-
Notifications
You must be signed in to change notification settings - Fork 0
/
chal40.py
executable file
·57 lines (45 loc) · 1.45 KB
/
chal40.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env python
# chal40.py - RSA broadcast
#
# Copyright (C) 2015 Andrew J. Zimolzak <[email protected]>,
# and licensed under GNU GPL version 3. Full notice is found in
# the file 'LICENSE' in the same directory as this file.
from cryptopals import warn, cuberoot
import rsa
import copy
k = 3 # How many times to encrypt the same plaintext, under different
# public keys.
message = 'Hello, world! I am gonna encrypt this thrice; uh oh.'
bits = len(message) * 8 / 2
c = [None]*k
n = [None]*k
for i in range(k):
U, R = rsa.keypair(bits)
ciphertext = rsa.encrypt_string(message, U)
c[i] = ciphertext
n[i] = U[1] # the second part of the pubkey
print "public " + str(U[1])[:60] + "...."
print "ciphertext " + str(ciphertext)[:60] + "...."
decrypt = rsa.decrypt_string(ciphertext, R)
print
print "Bob gets this message:", decrypt
#### Eve
# Calculate products of the moduli (pubkeys) EXCEPT pubkey number i.
ms = [None]*k
for i in range(k):
x = copy.copy(n)
del x[i]
ms[i] = reduce(lambda a, b: a*b, x)
# Work thru Chinese Remainder Theorem
result = 0
for i in range(k):
result += c[i] * ms[i] * rsa.invmod(ms[i], n[i])
result = result % reduce(lambda a, b: a*b, n)
# Get final text
overheard = rsa.i2s(cuberoot(result))
print "Eve hears this message:", overheard
#### tests ####
assert message == decrypt
assert message == overheard
assert decrypt == overheard
warn("Passed assertions:", __file__)