526互联

红明谷2023 crypto

发布时间 2023-04-19 18:50:27作者: Sone070805

It Takes Two!

这次只有一道密码下面来简单分析一下

题目代码:

from sage.all import *
from Crypto.Util.number import *
from os import urandom
from secret import flag

n = 16
bound = 2^15

A = [ZZ.random_element(-bound, bound) for _ in range(n*n)]
A = Matrix(ZZ, n, n, A)
        
B = [ZZ.random_element(-bound, bound) for _ in range(n*n)]
B = Matrix(ZZ, n, n, B)

res = []
for i in range(5):
    bound = 2^15
    S = [ZZ.random_element(-bound, bound) for _ in range(n*n)]
    S = Matrix(ZZ, n, n, S)
    
    tmp = []
    for i in range(0, 60):
        S = S*A+B
        bound = 2^(int(S[0, 0]).bit_length())
        if i % 3 == 2:
            tmp.append(Matrix(ZZ,n,n,[ZZ.random_element(-bound, bound) for _ in range(n*n)]))
            continue
        tmp.append(S)
    res.append(tmp)
    
e = A.LLL().determinant()

p = getPrime(512)
q = getPrime(512)
n = p * q
m = bytes_to_long(urandom(int(n).bit_length() // 8 - len(flag) - 1) + flag)
c = pow(m, e, n)
h1 = pow(p+q, e, n)
h2 = pow(p-q, e, n)

f = open('双人成行.txt', 'w')
f.writelines(str(res)+'\n')
f.writelines(str(n)+'\n')
f.writelines(str(c)+'\n')
f.writelines(str(h1)+'\n')
f.writelines(str(h2)+'\n')
f.close()

题目的e是通过A矩阵做LLL求解行列式得到的,这就需要我们去还原A矩阵,然后看一下上面矩阵运算的形式,可以发现给了5组不同的S给的数据,然后每个S循环运算60次,并且只给连续两次的数据,第三次选择一个随机矩阵替换。简单联立一下就可以了,其实这个题目并不需要很多组数据,我们简单做一个推导

我们可以发现P2-S2和P1-S1都是已知的,那么直接就可以求解A还原e了,然后在解rsa的时候是存在21这个公因数的,先将e除以21解rsa,然后用一下copper开根就能得到flag了,注意一下flag是在最末尾哦

