1. RSA 4(低加密指数广播攻击)
N = 331310324212000030020214312244232222400142410423413104441140203003243002104333214202031202212403400220031202142322434104143104244241214204444443323000244130122022422310201104411044030113302323014101331214303223312402430402404413033243132101010422240133122211400434023222214231402403403200012221023341333340042343122302113410210110221233241303024431330001303404020104442443120130000334110042432010203401440404010003442001223042211442001413004
c = 310020004234033304244200421414413320341301002123030311202340222410301423440312412440240244110200112141140201224032402232131204213012303204422003300004011434102141321223311243242010014140422411342304322201241112402132203101131221223004022003120002110230023341143201404311340311134230140231412201333333142402423134333211302102413111111424430032440123340034044314223400401224111323000242234420441240411021023100222003123214343030122032301042243
N = 302240000040421410144422133334143140011011044322223144412002220243001141141114123223331331304421113021231204322233120121444434210041232214144413244434424302311222143224402302432102242132244032010020113224011121043232143221203424243134044314022212024343100042342002432331144300214212414033414120004344211330224020301223033334324244031204240122301242232011303211220044222411134403012132420311110302442344021122101224411230002203344140143044114
c = 112200203404013430330214124004404423210041321043000303233141423344144222343401042200334033203124030011440014210112103234440312134032123400444344144233020130110134042102220302002413321102022414130443041144240310121020100310104334204234412411424420321211112232031121330310333414423433343322024400121200333330432223421433344122023012440013041401423202210124024431040013414313121123433424113113414422043330422002314144111134142044333404112240344
N = 332200324410041111434222123043121331442103233332422341041340412034230003314420311333101344231212130200312041044324431141033004333110021013020140020011222012300020041342040004002220210223122111314112124333211132230332124022423141214031303144444134403024420111423244424030030003340213032121303213343020401304243330001314023030121034113334404440421242240113103203013341231330004332040302440011324004130324034323430143102401440130242321424020323
c = 10013444120141130322433204124002242224332334011124210012440241402342100410331131441303242011002101323040403311120421304422222200324402244243322422444414043342130111111330022213203030324422101133032212042042243101434342203204121042113212104212423330331134311311114143200011240002111312122234340003403312040401043021433112031334324322123304112340014030132021432101130211241134422413442312013042141212003102211300321404043012124332013240431242
题目给了三对n和c(对应同一个明文m),刚看到就想着把n分解,不过得到的结果不是两个素数乘积,后来看到别人说这里的n,c不是十进制而是五进制,我也不知道是怎么看出来的,不过我估计可能是因为n,c这里的数都是0—5之间?所以先转换为十进制就好(记得要将n和c都转换成十进制,我做的时候忘记将c转换成十进制,算了好久都没算出来,很郁闷)
n = int(str(N), 5),c = int(str(c), 5)
参考:【buuctf】RSA4(低加密指数广播攻击)_暮w光的博客-CSDN博客_低加密指数广播攻击
这里用到了中国剩余定理,不过跟我之前在数论里学的不太一样,详解在这:中国剩余定理(孙子定理)详解 - despair_ghost - 博客园 (cnblogs.com)
大概意思就是:
(1) 找到n1, n2, n3最小公倍数(这里由于他们三个互素,所以n1 * n2 * n3就是最小公倍数)
(2) (以n1为例)用n2 * n3对n1求余,我们需要这个余数是c1,所以不妨找到一个数k * n2 * n3对n1求余,令这个余数为1,再将c1 * k即为n1的“基础数”
(3) 三个基础数相加,得到的数再对最小公倍数求余即为所得
(4) 有一点需要注意的是,我们这里的余数采用的是c1, c2, c3,差一个指数,所以想要得到最终的结果,还需要上述结果开e次方即可
然后这道题没给e(这也是这个题型的特点——给三组n,c以及他们对应同一个明文),所以我们猜测e是一个小数,所以可以从1开始挨个爆破