type
status
date
summary
password
category
slug
icon
来练习了,感觉好难啊啊啊啊啊啊啊!!!爱不了一点密码🥀写了一个多星期,比小师傅预期时间还长🥲🥲🥲🥹🥹我是废物(但素我还写了很多别的题,没有狡辩)
🐳格密码
🫣ISCTF 2022 eazy lattice
📑题目
🪄题解
c = (inverse(e, q) * useful + pow(m, e, q)) % p
构造格
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fb4eb57c5-26ad-4840-b229-407cb4b6ef7e%2FUntitled.png?table=block&id=705793bb-632f-4979-836b-47b4bd317041)
LLL格约减之后显然第一格结果就是解
求出(mod q),求出e,再求e在phi(q)下的乘法逆元d
因为m大于q,爆破一下
👀wp
🫣深育杯2021 GeGe
📑题目
🪄题解
NTRU格密码
构造格
构造A,可以规约出来f,g
👀wp
🫣HNCTF2022 little lattice
📑题目
🪄题解
已知h,p,求f,g,和上一题一样格基规约得到f,g
'NSSCTF{' + md5(bytes.fromhex(hex(f+g)[2:])).hexdigest() + '}
👀wp
🫣羊城杯202 LRSA
📑题目
🪄题解
已知
其中 已知P*P*Q,P*Q*Q,c,t,e
求P,Q
求p,q
构造格
规约出来(p-58),(q-t),t已知,可求出p,q
RSA
p,q,e,c已知,求出d,解rsa
👀wp
🫣DASCTF月赛 littleRSA
📑题目
🪄题解
一开始构造的格,规约出来的太大了
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F89a2563c-f467-4a64-99bb-04e9b1cfcf5e%2FUntitled.png?table=block&id=f61cd674-4526-476f-9188-80ada2ed243e)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F207dbee2-c3e5-426a-ab7b-7e5ce777add0%2FUntitled.png?table=block&id=f4150eb7-f340-4cf1-9d98-e6fa0879a529)
规约出来,求出p,q也可的n//p→rsa
👀wp
🫣NUSTCTF2022 eazyyy lattice
📑题目
🪄题解
e做指数不好求,这里转化为求d
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fe23de4ee-49c2-40ba-a1a5-ba18766e299c%2FUntitled.png?table=block&id=440ac31b-b350-423d-a48f-4dfcdbfd3009)
构造格
T=
规约出来T*d
d=res[0][0],求出解密指数d,解出RSA
共私钥指数攻击
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F3956d728-e8a6-4908-8b84-2e4e0fa031f6%2FUntitled.png?table=block&id=b6687cf5-fc3d-43d4-911b-d839687d48e0)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F91740ee9-4c68-48bf-b704-8bb2557833c4%2FUntitled.png?table=block&id=656c3ef8-31c7-4a84-9ba8-c82876eac658)
其中
👀wp
🫣PWNHUB2022冬季赛 大杂烩
📑题目
🪄题解
求b
POINT = (996 : 151729833458737979764886336489671975339 : 1)这椭圆曲线上的一点,,a已知,带入点可以求出b
求e
ab已知,恢复e
a, b = e & 0x3ffffffffff, e >> 42
#0b111111111111111111111111111111111111111111 (42位)
a是e的低42位
b是e的高位(除去e的后42位),eh=b,el=a
求d1,d2
构造格
同理可求d2
如果左上角不是1呢
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F4be1da23-2711-41b1-ae26-886d17494789%2FUntitled.png?table=block&id=31ba3d48-5f6a-4e24-98c1-b106457f89ab)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F456ece50-91d1-428f-93c5-75a5ff5a30fa%2FUntitled.png?table=block&id=9aaff0b1-d65b-454e-8c2c-9fa57a13d448)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fd50106be-8b1e-4caa-aa50-475a115b00a5%2FUntitled.png?table=block&id=12f58883-4262-4d60-82a1-0dc77442e5e0)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fb0c93f67-3ff3-4a49-a292-d4e1d6ea97dd%2FUntitled.png?table=block&id=42ae22b9-fa15-4013-b9fb-0f6d7b63d722)
恢复d
d1 = d >> 512
d2 = d & (1 << 512) - 1
#-的运算优先级高于&
-的优先级高于&
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fd28a2d9b-f2d0-43db-9179-57cf7bbb65b7%2FUntitled.png?table=block&id=b0cc2ceb-c922-43a3-90e0-d52ed1459189)
(1 << 512) - 1 : '0b11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111'
显然,d2→d的低512位,d1是d的高位(
d >> 512
)正好恢复d已知e,d,分解n
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F2f974abb-de57-4f0d-9cef-f0a3409ca0ba%2FUntitled.png?table=block&id=1a404f2b-a711-4b88-adf2-ef51a1210a27)
脚本
👀wp
🫣SCTF 2022 eazy lattice
📑题目
🪄题解
环上的NTRU格密码
在商环下的乘法
对系数作出限制,取最小剩余系
d1个为1的系数,d2个为2 的系数
商环下求逆元
密钥的获取
加密
已知pub_key(公钥)和e加密密文,解密需要求私钥
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F1ff09ba0-4c2c-4cbd-94b1-c3704f16ea21%2FUntitled.png?table=block&id=d6add4f9-c61a-4dac-9a58-407310d53224)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fa2d0fad3-4081-4ecd-b326-e6665696c05e%2FUntitled.png?table=block&id=88fd5269-5504-40e6-8a17-47dab4a3ab7e)
👀wp
🫣HZNUCTF2023 nothing
📑题目
🪄题解
proof_of_work
sha256爆破
SM2签名
未提到的已知
SM2中六个参量都是固定的。根据国密局给出的规范定义如下:方程为:SM2的签名结果是由两个数字拼接构成,SM2签名的长度为128位
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F82e887be-2b30-4296-833b-66015ef61d14%2FUntitled.png?table=block&id=57fd6db0-2142-40a3-9bde-7f7400f5c223)
求出私钥,就可以获得flag
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F2cded754-358b-4c25-96a2-8bd02674773f%2FUntitled.png?table=block&id=9e15ea7b-10a1-4911-81a0-fcb2b2101e00)
可以获得55组签名
HNP问题 👐👐这里学习了一下lattice之HNP
构造格
验证
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fc0423ed3-2d35-477b-b073-78e057af6cb2%2FUntitled.png?table=block&id=b957d5e8-38f0-453a-87ad-4f54bb4752cf)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F22775c54-f98e-4b43-a241-831da7befbbf%2FUntitled.png?table=block&id=c22ea8ed-680d-425a-a09b-e3469cd42c11)
由求出来ki求d
👀wp
📎 参考
🤔总结
- 根据一个等式,构造简单的格(已知量放格内,规约出未知量,尽量使规约出来的比特差不多,这样更容易找到)
- NTRU格密码,数域和环上构造的格一样,求出私钥g,f
- 共解密指数攻击
- 已知e,d,分解n
- SM2签名验签
- HNP问题,格构造
结束啦!!