s0=[[1032613861, 106816006, -579642058, -114961986, -1407150191, 2246208215, -731032284, 1322758335, -530199387, 1086793794, 413715111, 2813583, -10408686, 2540826776, 533417175, -28576837], [1315196062, -2147222506, 1457422790, 725951720, 1932327742, 1405174748, 114563095, 49396155, -298632492, -337759408, -190063519, -347862873, 1899867670, 174485325, -738039578, 288495711], [-989605621, 3001040768, -1366155232, -2639014763, -798679913, -1505776743, -1293775967, -2083309851, 695099207, -556699855, 56109281, -262848585, -178337656, -661146821, -235304156, -156969885], [1227418579, -1425755521, 714563908, 730564391, -371777127, 1819865373, 1028304742, -961308399, 958251347, -2399967719, 2145196053, -1033384088, -133287265, 3403594236, -735798137, -1930708241], [-992200349, 273397344, 457772734, 1219170548, -2916734480, 388270161, -344453199, -80649160, -823396397, 104711252, 1397090628, -2304473497, -524670723, 2254223073, 491007648, -323393514], [169637022, 68351076, -2258520458, 2031873445, -2205681986, -746794507, -245934218, 756721845, 2952961836, 1116738808, 350540191, 653527279, -1459512536, 760827762, 851822809, -702747039], [1653656177, -1060676663, -41376980, -183951048, 1433473570, 437806435, -2719144899, -334337596, 530920363, 909476128, -2891238205, 2530738181, 2311068521, -397425506, 996330261, -210700939], [-619102845, 1213872831, 1567726850, -1217388992, -971827845, -2440116285, 286118880, 1244695933, -238692553, -876125692, -2363713770, 1734545363, 563182894, 1081453861, 321618106, -2387800976], [-898283246, 236452115, -1491597556, 2189364067, -490514498, 145128377, 621398295, -127981220, 390050013, 110820293, 199393396, -2360152115, -1891225877, 3446162277, 1106399678, -439552350], [97533185, 774478626, 3077940446, -1070775758, -30111913, -2127497063, 1327679909, 1382311938, 575995582, -1119210977, -504610272, -714458008, 1600329869, 1505305639, -2920083778, -3136072034], [684846755, 2162931633, 4404936, -3191953649, 1207044874, 2959383450, -431919033, -509260894, -2840077610, 1114589069, 1525800685, 118969700, 1395083527, -3667188934, 1229096356, 3174922403], [-283119890, -1354873881, -538463855, 1237730916, -2640119665, -2935497918, 443809548, -330638492, -16759938, -363349190, -3342717126, 2044675208, -2068023044, 1247123636, 1526993674, 343740477], [2135824102, -1465525238, 820086823, -1447137787, 3038780754, -120904544, -98058739, 446586489, -31227506, 935079622, -1902274205, 2399987653, 578058470, -2262418213, -1149997985, 926662344], [-4401261, -2805791783, -40382659, 1392106149, 214813732, -223484613, -92163972, -849389921, 311804391, -1437090329, 155084981, 2110468048, -1250841213, -2497005129, 2440158003, 404541707], [-330139748, 1541875159, -905519693, 97666158, -1423714932, -767140640, -1154873739, 140173456, 1474766572, 942065411, 163134665, 1334634385, -104414351, -44143140, 506512633, -2033363424], [-936526289, -1288157356, 63042838, 573357950, 287573906, 2396577024, -746033441, -1401408701, -1863620994, -1143137451, 1600168035, -626033143, 969189909, -204645083, 1692832029, 718951788]]
s1=[[-133595935540106, -3024619048481, -30568590003134, -21170394809528, -74284029024818, -179839781537115, -13622548754258, 4058932744998, -61310275910819, 49511521811952, -88415585834451, 133538390054171, -215532221977046, -12998081782565, -74267490172232, 72278103716321], [-29560723404421, -87183875570882, 131865915675338, -12978527501115, 8617441530848, -94884742451186, -151939864945579, 102821342306878, 34998051344836, -84228129643954, -67030067113711, 16396905899250, -35803291504199, 81299567319797, -14641155523649, -83365285747722], [28224549044370, 129129551544063, -122154097479633, 27085908628192, -46173208474388, 184805637399716, 60747207256744, -118328426287365, -3550931652917, 92711215737880, 214246463543182, -218231675924878, 108908281038108, -70824356151442, 30295102953783, 131515698012176], [41833532188499, -21720258953084, 81301647785747, -183792415267851, -48559159873408, -137844781642803, -37761157988470, -60099634163868, -99152256442598, 30377902072876, -116092040662200, 41691202572415, -193783422944475, 122923346460554, -81210479732294, -33538625901686], [-43072811522781, 125068467565293, -64267398704458, -82247872291985, -140707566063773, -54518733841603, 