ALL the CTFS of Crypto2025 finally

crypto-asimmetric/RSA-1/factor.json

@@ -0,0 +1 @@
+{ 	"input-expression":"factor(176278749487742942508568320862050211633)", 	"input-decimal":"176278749487742942508568320862050211633", 	"factors-prime":["12271643243945501447","14364722473065221639"], 	"runtime" : {"total":0.7035, "siqs":0.0455}, 	"time-start" : "2025-05-14  16:39:45", 	"time-end" : "2025-05-14  16:39:46", 	"info":{"compiler":"MSVC 1931","ECM-version":"7.0.6","MPIR-version":"3.0.0","yafu-version":"3.0"} }

crypto-asimmetric/RSA-1/factor.log

@@ -0,0 +1,62 @@
+05/14/25 16:39:45, 
+05/14/25 16:39:45, ****************************
+05/14/25 16:39:45, Starting factorization of 176278749487742942508568320862050211633
+05/14/25 16:39:45, using pretesting plan: normal
+05/14/25 16:39:45, no tune info: using qs/gnfs crossover of 95 digits
+05/14/25 16:39:45, no tune info: using qs/snfs crossover of 95 digits
+05/14/25 16:39:45, ****************************
+05/14/25 16:39:45, rho: x^2 + 3, starting 1000 iterations on C39
+05/14/25 16:39:45, rho: x^2 + 2, starting 1000 iterations on C39
+05/14/25 16:39:45, rho: x^2 + 1, starting 1000 iterations on C39
+05/14/25 16:39:45, final ECM pretested depth: 0.000000
+05/14/25 16:39:45, scheduler: switching to sieve method
+05/14/25 16:39:46, starting SIQS on c39: 176278749487742942508568320862050211633
+05/14/25 16:39:46, random seed: 15381924001331922418
+05/14/25 16:39:46, ==== sieve params ====
+05/14/25 16:39:46, n = 39 digits, 128 bits
+05/14/25 16:39:46, factor base: 576 primes (max prime = 9473)
+05/14/25 16:39:46, single large prime cutoff: 473650 (50 * pmax)
+05/14/25 16:39:46, using SSE41 enabled 32k sieve core
+05/14/25 16:39:46, sieve interval: 1 blocks of size 32768
+05/14/25 16:39:46, polynomial A has ~ 4 factors
+05/14/25 16:39:46, using multiplier of 1
+05/14/25 16:39:46, using multiplier of 1
+05/14/25 16:39:46, using Q2(x) polynomials for kN mod 8 = 1
+05/14/25 16:39:46, using SPV correction of 18 bits, starting at offset 29
+05/14/25 16:39:46, trial factoring cutoff at 35 bits
+05/14/25 16:39:46, ==== sieving started (1 thread) ====
+05/14/25 16:39:46, trial division touched 85911 sieve locations out of 11665408
+05/14/25 16:39:46, total reports = 85911, total surviving reports = 15765
+05/14/25 16:39:46, total blocks sieved = 356, avg surviving reports per block = 44.28
+05/14/25 16:39:46, 686 relations found: 307 full + 379 from 3054 partial, using 178 polys (22 A polys)
+05/14/25 16:39:46, on average, sieving found 18.88 rels/poly and 107137.16 rels/sec
+05/14/25 16:39:46, trial division touched 85911 sieve locations out of 11665408
+05/14/25 16:39:46, ==== post processing stage (msieve-1.38) ====
+05/14/25 16:39:46, QS elapsed time = 0.0317 seconds.
+05/14/25 16:39:46, begin singleton removal with 3361 relations
+05/14/25 16:39:46, reduce to 1021 relations in 2 passes
+05/14/25 16:39:46, recovered 1021 relations
+05/14/25 16:39:46, recovered 154 polynomials
+05/14/25 16:39:46, attempting to build 686 cycles
+05/14/25 16:39:46, found 686 cycles from 1021 relations in 1 passes
+05/14/25 16:39:46, distribution of cycle lengths:
+05/14/25 16:39:46,    length 1 : 307
+05/14/25 16:39:46,    length 2 : 379
+05/14/25 16:39:46, largest cycle: 2 relations
+05/14/25 16:39:46, matrix is 576 x 686 (0.1 MB) with weight 11457 (16.70/col)
+05/14/25 16:39:46, sparse part has weight 11457 (16.70/col)
+05/14/25 16:39:46, filtering completed in 3 passes
+05/14/25 16:39:46, matrix is 545 x 609 (0.1 MB) with weight 9852 (16.18/col)
+05/14/25 16:39:46, sparse part has weight 9852 (16.18/col)
+05/14/25 16:39:46, commencing Lanczos iteration
+05/14/25 16:39:46, memory use: 0.1 MB
+05/14/25 16:39:46, lanczos halted after 10 iterations (dim = 545)
+05/14/25 16:39:46, recovered 64 nontrivial dependencies
+05/14/25 16:39:46, prp20 = 14364722473065221639
+05/14/25 16:39:46, prp20 = 12271643243945501447
+05/14/25 16:39:46, Lanczos elapsed time = 0.0130 seconds.
+05/14/25 16:39:46, Sqrt elapsed time = 0.0000 seconds.
+05/14/25 16:39:46, SIQS elapsed time = 0.0455 seconds.
+05/14/25 16:39:46, 
+05/14/25 16:39:46, 
+05/14/25 16:39:46, Total factoring time = 0.7035 seconds

