Category: Crypto Points: 200 Solves: 11 Description:
p > q
n = p*q = 11461532818525251775869994369956628325437478510485272730419843320517940601808597552925629451795611990372651568770181872282590309894187815091191649914833274805419432525386234876477307472337026966745408507004000948112191973777090407558162018558945596691322909404307420094584606103206490426551745910268138393804043641876816598599064856358266650339178617149833032309379858059729179857419751093138295863034844253827963
flag = md5(str(p))
EN:
Can solve it by using Pollard P-1 Factorization Method(http://www.mersennewiki.org/index.php/P-1_Factorization_Method);
step 01:select B1
N =p*q (p>q)
q<=sqrt(N)
B1=sqrt(N)
more B1 is bigger, the more possible can find out it(?! maybe, No!)
step 02: count out E2, E3,E5 ....
2E2<=B1, 3E3<=B1 ...
E2=log(B1)/log(2)
E3=log(B1)/log(3)
E5=log(B1)/log(5)
E7=log(B1)/log(7)
...
push 2 in the z[] E2 times, push 3 in the z[] E3 times, push 5 in the z[] E5 times ...
step 03:
x=a, (a is a prime)
i=0
do
xz[i]≡a(mod n)
x=a
until gcd(n, x-1) !=1
gcd(n,x-1) is one factor of N.
#!/usr/bin/python3
import math n=11461532818525251775869994369956628325437478510485272730419843320517940601808597552925629451795611990372651568770181872282590309894187815091191649914833274805419432525386234876477307472337026966745408507004000948112191973777090407558162018558945596691322909404307420094584606103206490426551745910268138393804043641876816598599064856358266650339178617149833032309379858059729179857419751093138295863034844253827963
z=[]
prime=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997];
def gcd(a,b):
if b==0:
return a
return gcd(b,a%b) def e(a,b):
return pow(a,b)%n def mysqrt(n):
x=n
y=[]
while(x>0):
y.append(x%100)
x=x//100
y.reverse()
a=0
x=0
for p in y:
for b in range(9,-1,-1):
if(((20*a+b)*b)<=(x*100+p)):
x=x*100+p - ((20*a+b)*b)
a=a*10+b
break return a B1=mysqrt(n)
for j in range(0,len(prime)):
for i in range(1, int(math.log(B1)/math.log(prime[j]))+1):
z.append(prime[j]) #print(z) for pp in prime:
i=0
x=pp
while(1):
x=e(x,z[i])
i=i+1
y=gcd(n,x-1)
if(y!=1):
print (y)
exit(0)
if(i>=len(z)):
break
python3 sss.py, we can the number:
958483424448747472504060861580795018746355733561446016442794600533395417361061386707061258449029078376132360127073305093209304646989718030495000998517698501250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
then
n=11461532818525251775869994369956628325437478510485272730419843320517940601808597552925629451795611990372651568770181872282590309894187815091191649914833274805419432525386234876477307472337026966745408507004000948112191973777090407558162018558945596691322909404307420094584606103206490426551745910268138393804043641876816598599064856358266650339178617149833032309379858059729179857419751093138295863034844253827963
p=958483424448747472504060861580795018746355733561446016442794600533395417361061386707061258449029078376132360127073305093209304646989718030495000998517698501250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
q=11957987510443514049047696785587234758227153373363589891876816598599064856358266650339178617149833032309379858059729179857419751093138295863034844253827963
flag=md5(str(p)) = c78504a558bdb6213b9019f6925fa4ae
flag is c78504a558bdb6213b9019f6925fa4ae
CN:
这个是因子分解,用 Pollard P-1因子分解法(http://www.mersennewiki.org/index.php/P-1_Factorization_Method), pyhton3 源码看上面。
还是要看B1的选择,选择不好也是有可能解不出,解不出就重新选择,直到解出。