[Geek Challenge 2022] crypto部分

news/2024/2/27 22:00:54

这个比赛是一个网友让我看看的,这个比赛很有意思,crypto题全是百度网盘,pwn题全是谷歌网盘,这样我这pwn题就基本over了。还好这些crypto都不怎么难,都答出来了。最后成绩到10名了。

w_or_m?

第1个50分的题,还真不会,看来看去,由于flag头是SYC{所以可以找到一些线索We后是间隔3字符,前边(右边)是间隔4字符,看上去就是栅栏,根据字符猜就是welcome,然后猜第2行,与第1行方向相反。经网友提示是Rail Fence就是一种特殊的栅栏,前边被题目的说明zigzag误导了。这个好像真没啥关系。

0_cmdo1elfe_2_}WtoC!{0mr!C__7!YtepoS34^   ^   ^    ^    ^    ^    ^    ^    <---从右向左c   1   e    W    {    C    Y    S    
0  m   e   _    t    0    _    t    3   <---从左向右d   l   2    o    m    _    e       <---右向左_   o   f   _    C    r    7    p   4}   !    !    !    o

正确的应该解法是

(1)倒序
'0_cmdo1elfe_2_}WtoC!{0mr!C__7!YtepoS34'[::-1]
'43SopetY!7__C!rm0{!CotW}_2_efle1odmc_0'(2)cyberchef->Rail Fence Cipher Decode
Key:9
Offset:27
}!!!o4p7rC_fo_dl2om_e3t_0t_em0c1eW{CYS(3)倒序
'}!!!o4p7rC_fo_dl2om_e3t_0t_em0c1eW{CYS'[::-1]
'SYC{We1c0me_t0_t3e_mo2ld_of_Cr7p4o!!!}'

 

ez_classic

题目给了个摩尔斯电码

-../.-../.-./---/.--/---/-/.--./-.--/.-./-.-./---/.-../.-.././....

解码后再反过来

dlrowotpyrcolleh
SYC{hellocryptoworld}

definitely ez RSA

一个标准的小指数攻击题e=6,m很小n很大

from Crypto.Util.number import *
import libnumflag = b'****hidden_message****'
p = getPrime(512)
q = getPrime(512)
n = p * q
e = 6
m = libnum.s2n(flag)
c = pow(m,e,n)
print(c)
print(n)'''
*****************************************************
c = 50072006338339389555118552154159240037219794211505206943873038914830972293138548550568229783754227896661905769853250134014183574039535969574789925550365619292404703617997980492432173682029840923107651199593049684918577536870537471401209938966780904496397505606866028917883152417396458811357069626629334483341
n = 147194403642833538539720995718314310463580322118979932658805936518215523735242613107271741138837389303135352865058107054820876285524238471152015504027014461168105771913435200522726300893493981125032256531337768716089003105857799620333243431585087621669813946444872568719527503184655024233193716871553607529747
*****************************************************
'''

解法就是直接开根号,不够开就加个n,因为6次一般情况不会溢出多少。

from gmpy2 import irootc = ...
n = ...while True:v,k = iroot(c,6)if k:print(bytes.fromhex(hex(int(v))[2:]))breakc +=n	
#SYC{0ops_y0u_f1Nd_m3!}
'''
R.<x> = PolynomialRing(Zmod(n))
f = x^6 - c 
f.monic()
f.roots()
'''

 

Pairs

给了一个密文:3tl2nv2zl2zl2zl4pg6gh5tr2z76kf2nt5zc56a6w0

一共42字节,也要放到网盘上。有提示:hint: My twin brother send me a message.Can you decrypt it? 1、 Alice and Bob are twins of Hex

一个twin-hex加密,直接找网站解

StarterRSA

又一个rsa的题,仅给了n,c,e但明显n非常小,可以直接分解

n= 69984814757288857831977509185208500866724771756561629279687819301222483218728663
e= 65537
c= 67672845063517415442486175096448664617581579564885311842326107871805595697454701

经过分解发现p是一个小因子,直接解rsa

from gmpy2 import *
from Crypto.Util.number import long_to_bytesn= 69984814757288857831977509185208500866724771756561629279687819301222483218728663
e= 65537
c= 67672845063517415442486175096448664617581579564885311842326107871805595697454701p = 733
q = 95477237049507309456995237633299455479842799122185033123721445158557275878211
phi = (p-1)*(q-1)
d = invert(e, phi)
m = pow(c,d,n)
print(long_to_bytes(m))#SYC{5t4rt_R5A_ls_1t_3a5y?}

