#zer0ptsCTF2021 import os import signal import random from base64 import b64encode from Crypto.Util.number import getStrongPrime, bytes_to_long from Crypto.Util.Padding import pad from Crypto.Cipher import AES from flag import flag p = get…

Coppersmith's Theorem

#srdnlen_CTF_2022 #!/usr/bin/env python3 import random import string from Crypto.Util.number import getPrime, bytes_to_long def flag_padding(flag): s = string.ascii_lowercase + string.ascii_uppercase + string.digits for i in range(random.r…

pbctf2020 enigma #!/bin/env python3 from string import ascii_uppercase as UC from random import SystemRandom from enigma.machine import EnigmaMachine from secretstuff import FLAG, PLUGBOARD_SETTINGS assert FLAG.isupper() # Without pbcft{..…

#pbctf_2021 #rbtree #!/usr/bin/env python3 from Crypto.Util.number import * import random def genPrime(): while True: a = random.getrandbits(256) b = random.getrandbits(256) if b % 3 == 0: continue p = a ** 2 + 3 * b ** 2 if p.bit_length()…

#nullconHackIM2019 https://ctftime.org/task/7514 4 bit key space is brute forceable so how about 48 bit key space? flag is hackim19{decrypted flag} 16 bit plaintext: b'0467a52afa8f15cfb8f0ea40365a6692' flag: b'04b34e5af4a1f5260f6043b8b9abb…

https://github.com/google/google-ctf/tree/master/2022

これを non-coprime exponent RSA って呼ぼうかな

ペアリング WIP 楕円曲線上の2点から、有限体上の1点への写像で、鍵共有を行う 準備 上の点 をとって、4点のはる平行四辺形の面積 を考える 平行四辺形の面積は の関係がある 2点 に対して、を持ってきて、 を共有鍵とするような演算を行う

#wanictf2021spring from Crypto.Util.number import getPrime, bytes_to_long with open("flag.txt", "rb") as f: flag = f.read() p, q = getPrime(1024), getPrime(1024) N = p * q M = 2 * p + q e = 0x10001 def encrypt(plaintext: bytes) -> int: pla…

SPN linear cryptoanalysis import itertools from binascii import hexlify, unhexlify import Crypto.Random.random as random from Crypto.Util.number import bytes_to_long, long_to_bytes, getRandomNBitInteger from secret import flag banner = '''…

RSA DLP #!/usr/bin/env python3 # -*- coding:utf-8 -*- from Crypto.Util.number import * from gmpy2 import invert from hashlib import sha256 import string import os import random from secret import flag, e assert e.bit_length() == 477 BITS =…

BKZ Subset Sum Problem from json import dump from random import SystemRandom random = SystemRandom() k, n, d = 160, 180, 0.8 B = 2**(n/d) A = [random.randint(1, B) for _ in range(n)] s = sum(A[index] for index in random.sample(range(n), k)…

#UTCTF https://ctftime.org/task/7819

#GCD

k = 3 # the number of shares needed to decrypt secret n = 5 # the number of shares p = random_prime(1 << 128) Fp = GF(p) P.<x> = PolynomialRing(Fp) a = randint(2, p-1) # secret coeffs = [a] + [randint(2, p-1) for _ in range(k-1)] f = P(coeffs</x>…

#Sekai_CTF_2022 import hashlib from os import urandom from flag import FLAG def gen_pubkey(secret: bytes, hasher=hashlib.sha512) -> list: def hash(m): return hasher(m).digest() state = hash(secret) pubkey = [] for _ in range(len(hash(b'0')…

#securinetsquals2k21 from Crypto.Util.number import long_to_bytes from Crypto.Util.Padding import pad from Crypto.Cipher import AES from secret import flag import hashlib import random import os import signal class DHx(): def __init__(self…

#securinetsquals2k21 from Crypto.Cipher import AES import random import hashlib import signal def is_prime(n): _B = [0x2, 0x3, 0x5, 0x7, 0xb, 0xd, 0x11, 0x13, 0x17, 0x1d, 0x1f, 0x25, 0x29, 0x2b, 0x2f, 0x35, 0x3b, 0x3d, 0x43, 0x47, 0x49, 0x…

#San_Diego_CTF_2022 import random import hmac # returns the modular multiplicative inverse of a number, only when the modulus is prime # by using Fermat's Little Theorem def invModPrime(num, mod): return pow(num, mod - 2, mod) # Doubles a …

#sandiegoctf2021

フィボナッチ数列の一般項などでsqrt, sin その他のSymbolic Expressionが存在するような数式を扱う時、その式の具体地を求めたいときがある。そのようなときはfull_simpliyを使えば良い。ちなみにかなり遅い def fib(n): return (((1 + sqrt(5)) / 2)^n - (…

#sstf_2021

kmov 連分数展開 https://furutsuki.hatenablog.com/entry/2020/10/11/172946#crypto01-393pts--4solves

https://ctftime.org/writeup/16555 Juggling with some algebra! cloud_download Download: trivial_rsa.tar.gz sage: n1 1666516259809141667503524337292925521533023798860006360611545340624675926927978876026997799344130222775453506398994015880140…

#rarctf2021 from Crypto.Util.number import getPrime, bytes_to_long flag = bytes_to_long(open("/challenge/flag.txt", "rb").read()) def genkey(): e = 0x10001 p, q = getPrime(256), getPrime(256) if p <= q: p, q = q, p n = p * q pubkey = (e, n…

RSA Recovering cryptographic keys from partial information, by example 参考文献 Recovering cryptographic keys from partial information, by example eが小さく、mの大部分がわかっている時 のようなとき。 とおいて について だから、こののsmall ro…

#RSA #quadratic_residue （mon でのquadratic residue） #univariate_coppersmith_method #Suspicious_Prime https://furutsuki.hatenablog.com/entry/2020/06/01/023111#crypto-Omni-Crypto LSB と MSBがあわせて1024bitくらいわかるので解ける

AES https://furutsuki.hatenablog.com/entry/2020/06/01/023111#crypto-Androids-Encryption

という形のDiophantus Equation ディオファントス方程式なのでsolve_diophantine 関数を使って一般的に解ける x,y = var("x,y") solutions = solve_diophantine(x**2 - 61*y**2 == 1) xsol, ysol = solutions[0] xval, yval = xsol.subs(t=0).simplify_full(…