0xDktb's Blog

[题目考点] DH-MIMT RSA私钥低位泄露引起的CopperSmith攻击 (预期解是解同余方程) [题目文件]Click Here to Download [题解分析]Encryption 1234567891011121314# Step 1aes = AES.new(key, AES.MODE_ECB)flag = adaptmessage(flag) # right padding ...

LCG - BasisTheorem[前置知识] $S_{n+1}\equiv aS_{n}+b(mod\ m)$，$S_{0}$为对应种子. 在$F_{m}$上（m取大素数），若$gcd(a,m)=1$，则周期$T=ord_{m}(a)$. 所以选取系数时应尽量使得a为模m的原根，以此尽量延长LCG周期，同时也要避免$S_{0}=S_{bad}$. LCG - Unknown (a, b)The ...

Stream Cipher - Many Time PadTheorem 流密钥循环使用 猜测密钥长度 Hamming Distance（二进制下两个等长字符串的比特位差异） 大小写英文字符两两的平均Hamming距离为2 ~ 3，而任意字符两两的平均Hamming距离为4 \therefore Assumed\quad c1=p1\oplus key,c2=p2\oplus key\\\\ ...

Basis基于子集和问题 - $a_{1}x_{1}+…+a_{n}x_{n}=E;\quad x_{i}\in\{0,1\}.$ Proved to be NP-hard. 但Merkle-Hellman cryptosystem存在trapdoor. Merkle-Hellman cryptosystemKey-Generation 有随机超递增序列$w=(w_{1},w_{2},…,w_{n ...

Chapter 3 Algorithm for the Closest and Shortest Vector Problems3.1 Babai’s Rounding TechniqueTheorem 3.1.1. Given a vector we can write $\underline{\omega}=\sum_{i=1}^{n}\alpha_{i}\underline{b_ ...

Chapter 1 Lattice1.1 Basic Notions on LatticesDefinition 1.1.1. Let $\{\underline{b}_{1},…,\underline{b}_{n}\}$ be a linearly independent set of (row) vectors in $R^{m}(m\geq n)$. The lattice ge ...

RSA - How to Use opensslGiven flag.enc, pubkey.pem/pub.key 1openssl rsa -pubin -text -modulus -in warmup -in pubkey.pem Then we get (e, n), after getting d: 1234from Crypto.Util.number import bytes_ ...

白盒审计 12345678910111213141516171819202122232425262728293031323334353637<?phpfunction is_valid_url($url) { if (filter_var($url, FILTER_VALIDATE_URL)) { if (preg_match('/data:\/\// ...