 

Blind

还是个rsa题,题目有点长,先是加密m得到c但n没有给出,后边两个paper提示是对p,q分别进行的rsa加密

flag = b'xxxxxx'
p = getPrime(1024)
q = getPrime(1024)
m = bytes_to_long(flag)
n = p*q
e = 65537
c = pow(m,e,n)
print('c={}'.format(c))p1 = getPrime(1024)
q1 = getPrime(1024)
n1 = p1*q1
e1 = 65537
assert gcd(e1,(p1-1)*(q1-1)) == 1
c1 = pow(p,e1,n1)
print('n1={}'.format(n1))
print('c1={}'.format(c1))
hint1 = pow(2022 * p1 + q1, 222222, n1)
hint2 = pow(2023 * p1 + 232323, q1, n1)
print('hint1={}'.format(hint1))
print('hint2={}'.format(hint2))p2 = getPrime(1024)
q2 = getPrime(1024)
n2 = p2*q2
e2 = 65537
assert gcd(e1,(p2-1)*(q2-1)) == 1
c2 = pow(q,e2,n2)
hint3 = pow(2022 * p2 + 2023 * q2, 222222, n2)
hint4 = pow(2023 * p2 + 2022 * q2, 232323, n2)
print('n2={}'.format(n2))
print('c2={}'.format(c2))
print('hint3={}'.format(hint3))
print('hint4={}'.format(hint4))

这种曾经作过类似的也就没有难度了。第一步先对q1取模得到仅含p1的两个算式,将p1约掉后得到q1,再与n1取公约数得到q1,然后解Rsa得到p

#p 
t1 = hint1 * pow(2022, -222222, n1) % n1 
t2 = (hint2 - 232323) * pow(2023,-1, n1) % n1 
q1 = gcd(t1 - pow(t2, 222222, n1) , n1)
p1 = n1//q1 
phi1 = (p1 - 1)* (q1 - 1)
d1 = invert(e, phi1)
p = pow(c1, d1, n1)
print(f'p = {p}')

 第2步同理得到q

#q  
t3 = pow(hint3 * pow(2023, -222222, n2),232323,n2)
t4 = pow(hint4 * pow(2022, -232323, n2),222222,n2)
p2 = gcd(t3-t4, n2)
q2 = n2//p2 
phi2 = (p2-1)*(q2-1)
d2 = invert(e, phi2)
q = pow(c2, d2, n2)
print(f'q = {q}')

最后由p,q得到m

n = p*q 
phi = (p-1)*(q-1)
d = invert(e, phi)
flag = pow(c,d,n)
print(long_to_bytes(flag))#The_key_I_am_white_Please_continue_decryting

 这时候还没完,flag.txt是维吉尼亚加密的,得到的是key:iamwhite,到网站上在线解得到

#Key:iamwhite
#密文(flag.txt文件): ayo{2ek_g0n_v3i11y_4ujk_bai_zisda_ig5amr}
#SYC{2dz_y0a_s3a11y_4iiz_tnf_rigcp_at5xer}

link_start

又是一个rsa,两个m分别是m加上两个padding得到的,而padding已知,所以这个用关联信息

from Crypto.Util.number import *
flag = b'xxxxxxxxxx'
m = bytes_to_long(flag)
e = 3
p = getPrime(256)
q = getPrime(256)
n = p * q
pad1 = 105932791230388043786415766547423404991945041940365436758701967602353965252168
pad2 = 927899423531845853332048235055407925992275378422616390929
m1 = m + pad1
m2 = m + pad2
c1 = pow(m1,e,n)
c2 = pow(m2,e,n)
print("c1 =",c1)
print("c2 =",c2)
print("n =",n)'''
c1 = 3720637940274958886432460233359341402765303073408436397771852426914390218432084755791424796944302399361378059153348441733368574505589165431342734218087692
c2 = 1857483070190148986251195374434228339562792548542508665250465210130431058280559201968992393617573644598954953409645690993451979549050973992242158354491780
n = 5106069782765072129956779902712742815006764735937158686628819801242945179548793829832666946413859309545558089370129318039174135569850663668730057188261837
'''

