题目来源:题目 (xctf.org.cn)
附件解析
如果是能够熟练掌握ECC密码的话,其实很快就能够解出来了
大佬的脚本走一遍就可以得到公钥了
> import collections
> import random
> EllipticCurve = collections.namedtuple('EllipticCurve', 'name p a b g n h')
> curve = EllipticCurve(
> 'secp256k1',
>
> #Field characteristic.
>
> p=int(input('p=')),
>
> #Curve coefficients.
>
> a=int(input('a=')),
> b=int(input('b=')),
>
> #Base point.
>
> g=(int(input('Gx=')),
> int(input('Gy='))),
>
> #Subgroup order.
>
> n=int(input('k=')),
>
> #Subgroup cofactor.
>
> h=1,
> )
>
> #Modular arithmetic
>
> def inverse_mod(k, p):
> """Returns the inverse of k modulo p.
> This function returns the only integer x such that (x * k) % p == 1.
> k must be non-zero and p must be a prime.
> """
> if k == 0:
> raise ZeroDivisionError('division by zero')
> if k < 0:
> # k ** -1 = p - (-k) ** -1 (mod p)
> return p - inverse_mod(-k, p)
>
> #Extended Euclidean algorithm.
>
> s, old_s = 0, 1
> t, old_t = 1, 0
> r, old_r = p, k
> while r != 0:
> quotient = old_r // r
> old_r, r = r, old_r - quotient * r
> old_s, s = s, old_s - quotient * s
> old_t, t = t, old_t - quotient * t
> gcd, x, y = old_r, old_s, old_t
> assert gcd == 1
> assert (k * x) % p == 1
> return x % p
>
> #Functions that work on curve points
>
> def is_on_curve(point):
> """Returns True if the given point lies on the elliptic curve."""
> if point is None:
> # None represents the point at infinity.
> return True
> x, y = point
> return (y * y - x * x * x - curve.a * x - curve.b) % curve.p == 0
> def point_neg(point):
> """Returns -point."""
> assert is_on_curve(point)
> if point is None:
> # -0 = 0
> return None
> x, y = point
> result = (x, -y % curve.p)
> assert is_on_curve(result)
> return result
> def point_add(point1, point2):
> """Returns the result of point1 + point2 according to the group law."""
> assert is_on_curve(point1)
> assert is_on_curve(point2)
> if point1 is None:
> # 0 + point2 = point2
> return point2
> if point2 is None:
> # point1 + 0 = point1
> return point1
> x1, y1 = point1
> x2, y2 = point2
> if x1 == x2 and y1 != y2:
> # point1 + (-point1) = 0
> return None
> if x1 == x2:
> # This is the case point1 == point2.
> m = (3 * x1 * x1 + curve.a) * inverse_mod(2 * y1, curve.p)
> else:
> # This is the case point1 != point2.
> m = (y1 - y2) * inverse_mod(x1 - x2, curve.p)
> x3 = m * m - x1 - x2
> y3 = y1 + m * (x3 - x1)
> result = (x3 % curve.p,
> -y3 % curve.p)
> assert is_on_curve(result)
> return result
> def scalar_mult(k, point):
> """Returns k * point computed using the double and point_add algorithm."""
> assert is_on_curve(point)
> if k < 0:
> # k * point = -k * (-point)
> return scalar_mult(-k, point_neg(point))
> result = None
> addend = point
> while k:
> if k & 1:
> # Add.
> result = point_add(result, addend)
> # Double.
> addend = point_add(addend, addend)
> k >>= 1
> assert is_on_curve(result)
> return result
>
> #Keypair generation and ECDHE
>
> def make_keypair():
> """Generates a random private-public key pair."""
> private_key = curve.n
> public_key = scalar_mult(private_key, curve.g)
> return private_key, public_key
> private_key, public_key = make_keypair()
> print("private key:", hex(private_key))
> print("public key: (0x{:x}, 0x{:x})".format(*public_key))
public key: (0xcb19fe553fa, 0x50545408eb4)
公钥K(13957031351290,5520194834100)
或者直接用ECCTOOL做,更加简单
下载地址:ECCTooL下载 ECCTooL(椭圆曲线密码学工具) v1.04 绿色免费版 下载-脚本之家 (jb51.net)
题目中说flag是X+Y那就转成十进制的
相加即可得到FLAG,注意提交形式