156727111606449, -30683545401451, -77735953198555, 49774143998011, 48325011719767, -4187414872949, -182048471531044, 101402050022510, -39920693938820, -106976031245296], [63435575231517, 65774742736715, -76975346982488, -83146988338091, -9736579521760, 1105630903474, 146578871706036, -45066073003880, -73617579860876, 43499961019342, -88615959501607, 80855419668279, 6934746903590, -88742702929629, -18615620714421, 131974880283353], [-37772148437978, -32345506373559, 134226947249194, 24715523324572, 54026981661058, -36119041641669, -105255555540184, 113110815303383, -23235465589885, -37156318174418, -40201578073249, -27886997889805, 77084208410166, -92845264661444, 38124538631710, 116007864084969], [-43790677726984, -55437348705008, 91250972359090, -38633618392576, 87232988462772, -11400811445983, 37097090765766, -164474126222259, -132593977362832, -52223190254454, 17500297705311, -35114328755235, 83314241666763, -109870499637564, -18896602811694, 27700457837568], [85939589937150, 8959858275549, -62355361281019, -7133436349692, 6537916880173, 73350700524523, 164129959874557, 37537930209275, -74176351408236, 167141590262154, -7710491210878, 11074524373897, -103063317797832, 129876145464104, -120139087266052, -9370661513334], [-111060590185861, -92303930543391, 93864724356276, -55881653253409, 11996848010549, -134261963871663, -73436570615010, -223881166995799, -48446831695132, -159859493354827, 1333001799043, -121564097903124, 33308946134289, 6142994216912, -80889859865149, -55433910323917], [-146451812016884, 137234123596961, -73622578935436, 73128718504869, -14862621478765, 19475370121355, -122749168248385, 92591155663104, 101258962359817, -18280903221549, 76878388361245, -21074400394864, 29591190638526, -13295835388300, 39556426870020, -20054425976431], [146461709495047, -94823048660884, 67350211788350, -15254639565494, 60841616819100, 142034444011743, 210318400093970, 61201255836254, -162268949036302, 89372680709339, 29729715281636, 149227714340785, 22888139376357, -190329576755533, 100969230503436, 104043700475824], [-27385696272222, -191869084955978, 124786885546385, 143080296032062, 96473630822929, -63493333443927, -185545466445583, 116395843070803, 104112965439801, -99104059329874, -92335106239364, 57402199073314, 120080370861244, -130306649362594, 69723239064693, 99974194134496], [200587262531429, 22167892090608, 120859452826373, -81827262019736, 82654944162445, 65140187075960, 52220127190213, 105800050991829, -6189766265431, 174376866199, -83958956999404, 109076335297993, 96076961817391, -52875235464354, 122424717301113, -92038728615528], [-24265856887190, 123992949524203, -61460419935849, -68900465871825, -8639863521562, -43263596396672, 77973882415822, -124252161863647, -46323504035226, -9356755444233, -49758689826389, -42584386123607, 57057271159225, -50951387241857, -11536062836040, 90440989081251], [41124672662773, 106205702908303, 22479656206929, -72964839796386, -62781628131437, 6550032378120, -45350311859125, 82866923110471, 28124227695699, 48631084669781, 23080171473644, 8946322523262, -85967668905723, 164043895079665, 19203877248916, -175156176830459]]
s2=[[-1038744461, -2304261149, 1706467358, 1032330815, -455952788, -3222247470, -1219688920, 623506697, 507300845, -1303743937, -2118507265, 1082107122, -3148738849, 3044209791, -544985702, -1623053133], [640377411, -189983295, 506229022, 313819416, -1322289757, 2945401442, 1295258635, 1698475779, -2875943517, 380423711, 1639823450, -1975737675, -803386317, 612009308, 3405596121, -499613836], [-687790509, 86421285, 750669918, -1217603677, -1797187589, -193108788, -187092438, -900309403, -1505682049, -1902279873, 812788010, -1085982968, -416990224, -894253112, 1581535328, 999022296], [-790883156, 2389187431, -696050132, 754426351, 398589640, 2236000826, -51320386, 2210436717, -900335664, 764193674, 391836473, -1827599425, 1501043641, 1221860893, 2472809835, -1996030133], [-151184965, -2694570233, 1467894, 1108375934, -1743261708, -933193722, 937183002, -956567774, 835902895, -2642908468, -521816099, 574425939, -603439673, 2110438792, -1490844491, 1346317881], [576307052, 3207259871, -3128269303, -2126591190, 522860234, 960074336, 825811210, -2495712209, 2488145489, -438910164, 1837983764, -930584045, 600559236, 