这个关联信息攻击有模板,只当个搬运工。

def related_message_attack(c1,c2, di, e,n):from Crypto.Util.number import GCD#展开(x+a)^e的系数,杨辉三角def poly_coef(a, e):assert e >= 0if e == 0:return 1elif e == 1:return [1,1]else:res = [1]coe_prev = poly_coef(a, e-1)for i in range(len(coe_prev)-1):res.append(sum(coe_prev[i:i+2]))res.append(1)return resdef poly_extend(a, e, n,c):coef = poly_coef(a, e)res = [a**i * coef[i] for i in range(len(coef))]res[-1] = res[-1] + cres = [x%n for x in res]return res#化首1def poly_monic(pl,n):from gmpy2 import invertfor p in pl:if p!=0:inv = invert(p,n)breakreturn [int((x*inv)%n) for x in pl]#模运算,这部分写的不是很好,待优化def poly_mod(pl1,pl2,n):from functools import reduceassert len(pl1) == len(pl2)pl1 = poly_monic(pl1,n)pl2 = poly_monic(pl2,n)for i in range(len(pl1)):if pl1[i] > pl2[i]:breakelif pl1[i] < pl2[i]:return poly_mod(pl2,pl1,n)else:return 0idx = -1for i in range(len(pl1)):if pl1[i] == 1:idx = ibreakfor i in range(idx,len(pl2)):if pl2[i] == 1:pl2 = pl2[:idx] + pl2[i:]pl2 += [0]*(len(pl1)-len(pl2))breakres = []for i in range(len(pl1)):if pl2[i] == 0:res.append(pl1[i])else:res.append(pl1[i]-pl2[i])res = [int(x%n) for x in res]g = int(reduce(GCD,res))if g > 1:res = [x//g for x in res]return res#最大公因式def poly_gcd(pl1,pl2,n):while pl2 != 0:pl1,pl2 = pl2, poly_mod(pl1,pl2,n)pl1 = poly_monic(pl1,n)return pl1#x^e-c1#(x+di)^e-c2pl1 = poly_extend(0,e,n,-c1)pl2 = poly_extend(di,e,n,-c2)pl_d = poly_gcd(pl1,pl2,n)#求得(x-m),所以取负数即为mm = n - pl_d[-1]return mx = related_message_attack(c1, c2, pad2-pad1, e, n)
bytes.fromhex(hex(x-pad2)[2:])
#SYC{1_c4n_d0_th15_a1l_d@y}

 

Long_But_Short

终于走出rsa了,这里给出了q=p+1然后c = (m+p)**q %p 

from Crypto.Util.number import *
from secret import flag
flag = bytes_to_long(flag)p = getPrime(1024)
q = p+1
assert flag**2 < p
a = pow(flag+p, q, p)print('p=',p) 
print('a=',a)'''
p= 132485702522161146757217734716447479208806639208543182360084149642567339473293168036770464973129405874692085101982109256055320486303869520189058357502693388509190430447787056423080714947904812339604787610679547711291646116182650401371922642011766279740399192613052280061981102203595808184804858315094410004923
a= 1718205151527213531940354061216609955728503626623437131525315244599535856595391286686273033612529023037466615611832668265075325829196053041494716601943531710744433426780718569225
'''

根据费马小定理,先把这个q分成p-1+2,将p-1去掉,后边就剩个开平方了,模p的话flag+p=flag

long_to_bytes(iroot(a,2)[0])
#SYC{7ca905c9dbba1ffe7ff0ee3ee93f1ac1}

 

