defFermat_factor(n): """ :param n: 传入要分解的大整数n :return: 返回分解完成的素数p、q """ a = gmpy2.iroot(n,2)[0] whileTrue: B_pow2_candidate = pow(a,2) - n
if gmpy2.is_square(B_pow2_candidate): b = gmpy2.iroot(B_pow2_candidate,2)[0] p = a + b q = a - b if n % p == 0and p > 1and p != n: print("✅factor success!") return p,q a = a + 1
''' n = 115637000420176820831322601039129424406844427046456738651883381559357542765613732363445112111006849040385859313572091386802534464534403117787314180179562651607533039692795522388596550968316951090748054495960090527479954143448774136390568881020918710834542819900918984139672802889774720153267841255456602500057 e = 65537 c = 98161406745910866780822530171878255235776133393411573803496865047700715941955255328757920065032397556905095591171977170479344602512244671081108703687450560269408412671849929423399172588599903975793985819498354819305128607934552101433664794909855378636055525016664559476808490723554481335856183927702549281730 '''
defFermat_factor(n): """ :param n: 传入要分解的大整数n :return: 返回分解完成的素数p、q """ a = gmpy2.iroot(n,2)[0] whileTrue: B_pow2_candidate = pow(a,2) - n
if gmpy2.is_square(B_pow2_candidate): b = gmpy2.iroot(B_pow2_candidate,2)[0] p = a + b q = a - b if n % p == 0and p > 1and p != n: print("✅factor success!") return p,q a = a + 1
n = e = 65537 c = p,q = Fermat_factor(n) phi = (p-1)*(q-1) d = gmpy2.invert(e,phi) m = pow(c,d,n) print(long_to_bytes(m)) """ b'NSSCTF{so_closed}' """
defPollard_factor(n,B): """ :param n: 传入模数n :param B: 传入光滑数B :return: 分解n之后得到的其中一个素数p """ g = random.randint(2,n) for i inrange(1,B+1): g = pow(g,i,n) p = math.gcd(g-1,n) if p != 1and p != n: print("[+]factor success!") return p
这里给一个普通遍历的Python代码,这个运算效率会低一点
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
import random import math
defPollard_factor(n,B): """ :param n: 传入模数n :param B: 传入光滑数B :return: 分解n之后得到的其中一个素数p """ x = 1 g = random.randint(2,n) for i inrange(1,B+1): x = x * i p = math.gcd(pow(g,x,n)-1,n) if p != 1and p != n: print("[+]factor success!") return p
这里再给一个加了tqdm的Python脚本:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
import random import math import tqdm defPollard_factor(n,B): """ :param n: 传入模数n :param B: 传入光滑数B :return: 分解n之后得到的其中一个素数p """ g = random.randint(2,n) for i in tqdm.tqdm(range(1,B+1),leave=True): g = pow(g,i,n) p = math.gcd(g-1,n) if p != 1and p != n: print("[+]factor success!") return p
from random import choice from Crypto.Util.number import isPrime, sieve_base as primes #from flag import flag flag = 'flag{test_flag}'
defgetPrime(bits): whileTrue: n = 2 while n.bit_length() < bits: n *= choice(primes) if isPrime(n + 1): return n + 1
e = 0x10001 m = int.from_bytes(flag.encode(), 'big') p, q = [getPrime(2048) for _ inrange(2)] n = p * q c = pow(m, e, n) print(p,q) print(n) # n = 32849718197337581823002243717057659218502519004386996660885100592872201948834155543125924395614928962750579667346279456710633774501407292473006312537723894221717638059058796679686953564471994009285384798450493756900459225040360430847240975678450171551048783818642467506711424027848778367427338647282428667393241157151675410661015044633282064056800913282016363415202171926089293431012379261585078566301060173689328363696699811123592090204578098276704877408688525618732848817623879899628629300385790344366046641825507767709276622692835393219811283244303899850483748651722336996164724553364097066493953127153066970594638491950199605713033004684970381605908909693802373826516622872100822213645899846325022476318425889580091613323747640467299866189070780620292627043349618839126919699862580579994887507733838561768581933029077488033326056066378869170169389819542928899483936705521710423905128732013121538495096959944889076705471928490092476616709838980562233255542325528398956185421193665359897664110835645928646616337700617883946369110702443135980068553511927115723157704586595844927607636003501038871748639417378062348085980873502535098755568810971926925447913858894180171498580131088992227637341857123607600275137768132347158657063692388249513 # c = 26308018356739853895382240109968894175166731283702927002165268998773708335216338997058314157717147131083296551313334042509806229853341488461087009955203854253313827608275460592785607739091992591431080342664081962030557042784864074533380701014585315663218783130162376176094773010478159362434331787279303302718098735574605469803801873109982473258207444342330633191849040553550708886593340770753064322410889048135425025715982196600650740987076486540674090923181664281515197679745907830107684777248532278645343716263686014941081417914622724906314960249945105011301731247324601620886782967217339340393853616450077105125391982689986178342417223392217085276465471102737594719932347242482670320801063191869471318313514407997326350065187904154229557706351355052446027159972546737213451422978211055778164578782156428466626894026103053360431281644645515155471301826844754338802352846095293421718249819728205538534652212984831283642472071669494851823123552827380737798609829706225744376667082534026874483482483127491533474306552210039386256062116345785870668331513725792053302188276682550672663353937781055621860101624242216671635824311412793495965628876036344731733142759495348248970313655381407241457118743532311394697763283681852908564387282605279108
from Crypto.Util.number import * import gmpy2 import tqdm n = c = #x = 2 #for i in tqdm.tqdm(range(1,104730),leave=True): # x = pow(x,i,n) # p = gmpy2.gcd(x-1,n) # if p != 1 and p != n: # print('factor success',p) # break p = 178449493212694205742332078583256205058672290603652616240227340638730811945224947826121772642204629335108873832781921390308501763661154638696935732709724016546955977529088135995838497476350749621442719690722226913635772410880516639651363626821442456779009699333452616953193799328647446968707045304702547915799734431818800374360377292309248361548868909066895474518333089446581763425755389837072166970684877011663234978631869703859541876049132713490090720408351108387971577438951727337962368478059295446047962510687695047494480605473377173021467764495541590394732685140829152761532035790187269724703444386838656193674253139 q = n // p e = 65537 phi = (p-1)*(q-1) d = inverse(e,phi) m = pow(c,d,n) flag = long_to_bytes(m) print(flag) # b'NCTF{Th3r3_ar3_1ns3cure_RSA_m0duli_7hat_at_f1rst_gl4nce_appe4r_t0_be_s3cur3}'
import random import math import tqdm defPollard_factor(n,B): """ :param n: 传入模数n :param B: 传入光滑数B :return: 分解n之后得到的其中一个素数p """ g = random.randint(2,n) for i in tqdm.tqdm(range(1,B+1),leave=True): g = pow(g,i,n) p = math.gcd(g-1,n) if p != 1and p != n: print("[+]factor success!") return p B = 104730*2
import random import math import tqdm from Crypto.Util.number import * defPollard_factor(n,B): """ :param n: 传入模数n :param B: 传入光滑数B :return: 分解n之后得到的其中一个素数p """ g = random.randint(2,n) for i in tqdm.tqdm(range(1,B+1),leave=True): g = pow(g,i,n) p = math.gcd(g-1,n) if p != 1and p != n: print("[+]factor success!") return p B = 104730*2
c= N= p = q = N//p e = 65537 phi = (p-1)*(q-1) d = inverse(e,phi) m = pow(c,d,N) for i inrange(p-1729,p): m = m * i % p m = p-m flag = long_to_bytes(m) print(flag)