2071925013, -1463837138, -2627174796], [1620040708, -928413990, -748316165, -1275518431, 1196963521, 2579666995, -559544231, 453437951, 628188997, -239396414, 1528279739, 340248475, -700484873, 1121984362, -1225240058, 1013976236], [489968320, -3299582910, -513863367, 1012475439, 250558561, 707008823, -835377008, -16478221, 380139955, -625459664, 198892499, 1800136340, -1852740634, -75227476, -171208019, 678248143], [-432132155, -2248475631, -1287520793, 2562001423, -114375524, 157038528, 2202705314, -1281810509, 1348767340, -1782027976, 1929491486, -1050224065, -2864653404, 1758463572, -844152787, -529779454], [-68231947, -398674695, 1490402626, -1218807317, 2010982083, 883325944, -264971852, -161585995, -800619258, -141226766, 1691380113, -386387695, 1067334798, -2222617907, -1925119979, -560130522], [-808646119, 2411510552, 845149557, -1144420487, 1672389560, -1416901256, 1399994351, 673084653, -1263188688, 540941311, -1061827327, -608276008, -1253686968, -348762245, -989876778, -1842348621], [1013211647, -321277357, 898753163, 449502628, 424113753, 3263492196, 1961171655, 641596949, -270956198, 239963615, 4700002246, -3285023092, -595553976, 1832599169, -1929702602, -853757798], [494122197, 191525869, -2125038343, -815033615, -438668785, 1823626816, 244471006, -600272777, -903483397, 1982573996, 1685858966, 1448171277, -2938498704, 79119354, 1114951199, 801907537], [-314573535, -3629483767, 1970559219, 616684831, -372309058, -2301748556, -3077706360, -885902782, 1167948524, -2100469349, -1073931905, 1223916525, -367018321, -972741487, -375569989, 977380873], [-34047619, -1249394671, 840958280, 239833525, -498891861, -752345719, -3135020900, -1129477581, -483236497, 1021744370, -1067412478, -705795427, 546231901, -119363038, 670065039, 873028180], [1536984333, 1274105614, -218713672, -1211954789, 1145010562, 2011978993, 2089602179, -794779998, 784054983, -642099967, 1276634167, -1332603948, 2937625205, 1539726518, -3703121775, -870892435]]
s3=[[113283594759916, -245891778717623, 115888009242277, 127421864971537, -27814032446233, -47452542818244, 151778178927627, -28536005494278, -57028479947743, 22573001623826, -28674793150839, 26093634660137, -104755320449592, -24789059147764, 62595935375623, 9595141292573], [-74202935218058, 159750812412100, 42377405850839, -145041666714306, 64434337074305, -156714204529220, 75016487192737, 68308305241097, -81280958535410, 89358792257876, -124037823322534, 173311577967822, -129964544359799, 39917711983954, -147268339454406, -217577684228089], [45505511900351, 115648009202515, 17872922776744, -70739569847513, -39587665974265, 95270221640737, 90651947019476, -4833255406459, -52151946520621, 53612789068417, 158029746981615, -38262711262679, -22846483506303, -41544792166372, 47460298997026, -123751109791488], [-127386807556975, 174324544655497, -47281995365968, -92941929821935, 110602872890272, -64237757349938, 797365585823, -65062897431235, -56547640744577, 48861639526907, -55567655008328, -41150543471929, -14355886363081, 125933765328698, -223241603345605, -128008242457406], [130628204631279, -183581868659924, 44970916435806, -43832248429300, -90850149947844, 80246233922211, 3371385316017, 4310733436047, -72674645874382, 19537316198256, 69125719823000, 120398928005469, -149042689551003, -41268372016534, 113975490059352, 52003653745580], [24404860762939, 127219910621125, -139572226662964, -122223783844941, -1359371851726, 59757058113104, -88766049028784, -184782174532877, -24070648707749, 153953236791043, 12955405810567, -161652980414824, 67254691946358, 46948271232503, -149364729140171, 228851041026444], [-51389913994753, -132377138974487, -18274876262497, 76950826092574, -75936553202789, -145885846505156, -157462185391090, 24695817336999, 69148433418557, 30351389880050, -89243220820906, 98422449697665, -182619488260336, -7024577873048, -12948653752416, 119105152629921], [98339974137374, -138688212293327, 46635837401285, 48784846316172, -38927341661032, -84390061674994, -39289333606649, 92373138930728, 62171730246297, 20702542784007, -115041653405062, 180795639438214, -119654536987543, -38953651815540, 105316594790999, 22481073984283], [217596301071155, -72407691836747, -27001716870549, -75909523810030, -5080303966037, 41302217734410, 66535249144272, 16909704121483, 5359508792418, 104225812507479, -100004432067884, 