just lcg

这题目很长很长,但一看也没内容,已经一个很普通的式子运算

import signal
import socketserver
import os
import string, random
from hashlib import sha256
from secret import flagnum = 1000class Task(socketserver.BaseRequestHandler):def _recvall(self):BUFF_SIZE = 2048data = b''while True:part = self.request.recv(BUFF_SIZE)data += partif len(part) < BUFF_SIZE:breakreturn data.strip()def send(self, msg, newline=True):try:if newline:msg += b'\n'self.request.sendall(msg)except:passdef recv(self, prompt=b'[+]'):self.send(prompt, newline=False)return self._recvall()def close(self):self.send(b"Remember to solve me later~")self.request.close()def cal(self):from Crypto.Util.number import getRandomNBitIntegerk = 2753645094n = 17968909282851700307c = getRandomNBitInteger(56)a = getRandomNBitInteger(36)b = (a * k + c) % nself.send(b'[+] k = ' + str(k).encode())self.send(b'[+] n = ' + str(n).encode())self.send(b'[+] a = ' + str(a).encode())self.send(b'[+] b = ' + str(b).encode())self.send(b'[+] b = (a * k + c) % n')self.send(b'Please give me c:')return self.recv(prompt=b'[+] c = ').decode() == str(c)def handle(self):for turn in range(num):if not self.cal():self.send(b"It's wrong. Please try again!")returnelse:self.send(b'Good job!')self.send(b'the encflag is = ' + str(flag).encode())class ThreadedServer(socketserver.ThreadingMixIn, socketserver.TCPServer):passclass ForkedServer(socketserver.ThreadingMixIn, socketserver.TCPServer):passif __name__ == "__main__":HOST, PORT = '0.0.0.0', 80server = ForkedServer((HOST, PORT), Task)server.allow_reuse_address = Trueserver.serve_forever()

因为不知道它什么时候结束,只能读到爆为止

from pwn import *p = remote('124.71.215.231', 2223)
context.log_level = 'debug'
def aaa():k = eval(p.recvline().split(b' = ')[1])n = eval(p.recvline().split(b' = ')[1])a = eval(p.recvline().split(b' = ')[1])b = eval(p.recvline().split(b' = ')[1])print(k,n,a,b)c = (b - a*k)%np.sendlineafter(b'[+] c = ', str(c).encode())res = p.recvline()return b'Good' in reswhile True:aaa()'''
[DEBUG] Received 0x92 bytes:b'[+] k = 2753645094\n'b'[+] n = 17968909282851700307\n'b'[+] a = 67398904367\n'b'[+] b = 5963091574066878625\n'b'[+] b = (a * k + c) % n\n'b'Please give me c:\n'b'[+] c = '
2753645094 17968909282851700307 67398904367 5963091574066878625
[DEBUG] Sent 0x12 bytes:b'59522051419156197\n'
[DEBUG] Received 0x4f bytes:b'Good job!\n'b"the encflag is = b'U1lDezEwMDBfTENHX0BuZF95MHVfa24wd18zaGVfZjFAZ30='\n"
'''

Anime picture

一个非常长的程序

from PIL import Image
from Crypto.Util.number import *
from numpy import array, zeros, uint8
from random import randint
from secret import x,y
import cv2
import hashlib
import gmpy2def gen_key(a,b):key = ''for i in range(len(a)):if a[i] >= '1' and a[i] <= '9':key += '0'else:key += '1'for j in range(len(b)):if b[j] >= '1' and b[j] <= '9':key += '1'else:key += '0'return keydef add(n):s = 0for i in range(0,len(n),2):s += int(n[i])return simage = cv2.imread("flag.jpg")
img_array = array(image)
dim1 = len(img_array)
dim2 = len(img_array[0])
dim3 = 3
count = 0
a = randint(1,2**64)
b = randint(1,2**64)assert a * x + b * y == gmpy2.gcd(a, b)
tmp_1 = hashlib.md5(str(x).encode('utf-8')).hexdigest()
tmp_2 = hashlib.md5(str(y).encode('utf-8')).hexdigest()
key = gen_key(tmp_1,tmp_2)for i in range(len(key)):if key[i] == '1':count += 1else:continues = add(key)
enc_img = zeros(shape=[dim1, dim2, dim3], dtype=uint8)
for t in range(0,count):for i in range(0, dim1):for j in range(0, dim2):for k in range(0, dim3):enc_img[i][j][k] = (img_array[i][j][k] ^ (s + int(key)%3))s += 3enc_array = Image.fromarray(enc_img)
enc_array.show()
enc_array.save("encflag.jpg")
print("a = ",a)
print("b = ",b)'''
a = 12071216147395236101
b = 12613118707743158458
'''

