signal.alarm(10) print("Give me a bad RSA keypair.")
try: p = int(input('p = ')) q = int(input('q = ')) assert p > 0 assert q > 0 assert p != q assert p.bit_length() == 512 assert q.bit_length() == 512 assert isPrime(p) assert isPrime(q) n = p * q e = 65537 assert p % e != 1 assert q % e != 1 d = inverse(e, (p-1)*(q-1)) except: print("Invalid params") exit(2)
try: key = RSA.construct([n,e,d,p,q]) print("This is not a bad RSA keypair.") exit(3) except KeyboardInterrupt: print("Hacker detected.") exit(4) except ValueError: print("How could this happen?") from secret import flag print(flag)
whileTrue: p = getPrime(512) e = 0x10001 for k inrange(2, e): g, x, y = xgcd(e*p, -k*(p-1)) if g == 1: q = y + 1 iflen(bin(q)) == 514and isPrime(q): print('p =', p) print('q =', q)
ktot = d * e - 1 # The quantity d*e-1 is a multiple of phi(n), even, # and can be represented as t*2^s. t = ktot while t % 2 == 0: t //= 2
# Cycle through all multiplicative inverses in Zn. # The algorithm is non-deterministic, but there is a 50% chance # any candidate a leads to successful factoring. # See "Digitalized Signatures and Public Key Functions as Intractable # as Factorization", M. Rabin, 1979 spotted = False a = Integer(2) whilenot spotted and a < 100: k = Integer(t) # Cycle through all values a^{t*2^i}=a^k while k < ktot: cand = pow(a, k, n) # Check if a^k is a non-trivial root of unity (mod n) if cand != 1and cand != (n - 1) andpow(cand, 2, n) == 1: # We have found a number such that (cand-1)(cand+1)=0 (mod n). # Either of the terms divides n. p = Integer(n).gcd(cand + 1) spotted = True break k *= 2 # This value was not any good... let's try another! a += 2 ifnot spotted: raise ValueError("Unable to compute factors p and q from exponent d.")
from Crypto.Util.number import * from Crypto.PublicKey import RSA from Crypto.Math.Primality import * from gmpy2 import next_prime from math import prod from random import randint while1: p = getPrime(512) if p % 4 == 3: break
t = [] for i inrange(2, 50): if isPrime(i): t.append(i)
pmod = p % 614889782588491410
while1: while1: q = pmod + randint((2 ** 511) // 614889782588491410, (2 ** 512) // 614889782588491410) * 614889782588491410 # q = getPrime(512) if isPrime(q) and q % 4 == 3: break n = p * q e = 0x10001 d = inverse(e, (p - 1) * (q - 1))