洞、工具、SQLmap、NMAP、BP、MSF…
国密算法(SM2)简介及SM2生成秘钥
junxuezheng的博客
08-26 6万+
国密算法(SM2)生成秘钥一、国密算法介绍二、SM2算法和RSA算法比较三、生成SM2秘钥1、openssl生成SM2秘钥1.1、安装openssl1.2、生成SM2私钥1.3、生成SM2公钥2、nodejs:使用sm-crypto包生成SM2秘钥3、c++生成秘钥参考 一、国密算法介绍 国密即国家密码局认定的国产密码算法。主要有SM1,SM2,SM3,SM4。密钥长度和分组长度均为128位。 SM1 为对称加密。其加密强度与AES相当。该算法不公开,调用该算法时,需要通过加密芯片的接口进行调用。
常见格密码(lattice)在rsa中运用coppersmith脚本
shshss64的博客
03-17 608
lattice rsa
[ CTF ] WriteUp- 第五届2022美团网络安全高校挑战赛(初赛)
ZXW_NUDT的博客
09-27 1666
第五届2022美团网络安全高校挑战赛(初赛)
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值