题目长到不想看,就是把一个东西加密成写成图片,其实这跟图也没啥关系就是个数据。因为前边有md5然后再把数据变成01也基本不可逆。唯一办法就是爆破,不过对于jpg图来说,差点也没关系,大概能看出来就行,眼的容错率很高

from PIL import Image
from Crypto.Util.number import *
from numpy import array, zeros, uint8
import cv2
import hashlib
import gmpy2'''
tmp_1 = hashlib.md5(str(x).encode('utf-8')).hexdigest()
tmp_2 = hashlib.md5(str(y).encode('utf-8')).hexdigest()
key = gen_key(tmp_1,tmp_2)for i in range(len(key)):  #根据key计算count MD5 64位16进制 count<128if key[i] == '1':count += 1else:continues = add(key)
enc_img = zeros(shape=[dim1, dim2, dim3], dtype=uint8)
for t in range(0,count):for i in range(0, dim1):for j in range(0, dim2):for k in range(0, dim3):enc_img[i][j][k] = (img_array[i][j][k] ^ (s + int(key)%3))s += 3
'''image = cv2.imread("encflag.jpg")
img_array = array(image)
dim1 = len(img_array)
dim2 = len(img_array[0])
dim3 = 3#s<64
ps = 0
for key_3 in range(1):for count in range(128):for s in range(64):ps = senc_img = zeros(shape=[dim1, dim2, dim3], dtype=uint8)for t in range(0,count):for i in range(0, dim1):for j in range(0, dim2):for k in range(0, dim3):enc_img[i][j][k] = (img_array[i][j][k] ^ (s + key_3))s += 3enc_array = Image.fromarray(enc_img)enc_array.save(f"./img/f{key_3}_{count}_{ps}.jpg")#SYC{not_n1c0_Nico_n1_1t_i5_l0velive}

 这个程序会生成很多图片,每过一段就会越来越清楚,比较清楚的就能看到flag

 

Crypto1957

最后几个题干脆名字都没有了。这个把flag与密文异或

from Crypto.Util.number import * 
from flag import flag key = bytes_to_long(flag) 
f = open('message.txt','r').read().split('\n')
cipher = open('cipher.txt','w') 
for i in f: i = bytes_to_long(i.encode()) c = i ^ key cipher.write(hex(c)[2:]+'\n') 
cipher.close()

好像也没有好办法,前一段作一题叫snake就是一个个字母猜,开头有4个已知SYC{拿这个异或后得到一堆数据

0 b'The '
1 b'd by'
2 b'cord'
3 b' by '
4 b'sinc'
5 b' if '
6 b'5 de'
7 b'rota'
8 b'e el'
9 b'put '
10 b'ol s'
11 b'le f'
12 b' its'
13 b' is '
14 b'd as'
15 b'"lea'
16 b'ying'
17 b' in '
18 b'et w'
19 b'f th'
20 b'four'
21 b' tar'
22 b'n an'
23 b' fro'
24 b' mis'
25 b'ngle'
26 b'ptio'
27 b' ang'

 这里可以猜的字符很多,比如19行猜是the,14行后边可能是空格,这样用程序辅助一个个猜。单词猜中的面还是比较大的,而且越往后越容易。

c = open('cipher.txt','r').read().split()
a = [bytes.fromhex(i) for i in c[:-1]]
#print(a)
flag = b'SYC{' #b'SYC{A1m9_1nfr4r3d_guid4nc3}'
flag+= bytes([a[19][len(flag)]^ord('e')])
print(flag)
for i,v in enumerate(a):print(i, bytes([v[j]^flag[j] for j in range(len(flag))]))

Crypto20xx

给了c和一个缺两位的公钥

-----BEGIN PUBLIC KEY-----
MC??DQYJKoZIhvcNAQEBBQADGwAwGAIRAIO444FSJFXBf/yDN67IcCMCAwZpnQ==
-----END PUBLIC KEY-----c = 85806005072257465677925369913039323947  

因为就差两位,基本上就等于直接给了,爆破出来就行,而且公钥非常小,很容易分解

 

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from Crypto.Util.number import long_to_bytes
from gmpy2 import inverta = 'MC??DQYJKoZIhvcNAQEBBQADGwAwGAIRAIO444FSJFXBf/yDN67IcCMCAwZpnQ=='b64s = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'for i in b64s:for j in b64s:c = a[:2]+i+j+a[4:]kstr = "-----BEGIN PUBLIC KEY-----\n"+c+"\n-----END PUBLIC KEY-----\n"try:f = kstr.encode()pub = RSA.importKey(f)print('n,e=',pub.n,',',pub.e)except:pass c = 85806005072257465677925369913039323947             
n,e= 175088864422629078008785584658147995683 , 420253
p = 12865536769562115787
q = 13609137928614252809
phi = (p-1)*(q-1)
d = invert(e,phi)
m = pow(c,d,n)
print(long_to_bytes(m))
#Panzer_Vor!
#SYC{Panzer_Vor!}  

