9.12 RSA

To review some types of problems solved today.

1.

Just using brute force to factorize the n, as long as we find the p and q, we can easily calculate the rest key var.

2.

The n is really large, but we find that e is small enough, for example, we have a 600-bit n but e is 3, we can assume that we have the equal as follows:

c ≡ m^e (mod n)
c ≡ m^3 (mod n)
m^3 = n*k + c

Notice that k is quite small, so we could use gmpy2 to iroot it:

for k in range(1,10):
	if gmpy2.iroot(n*k+c,3)[0] == True:
		print(gmpy2.iroot(n*k+c,3)[1])

We are supposed to be familiar with the use of iroot.
If it can be iroot, [0] will return True, and the value lie in [1].

3.

Some problems will provide some other parameters like p+q, p-q, (p+1)(q+1).
Remeber what is key to the solution, we just need n and φ, so that only pq and (p-1)*(q-1) is key to us.
We can construct an equal and use the Viete Theroem to transfer the condition we get.Just some basic maths skills is required.

4.

There are some problems which provide condition without $e.
However, according the chosen process of e, we can easily use for to enumerate every e that available, and check if 'flag' or 'CTF' or other keywords are in it.
Here are some use of the functions of gmpy2, primefac:

def modinv(a,n):
	return primefac.modinv(a,n) % n
def gcd(a,b):
	return gmpy2.gcd(a,b)

m = pow(c,d,n)
flag = str(long_to_bytes(m))
if 'flag' in flag:
	print(flag)

Personally speaking, the type of variable is really annoying, for the reason that I frequently recieve the Error while coding in Python.
There are still some other methods, such as use libnum to transfer byte to str, the more you know, the quicker you solve.

---

Above all, these are just a small part of the great RSA, there are some difficult problems which requires proficiency in number theory, it still takes time to study. Forza!