[zer0pts CTF 2022] Anti-Fermat

task.py

from Crypto.Util.number import isPrime, getStrongPrime
from gmpy import next_prime
from secret import flag

# Anti-Fermat Key Generation
p = getStrongPrime(1024)
q = next_prime(p ^ ((1<<1024)-1))
n = p * q
e = 65537

# Encryption
m = int.from_bytes(flag, 'big')
assert m < n
c = pow(m, e, n)

print('n = {}'.format(hex(n)))
print('c = {}'.format(hex(c)))

$pq = n$ is given, $p+q = 2^{1024}+k$ for small $k$(By prime number theorem, $k$ is approximately 1024)

 

Therefore $p, q$ can be recovered by solving quadratic equation $x^2 - (2^{1024}+k)x + n$ for $k = 1, 2, \dots$.

 

solver.py

from Crypto.Util.number import *
import math

N = 0x1ffc7dc6b9667b0dcd00d6ae92fb34ed0f3d84285364c73fbf6a572c9081931be0b0610464152de7e0468ca7452c738611656f1f9217a944e64ca2b3a89d889ffc06e6503cfec3ccb491e9b6176ec468687bf4763c6591f89e750bf1e4f9d6855752c19de4289d1a7cea33b077bdcda3c84f6f3762dc9d96d2853f94cc688b3c9d8e67386a147524a2b23b1092f0be1aa286f2aa13aafba62604435acbaa79f4e53dea93ae8a22655287f4d2fa95269877991c57da6fdeeb3d46270cd69b6bfa537bfd14c926cf39b94d0f06228313d21ec6be2311f526e6515069dbb1b06fe3cf1f62c0962da2bc98fa4808c201e4efe7a252f9f823e710d6ad2fb974949751
C = 0x60160bfed79384048d0d46b807322e65c037fa90fac9fd08b512a3931b6dca2a745443a9b90de2fa47aaf8a250287e34563e6b1a6761dc0ccb99cb9d67ae1c9f49699651eafb71a74b097fc0def77cf287010f1e7bd614dccfb411cdccbb84c60830e515c05481769bd95e656d839337d430db66abcd3a869c6348616b78d06eb903f8abd121c851696bd4cb2a1a40a07eea17c4e33c6a1beafb79d881d595472ab6ce3c61d6d62c4ef6fa8903149435c844a3fab9286d212da72b2548f087e37105f4657d5a946afd12b1822ceb99c3b407bb40e21163c1466d116d67c16a2a3a79e5cc9d1f6a1054d6be6731e3cd19abbd9e9b23309f87bfe51a822410a62


# x^2 + (2^1024 + i)x + n
for i in range(1000000):
  b = (1<<1024)+i
  c = N
  D = b*b - 4*c
  Dsqrt = math.isqrt(D)
  if Dsqrt**2 != D:
    continue
  print(i)
  p = (b - Dsqrt)//2
  q = N//p
  assert(p*q==N)
  phi = (p-1)*(q-1)
  e = 65537
  d = pow(e,-1,phi)
  print(long_to_bytes(pow(C,d,N)))
  break

 

'CTF > Crypto' 카테고리의 다른 글

[zer0pts CTF 2022] ok  (0) 2022.03.22
[zer0pts CTF 2022] EDDH  (0) 2022.03.22
[zer0pts CTF 2022] CurveCrypto  (0) 2022.03.22
[zer0pts CTF 2022] Anti-Fermat  (0) 2022.03.22
[Codegate 2022] PrimeGenerator  (0) 2022.02.28
[2021 PBCTF] Steroid Stream  (2) 2021.10.11
[2021 PBCTF] Alkaloid Stream  (2) 2021.10.11
  Comments
댓글 쓰기