Crypto1976

这个题给了个远程,就是算 e=(r*h+p)%q 的p,其中e,h,q已知

import signal 
from Crypto.Util.number import *
import gmpy2 as gp 
import random 
import hashlib 
from secret import flag def gen(self,bound):q=getPrime(bound)bound1=int(gp.iroot(q//2,2)[0])bound2=int(gp.iroot(q//4,2)[0])while True:f,g=random.randint(1,bound1),random.randint(bound2,bound1)if gp.gcd(f,q*g) == 1 :breakh=(gp.invert(f,q)*g)%qreturn q,h,f,g def gen_m(self,bound):p=getPrime(gp.iroot(bound//4,2)[0])p_=long_to_bytes(p)hash=hashlib.md5()hash.update(p_)return p,hash.hexdigest() def dec(self,e,f,g,q):a=f*e%q b=gp.invert(f,g)*a%g return b def check(self,rec,hash):hash_=hashlib.md5()hash_.update(rec) if hash == hash_.hexdigest():return 1else:return 0signal.alarm(60)
bound=1024
f=1
for i in range(50):q,h,f,g=gen(bound)p,hash=gen_m(bound)r=getPrime(bound//2)e=(r*h+p)%q     print(b'q= '+f'{q}'.encode()+b'\n'+b'h= '+f'{h}'.encode()+b'\n'+b'e= '+f'{e}'.encode()+b'\n')rec = input(b'Input md5 p: ')if rec.decode() == hash:print(b'YES!')continueelse:print(b'NO!')f=0break
if f :print(flag) 

这个题是一个很标准的NRTU,也就是求最短向量问题(SVP),先前存了个模板,直接套就行了。

from pwn import *
import hashlib
from Crypto.Util.number import long_to_bytesio = remote('124.71.215.231', 1145)
context.log_level = 'debug'def get_v():#c = rh + m mod pp = eval(io.recvline().split(b'= ')[1])h = eval(io.recvline().split(b'= ')[1])c = eval(io.recvline().split(b'= ')[1])print(p,h,c)M = matrix(ZZ, [[1,h],[0,p]])f,g = shortest_vector = M.LLL()[0]if f<0:f = -f if g<0:g = -ga = f*c % p % gm = a * inverse_mod(f, g) % gprint('m = ', m)hs = hashlib.md5()hs.update(long_to_bytes(m))v = hs.hexdigest()print('v = ', v)io.sendlineafter(b'Input md5 p: ', v.encode())io.recvline()for i in range(50):get_v()print(p.recvline())

 

Crypto1985

这题以前没遇到过LWE问题有提示,网友给了搜到的贴子

from Crypto.Util.number import * 
import gmpy2 as gp 
from secret import flag
m = 132
n = 400
p = 3
q = 2^20def gen_mat():return matrix(ZZ, [[q//2 - randrange(q) for _ in range(n)] for _ in range(m)])rp,rq = getPrime(m*3),getPrime(400)   
sp,sq = bin(rp)[2:] ,bin(rq)[2:]
A, B, C = gen_mat(), gen_mat(), gen_mat()x = vector(ZZ, [int(sp[i]) for i in range(0,m)])
y = vector(ZZ, [int(sp[i]) for i in range(m,2*m)]) 
z = vector(ZZ, [int(sp[i]) for i in range(2*m,3*m)]) 
e = vector(ZZ, [int(i) for i in sq]) 
c = x*A+y*B+z*C+eflag = bytes_to_long(flag) 
n = rp * rq 
re=65537 
h = gp.powmod(flag,re,n) print('A = \n',A)
print('B = \n',B) 
print('C = \n',C)
print('c = ',c)
print('h = ',h)
print('n = ',n)#

