4、cipher text
{920139713,19}
704796792
752211152
274704164
18414022
368270835
483295235
263072905
459788476
483295235
459788476
663551792
475206804
459788476
428313374
475206804
459788476
425392137
704796792
458265677
341524652
483295235
534149509
425392137
428313374
425392137
341524652
458265677
263072905
483295235
828509797
341524652
425392137
475206804
428313374
483295235
475206804
459788476
306220148
RSA algorithm description:
(1) Choose a pair of different prime numbers p, q that are large enough.
(2) Calculate n=pq.
(3) Calculate f(n)=(p-1)(q-1), and keep p and q strictly confidential, so that no one will know.
(4) Find a number e that is relatively prime to f(n), and 1<e<f(n).
(5) Calculate d such that de≡1 mod f(n). This formula can also be expressed as (d*e-1)% f(n)=0
Here to explain, ≡ is the symbol for congruence in number theory. In the formula, the left side of the ≡ symbol must be congruent with the right side of the symbol, that is, the result of the modulo operation on both sides is the same.
Obviously, no matter what value f(n) takes, the result of 1 mod f(n) on the right side of the symbol is equal to 1, and the product of the product of d and e on the left side of the symbol must also be equal to 1.
This requires calculating the value of d so that this congruence equation can be established.
(6) Public key KU=(e,n), private key KR=(d,p,q).
(7) When encrypting, first transform the plaintext into an integer M from 0 to n-1. If the plaintext is longer, it can be divided into appropriate groups and then exchanged. If the ciphertext is C,
then the encryption process is: C≡M^e(mod n).
(8) The decryption process is: M≡C^d(mod n).
The information given in the above question is the public key={n = 920139713, e = 19}, and the others are ciphertext.
So the first step we need to do is to decompose the large integer 920139713 to find p, q.
Then the second step finds the key d.
Finally, the third step solves the plaintext.
Source code:
#py -3
#coding=utf-8
import math
# 1、分解小整数的质因子,求出p,q
def dissassemble(n):
temp = 2
while temp < math.sqrt(n):
#找到一个素因子为止,因为RSA算法中n是由两个素数的乘积得来的
if (n % temp == 0):
#python中的除法默认为浮点型数,会保留一位小数,如果不加int()的话结果会有一位.0小数
print("大整数分解的两个素数p,q为:",temp, int(n / temp))
break
else:
#采用的是递加1的方式,如果整数比较大则需要采用大步小步算法或生日悖论概率算法来分解
temp += 1
euler = getEuler(temp, int(n / temp))
print('f(n)欧拉函数值p*q为:',euler)
return euler
# 2、求欧拉函数f(n)
def getEuler(prime1, prime2):
return (prime1 - 1) * (prime2 - 1)
# 3、求私钥d 19d - 920071380k= 1
def getDkey(e, eulervalue): # 也可以用辗转相除法求逆元
k = 1
#因为是在mod 欧拉函数值(Eulervalue)的域下,19d = 1,所以只能从1开始一个一个试k
while True:
#直到有一个k使得等式成立,即算出私钥d
if (((eulervalue * k) + 1) % e) == 0:
#直接用int转换也可以获得一样精度的d
#x = (eulervalue * k + 1) / e
#print("失去精度的d",int(x))
#直接使用库函数计算除法
(d, m) = divmod(eulervalue * k + 1, e)
# 避免科学计数法最后转int失去精度
return d
k += 1
if __name__ == '__main__':
#大整数n
n = 920139713
print("大整数为:",n)
#求出欧拉函数值
euler = dissassemble(n)
#求私钥
d = getDkey(19, euler)
print('私钥为: %d' % d)
c = [704796792, 752211152, 274704164, 18414022, 368270835, 483295235, 263072905, 459788476, 483295235, 459788476,663551792,475206804, 459788476, 428313374, 475206804, 459788476, 425392137, 704796792, 458265677, 341524652, 483295235, 534149509,425392137, 428313374,425392137, 341524652, 458265677, 263072905, 483295235, 828509797, 341524652, 425392137, 475206804,428313374,483295235, 475206804, 459788476, 306220148]
L = []
#求明文对应的ascii码
for x in c:
L.append(pow(x, d, n))
print("明文对应的ascii码:",L)
# 明文ascii表对应的明文字符
print("明文ascii表对应的明文字符串:",end='')
for x in L:
print(chr(x), end='')
print()
Screenshot of experimental results:
Plain text string decrypted by RSA algorithm: flag{13212je2ue28fy71w8u87y31r78eu1e2}