120844344500407, -101497169869730, 116741499468519, -3564716319563, -36545389349723], [-66363755172478, 8215070932929, 9528749040873, 43226664286717, -40165304275733, -121833291991811, -173543158797547, -33226068044239, 168233478149477, -112294922050116, -24619161476056, -78835795201412, 27657548357608, 90957676782127, 21895772622598, -127188829885447], [-44319666610329, -35783940441550, -40645224928014, 111413935108363, 142078018975870, 18057942365486, 27319022842548, -76502562959965, 38556546149787, 4370473606620, -12481582955233, -84893377167683, 103929911785970, 25349419527652, -68537319006817, -28538756657881], [-102816624871659, 29203999414861, -54386751397974, -75185646665918, -113493371351703, -269797447846537, -81434144520311, -42377317029205, 70861224159347, -23652324411127, -169874712510383, 62862986123806, -230276680754013, 225053247238582, -148398086262344, -134633825928798], [15465694234987, 20775583242605, -106097211014365, 57713001175370, -45670202989061, -83496505212980, 43769692164040, 71752589760256, 44473561067942, 135463699481780, -153126631218813, 195675980104141, -87667152260879, -22196075774063, 19949400243295, 131244396320941], [128605618338873, -114532556247025, 152287764827345, 66177298039238, -116136054223669, 31725562695659, 38343153490273, 60903244338956, 25535031958262, -86342350811335, 110076273576146, -72789868905366, -18324574585714, -73294972394849, 203544626587843, -56402945973912], [-6034323842310, 53706573447352, 53786769208788, 74920978069279, -122139249040903, 4725228948555, 75596902618856, 129130700137267, 21605161275718, 9169871304727, 111586117180530, -115672508793642, -13589296036639, 2916705227057, 68101201351888, -39372169279838], [-120181273561915, -31125231366239, -47931232842416, -95923717604235, -25559394051690, -72846885832384, -252459151748679, -110537660136973, 20006989320099, -51140307066395, -10155250801604, -55244159669221, -56616973382450, 88508931029797, -105804715208070, 86732953065649]]
S0 = Matrix(ZZ, s0)
S1= Matrix(ZZ, s1)
P0 = Matrix(ZZ, s2)
P1= Matrix(ZZ, s3)
a=S0-P0
b=S1-P1
A=a.solve_right(b)
e = A.LLL().determinant()
print(e)
e=183183094232895496570030296666322746922054965594187733500344545328263827233
n=126930298936285661712486297662920895162569606037310367763354747221281175771655642407136326621695910623038808779778530112406355314071209370688157872928010633181351390724545013677593062556323119308457918805555312069055604237211117650220178416298165021603211366843640334616217695418858036626587483782452105122653
c0=113627841667808982839757084973426219545127121566516056267404541633803040730885409234473068650543791446730694746311695177758797711077000091232969424826171863685060090359260225102836081852105845748467870581394884564134418376982186965340367386781824886506478939204791426457255483148486730526127180397268053506840
h1=87021607670080656750728189202811647321664825322085967432146885995538140004901574830625347954724344331514731852873721100175299656618161173874818773415684739773055620673258848991693719847569489515642296650035465632567910004553054397894647697286044465567405142149926303968235362573821060105908856127568162452912
h2=70528801000055618659638315463133504198238507722722570127215098017082205934290867816695737682738831717228470799826957490782948760796844881508632060312080331264474968266753069687287034453036854258618280625776346633340081217397502423530180647548747144401922660710323623212890923488339464759360304751017490144695
import gmpy2
from Crypto.Util.number import *
p=gmpy2.gcd(h1-h2,n)
q=n//p
d=gmpy2.invert(e//21,(p-1)*(q-1))
m=pow(c0,d,n)
print(m)
c=61299323559648566436834916974968584386427679588508428934993703189422127970956117907097154288390365825990651538598227180106136251271981523316225727452629561697796900883555140462081987790987865974646170432457914928587099103653849781355008356178185254410448643990908992268305309071506481180962780378330432488214
P.<a>=PolynomialRing(Zmod(p),implementation='NTL')
f=a^21-c
mps=f.monic().roots()

P.<a>=PolynomialRing(Zmod(q),implementation='NTL')
g=a^21-c
mqs=g.monic().roots()

for mpp in mps:
    x=mpp[0]
    for mqq in mqs:
        y=mqq[0]
        solution = long_to_bytes(CRT_list([int(x), int(y)], [p, q]))
        print(solution)
#flag{5a6814eb-8848-11ed-aee3-d812656dd8d8}