把p(396位)分成3段,分别乘上个随机矩阵,然后加一起再加上q,这里q分成位0和1,对于LWE就是那个误差,解法直接套。p这396位先合到一起,组成矩阵,ABC合到一起,求出误差e来取前400位就是q

from text import *#A,B,C,c
M = matrix(ZZ, 0, 400)for t in [A,B,C]:for r in t:M = M.stack(vector(r))c = matrix(ZZ, c)# c = X*M + e
z = matrix(ZZ, [0 for _ in range(396)]).transpose()
beta = matrix(ZZ, [1])
T = block_matrix([[M, z], [matrix(c), beta]])L = T.LLL()
print(L[0])#e = (1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1)
q = int(''.join([str(i) for i in L[0][:400]]), 2)
p = n//q
m = pow(h,inverse_mod(65537,(p-1)*(q-1)),n)
print(bytes.fromhex(hex(m)[2:]))
#{afb65e240bf2b8c5d67756967e2ec2d6}
#SYC{afb65e240bf2b8c5d67756967e2ec2d6}


http://www.ppmy.cn/news/238252.html

相关文章

JS十六进制,CRC冗余,小程序发送蓝牙数据,十六进制GBK编码转换等

小程序问题&#xff1a;https://kf.qq.com/faq/170705YVZFZZ170705eyI7Rr.html 1.十六进制大端转小端 //十六进制大端转小端dataConversion(data) {data data.replace(/\s/g, ).replace(/(.{2})/g, "$1 ");data data.split(" ").reverse().join("…

2021/09/13笔记

我们于2021/09/13 的学习目标是:SpringSecurity&#xff0c;核心任务为: 1、学习技术: 1&#xff09;、SpringSecurity简介 2&#xff09;、SpringSecurity快速入门 3&#xff09;、UserDetailsService 4&#xff09;、BCryptPasswordEncoder 5&#xff09;、自定义登录 …

10__jsp入门el表达式入门CookieSession

jsp入门&el表达式入门&Cookie&Session 第一部分&#xff1a;jsp入门和el表达式入门 1. jsp的入门 1.1 什么是jsp&#xff1a; &#xff08;1&#xff09;sun公司用于动态网站开发技术servlet&#xff0c;因为使用servlet如果向页面输出内容很麻烦&#xff0c;有…

python模块之feedparser学习使用

今天在看书的时候无意间发现了一个号东西就是feedparser模块&#xff0c;feedparser 号称是一个 universal feed parser&#xff0c;使用它我们可轻松地实现从任何 RSS 或 Atom 订阅源得到标题、链接和文章的条目了&#xff0c;这个号称并不是说的话&#xff0c;是因为这个模块…

收集一些c/c++技术

下面是整理的一些c/c方面的相关代码demo&#xff0c;后续将持续更新下去。 这是单独稍微大一些的项目地址&#xff08;给出博客地址&#xff0c;博客中附带项目git地址&#xff09;&#xff1a;、 标题&#xff1a; 扫雷小游戏 (22条消息) 基于QT开发的扫雷小游戏_GT199309…

进入IT领域,多久能月入过万?

当下打拼的很多人都有这样的困惑&#xff1a;刚毕业或者工作时间不长&#xff0c;也有一些基本技能&#xff0c;对未来有美好憧憬&#xff0c;一身干劲&#xff0c;却拿着微薄的薪水过着捉襟见肘的生活。 有些同龄人进入IT领域后快速升职加薪&#xff0c;观望者经常会问&#…

QMI8658 - 姿态传感的零偏(常值零偏)标定

1. 零偏 理论上在静止状态下三轴输出为0,0,0&#xff0c;但实际上输出有一个小的偏置&#xff0c;这是零偏的静态分量&#xff08;也称固定零偏&#xff09;。 陀螺生产出来后就一直固定不变的零偏值。对于传统的高性能惯性器件来说&#xff0c;该误差在出厂标定时往往就被补偿…

使用spring的优势

使用spring的优势 1、Spring通过DI、AOP和消除样板式代码来简化企业级Java开发 ​2、Spring框架之外还存在一个构建在核心框架之上的庞大生态圈&#xff0c;它将Spring扩展到不同的领域&#xff0c;如Web服务、REST、移动开发以及NoSQL ​3、低侵入式设计&#xff0c;代码的…

【电泳仪品牌】生科必知的电泳仪品牌

推荐阅读&#xff1a; 《利斧科学&#xff08;CLS)电泳个性化定制解决方案》 hi~大家好&#xff01;我是三三。今天和大家来分享下实验室里的那些电泳那些事儿&#xff01; 话说电泳可以说是我们实验室里很常用的主儿了&#xff01;不管是蛋白质、核酸、细胞、病毒等&#xf…

