#zer0ptsCTF2021 import random import signal from flag import flag from Crypto.Util.number import getStrongPrime, inverse HANDNAMES = { 1: "Rock", 2: "Scissors", 3: "Paper" } def commit(m, key): (g, p), (x, _) = key r = random.randint(2, p-…

#zer0ptsCTF2021 from Crypto.Cipher import AES from Crypto.Random import get_random_bytes from binascii import hexlify, unhexlify from hashlib import md5 import os import signal from flag import flag keys = [md5(os.urandom(3)).digest() for …

#srdnlen_CTF_2022 from random import randint from math import gcd from secret import FLAG BIN_LEN = 240 class MHK: def __init__(self): self.b = [] self.w = [] self.q = 0 self.r = 0 self.genKeys() def genKeys(self): k = 30 self.w.append(ran…

消去式のこと。なんかmagicallyに変数を減らすことができて便利。resultantの偉いところは合成数modでも使えるというところ（groebner basisがで動くのに対して）。別にグレブナー基底もで式を建ててから移せばいいんですけど n = randint(0, 2^100) Zn = Zm…

#redpwnctf2021 TokyoWesterns CTF 6th 2020 | circularと全くおなじ問題設定。つまりOng-Schnorr-Shamir Digital Signature Schemeで、おなじsolverが使える #!/usr/local/bin/python from Crypto.Util.number import getPrime, bytes_to_long from Crypto.…

めちゃくちゃ良かった

#pbctf_2021 #rbtree #!/usr/bin/env python3 import random from flag import flag def keygen(ln): # Generate a linearly independent key arr = [ 1 << i for i in range(ln) ] for i in range(ln): for j in range(i): if random.getrandbits(1): arr[j…

p-adic number を考える。sageには Zp が用意されていて、例えば みたいな拡大体の上での演算を扱いたいときはGF(p^100)よりも、Zp(p, prec=100) とするのが良い。 https://doc.sagemath.org/html/en/reference/padics/index.html 例えば、 みたいな式が合っ…

#nullcon_HackIM_2022 #!/usr/bin/python3 import random from Crypto.Cipher import AES from hashlib import sha256 from secret import flag, generate_base class Permutation(object): def __init__(self, perm): self.perm = perm.copy() self.n = len…

#m0lecon2022 #SIDH

#m0lecon2021 #good_challenges_2021 https://keltecc.github.io/ctf/writeup/2021/05/15/m0lecon-ctf-2021-teaser-giant-log.html import random from secret import flag, fast_exp import signal p = 0x83f39daf527c6cf6360999dc47c4f0944ca1a67858a11bd9…

#foobarCTF_2022 from Crypto.Util.number import * flag = b"GLUG{**********REDACTED***************}" p,q = getPrime(1024),getPrime(1024) N = p * p * q e = 0x10001 phi = p * (p-1) * (q-1) d = inverse(e, phi) m = bytes_to_long(flag) c = pow(m,…

https://cor.team/posts/corCTF-2021---Crypto-Challenge-Writeups author: qopruzjf, quintec, willwam845

meet-in-the-middle attackってこうやって出すのかなるほどな〜という問題。 import sys from hashlib import sha256 from Crypto.Cipher import DES SECRET = 0xa########e # remember to erase this later.. seed = b'secret_sauce_#9' def keygen(s): key…

BKZ WMCTF 2020 | Sum こちらはmitsuくんが解いてくれた from json import load def chk(sol, A, s): return sum(x * a for x, a in zip(sol, A)) == s def solve(A, n, k, s, BS=22): N = ceil(sqrt(n)) lat = [] for i, a in enumerate(A): lat.append([(j…

#UnionCTF man in the middleらしい

https://furutsuki.hatenablog.com/entry/2020/09/21/092947 xorshift 行列累乗 様々な行列の作り方 #!/usr/bin/python3 s = [] p = 0 def init(): global s,p s = [i for i in range(0,64)] p = 0 return def randgen(): global s,p a = 3 b = 13 c = 37 s0…

#SECCON_CTF_2022_Quals #xornet from random import randint from Crypto.Util.number import getPrime, bytes_to_long from secret import FLAG # f(x,y,z) = a1*x + a2*x^2 + a3*x^3 # + b1*y + b2*y^2 + b3*y^3 # + c*z + s mod p def calc_f(coeffs, x,…

#rarctf2021 import random import sys from Crypto.Util.number import long_to_bytes def bxor(ba1,ba2): return bytes([_a ^ _b for _a, _b in zip(ba1, ba2)]) BITS = 128 SHARES = 30 poly = [random.getrandbits(BITS) for _ in range(SHARES)] flag =…

#midnightsunctf2021quals u = getrandbits(512) p = next_prime(1337 * u + getrandbits(300)) q = next_prime(2021 * u + getrandbits(300)) n = p * q sage: n 376347864369130929314918003073529176189619811132906053032580291332225522349124770927556…

と 秘密の エラー があって、 判定LWE(Desicional LWE) とを受け取って、か かを判定する問題 探索LWE(Search LWE) とを受け取って、を復元する問題 を取る場合もあって、その場合はRing LWEと呼ばれる 判定RLWEをSISを解いて解決する 複数のインスタンスが…

#imaginaryctf2021 from Crypto.Util.number import bytes_to_long import random flag = bytes_to_long(open("flag.txt", "rb").read()) msg = bytes_to_long(b":roocursion:") p = 828208757675404802784998591016022506443991176995496942317967203886469…

#hsctf8 Zn = Zmod(26) key = [ [16,25,8], [14,19,5], [15,17,3], ] invkey = matrix(Zn, key)^-1 plaintext = b"rtca{vbuhp_kaiq_gfj_nx_rda_ujw}" plaintext = [x - ord('a') for x in plaintext if ord('a') <= x <= ord('z')] print(plaintext) flag = …

#HITCON_CTF_2022 from Crypto.Util.number import bytes_to_long as b2l from Crypto.Util.number import long_to_bytes as l2b import random Zx.<x> = ZZ[] def convolution(f, g): return (f * g) % (x ^ n-1) def balancedmod(f, q): g = list(((f[i] + q/</x>…

https://gist.github.com/samueltangz/bfc540af95a10e21a29e0f672ca048b8 #!/usr/bin/env python3 # -*- coding: UTF-8 -*- import os from pwn import * import requests import base64 from Crypto.PublicKey import RSA from Crypto.Cipher import AES im…

グラム行列 ある（正方とは限らない）行列に対してグラム行列 は正方行列 のグラム行列 が可逆 の各行が線形独立

#grabcon2021 from math import sqrt import random from Crypto.Util.number import bytes_to_long N = 243398471445086096158902751815981037056185671606395615732185670597594848933757044595783312066844386797549036301933553034317912968950101762681…

これは解かなくていい（本当？） That all i can get from my friend ! Help me out! I'm bad at math he told me IV IV IV , i knew it meant 4 but nothing i could do with ! (1,564321784322132454256546212165481243585) (2,56432178432213245425654621…

次のような構造を持った暗号 Feistel構造の面白い特徴として、鍵を逆から適用すると復号になる（それはそう）