文章目录
Mathematics
Brainteasers Part 1
1. Successive Powers
给了一个数组
是x
的连续阶乘对p
取模的结果
p
为三位素数
记t=[588, 665, 216, 113, 642, 4, 836, 114, 851, 492, 819, 237]
则有
t
0
∗
x
≡
t
1
m
o
d
p
t
1
∗
x
≡
t
2
m
o
d
p
.
.
.
t
10
∗
x
≡
t
11
m
o
d
p
t_0*x\equiv t_1\mod p\\ t_1*x\equiv t_2\mod p\\ ...\\ t_{10}*x\equiv t_{11}\mod p
t0∗x≡t1modpt1∗x≡t2modp...t10∗x≡t11modp
即
x
=
t
1
∗
t
0
−
1
m
o
d
p
x
=
t
2
∗
t
1
−
1
m
o
d
p
.
.
.
x
=
t
11
∗
t
10
−
1
m
o
d
p
x=t_1*t_0^{-1}\mod p\\ x=t_2*t_1^{-1}\mod p\\ ...\\ x=t_{11}*t_{10}^{-1}\mod p\\
x=t1∗t0−1modpx=t2∗t1−1modp...x=t11∗t10−1modp
p为三位素数,直接爆破即可
t = [588, 665, 216, 113, 642, 4, 836, 114, 851, 492, 819, 237]
pmin = max(t)+1
for p in trange(pmin,0x3f3f3f3):
try:
x = [(t[i]*invert(t[i-1],p))%p for i in range(1,ll)]
if len(set(x)) == 1:
print(p,x)
except:
pass
结果p=919,x=209
flag为crypto{p,x}
2. Adrien’s Signs
加密函数
随机量为n,为指数部分
使用离散对数sympy.discrete_log
exec('c='+open("D:\\Downloads\\output_80fc6398d2fd9f272186d0af510323f9.txt").read())
from sympy import discrete_log as dl
from tqdm import *
ff = ''
for i in trange(len(c)):
cc = c[i]
try:
r = dl(p,cc,a)
ff += '1'
except:
r = dl(p,-cc%p,a)
ff += '0'
print(ff)
from number import *
print(l2b(int(ff,2)))
3. Modular Binomials
给了N,e1,e2,c1,c2,要求得p,q
Factordb能分解
4. Broken RSA
给了n,e,c
注意到e为16,并且有
m
e
≡
c
m
o
d
n
(
m
8
)
2
≡
c
m
o
d
n
m^e\equiv c\mod n\\ (m^8)^2\equiv c\mod n
me≡cmodn(m8)2≡cmodn
题目已经明确的给了提示
If you think you’re doing the right thing but getting garbage, be sure to check all possible solutions.
注意,这个方程会有两个解,两个都要考虑并进行下一步计算。
第一步能得到
m
8
m^8
m8 的值,记为r8,以此类推,有
(
m
4
)
2
≡
r
8
m
o
d
n
(
m
2
)
2
≡
r
4
m
o
d
n
m
2
≡
r
2
m
o
d
n
(m^4)^2\equiv r8\mod n\\ (m^2)^2\equiv r4\mod n\\ m^2\equiv r2\mod n
(m4)2≡r8modn(m2)2≡r4modnm2≡r2modn
由此解出m
的值
# Sage
n = 27772857409875257529415990911214211975844307184430241451899407838750503024323367895540981606586709985980003435082116995888017731426634845808624796292507989171497629109450825818587383112280639037484593490692935998202437639626747133650990603333094513531505209954273004473567193235535061942991750932725808679249964667090723480397916715320876867803719301313440005075056481203859010490836599717523664197112053206745235908610484907715210436413015546671034478367679465233737115549451849810421017181842615880836253875862101545582922437858358265964489786463923280312860843031914516061327752183283528015684588796400861331354873
e = 16
ct = 11303174761894431146735697569489134747234975144162172162401674567273034831391936916397234068346115459134602443963604063679379285919302225719050193590179240191429612072131629779948379821039610415099784351073443218911356328815458050694493726951231241096695626477586428880220528001269746547018741237131741255022371957489462380305100634600499204435763201371188769446054925748151987175656677342779043435047048130599123081581036362712208692748034620245590448762406543804069935873123161582756799517226666835316588896306926659321054276507714414876684738121421124177324568084533020088172040422767194971217814466953837590498718
from number import *
R.<x> = Zmod(n)[]
f = x^2-c
r8 = [i[0] for i in f.roots()]
r4,r2,r = [],[],[]
for rr8 in r8:
f = x^2 - rr8
r4 += [i[0] for i in f.roots()]
for rr4 in r4:
f = x^2 - rr4
r2 += [i[0] for i in f.roots()]
for rr2 in r2:
f = x^2 - rr2
r += [i[0] for i in f.roots()]
for m in r:
print(l2b(m))
得到
flag是crypto{m0dul4r_squ4r3_r00t}