Spring的好处及特点

Spring是一个轻量级控制反转&#xff08;IOC&#xff09;和面向切面&#xff08;AOP&#xff09;的容器框架&#xff0c;它主要是为了解决企业应用开发的复杂性而诞生的。 目的:解决企业应用开发的复杂性。 功能&#xff1a;使用基本的javaBean代替EJB. 范围&#xff1a;任何的…

2023年品牌营销趋势是什么?如何提升品牌知名度

从过去一年我们都能够感受到&#xff0c;有很多消费品企业和个体&#xff0c;在面临大环境挑战的时候经历了低谷期和迷茫期。那么从广告营销方面来说&#xff0c;2023年品牌营销趋势是什么呢?今天跟大家聊一聊2023年品牌营销5大趋势。 随着消费多元化时代的到来&#xff0c;品…

【模电实验】运算放大器构成的温度闭环控制系统的研究

运算放大器构成的温度闭环控制系统的研究 —、实验目的 设计并连接运算放大器构成的温度闭环控制系统&#xff0c;测量并调试该闭环控制系统&#xff0c;初步形成闭环控制的概念。 二、温度闭环控制系统的工作原理 图1所示为温度闭环控制系统框图&#xff0c;各部分工作原理…

什么是Spring、Spring的优点

什么是Spring Spring是一个开源框架&#xff0c;Spring是于2003年兴起的一个轻量级的Java开发框架&#xff0c;由Rod Johnson在其著作Expert One-On-One J2EE Development and Design中阐述的部分理念和原型衍生而来。它是为了解决企业应用开发的复杂性而创建的。框架的主要优…

浪潮的“Inspur品牌”

在人们的印象中&#xff0c;浪潮很老&#xff0c;浪潮很大&#xff0c;分支繁多&#xff0c;真可谓“老、大、多”。4月9日&#xff0c;我去了一趟浪潮&#xff0c;对浪潮有了新的亲身体验。 当前&#xff0c;整个浪潮“集团”&#xff08;它有许多分支机构&#xff09;在“Ins…

Java--Spring入门

一、Spring简介 &#xff08;一&#xff09;简介 Spring 是于 2003 年兴起的一个轻量级的 Java 开发框架&#xff0c;它是为了解决企业应用开发的复杂性而创建的 Spring 的核心是控制反转&#xff08;IoC&#xff09;和面向切面编程&#xff08;AOP&#xff09;。Spring 是可以…

RTU厂家,RTU品牌.遥测终端机厂家,遥测终端机品牌,DTU厂家DTU品牌

时常有人搜索哪家RTU稳定可靠&#xff0c;哪个品牌的遥测终端机好用等等&#xff0c;随着国内物联网行业的蓬勃发展&#xff0c;市场对RTU和遥测终端机的需求也随之暴增&#xff0c;如何选择正确的RTU和遥测终端机厂家品牌就非常关键了&#xff0c;以下简单说明一下选购方式。 …

JavaEE、Spring

目录 一、Spring系统架构 二、核心概念 三、IoC入门案例 四、DI入门案例 五、bean (使用XML配置bean) 1、基础配置 2、bean别名配置 3、bean作用范围 4、bean的实例化 1、通过构造器实例化bean 2、通过静态工厂实例化bean 3、通过实例工厂实例化bean 4、通过BeanFacto…

JAVA 中 Redis与ehcache对比与使用

第一&#xff1a;两者之间的介绍 Redis&#xff1a;属于独立的运行程序&#xff0c;需要单独安装后&#xff0c;使用JAVA中的Jedis来操纵。因为它是独立&#xff0c;所以如果你写个单元测试程序&#xff0c;放一些数据在Redis中&#xff0c;然后又写一个程序去拿数据&#xff…

品牌声量是什么?怎么查询统计品牌声量?

品牌声量的定义 品牌声量&#xff08;Brand Volume &#xff09;意味在特定时间内、某个渠道/平台&#xff08;微博、抖音、小红书等社交媒体、电商、新闻、论坛等&#xff09;上、舆情事件/热点话题中&#xff0c;品牌被提及的总数。是一个重要的衡量品牌在社会化媒体平台上健…

Spring的优势

1、Spring通过DI、AOP和消除样板式代码来简化企业级Java开发 2、Spring框架之外还存在一个构建在核心框架之上的庞大生态圈&#xff0c;它将Spring扩展到不同的领域&#xff0c;如Web服务、REST、移动开发以及NoSQL 3、低侵入式设计&#xff0c;代码的污染极低 4、独立于各种…
最新文章