crypto-asimmetric/RSA-1/rsa_1.py

@@ -0,0 +1,41 @@
+from Cryptodome.Util.number import bytes_to_long, getPrime
+#from secret import flag
+def egcd(a, b):
+    if (a == 0):
+        return (b, 0, 1)
+    else:
+        g, y, x = egcd(b%a, a)
+        return (g, x - (b//a) * y, y)
+
+e = 65537
+
+"""p, q = getPrime(64), getPrime(64)
+n = p*q
+e = 65537
+print(n)
+m = bytes_to_long(flag)
+print(pow(m, e, n))"""
+
+#p = 14364722473065221639
+#q = 12271643243945501447
+
+p =  88824237363878748201253577036
+q = 866961515596671343895614356197
+
+n = p*q
+phi = (p-1)*(q-1)
+res = egcd(e, phi)
+
+#c = 46228309104141229075992607107041922411
+
+c = 388435672474892257936058543724812684332943095105091384265939
+u = res[1]
+v = res[2]
+
+decrypted = pow(c,u,n)
+
+print(decrypted.to_bytes(decrypted.bit_length()//8+1,byteorder='big').decode())
+#P20 = 14364722473065221639
+#P20 = 12271643243945501447
+# 176278749487742942508568320862050211633
+# 46228309104141229075992607107041922411

crypto-asimmetric/RSA-1/session.log

@@ -0,0 +1,13 @@
+05/14/25 16:39:25, =====================================
+05/14/25 16:39:25, System/Build Info: 
+05/14/25 16:39:25, YAFU Version 3.0
+05/14/25 16:39:25, Built with Microsoft Visual Studio 1931 and LLVM Compiler 13.0.0 
+05/14/25 16:39:25, Using GMP-ECM 7.0.6, Powered by MPIR 3.0.0
+05/14/25 16:39:25, detected AMD Ryzen 5 5600H with Radeon Graphics         
+detected L1 = 32768 bytes, L2 = 16777216 bytes, CL = 64 bytes
+05/14/25 16:39:25, CPU features enabled: 05/14/25 16:39:25, SSE41 05/14/25 16:39:25, 
+05/14/25 16:39:25, using 1 random witness for Rabin-Miller PRP checks
+05/14/25 16:39:25, Cached 664579 primes: max prime is 9999991
+05/14/25 16:39:25, Could not parse yafu.ini from Z:\home\emln\Documents\crypto\ctf\RSA-1
+
+05/14/25 16:39:25, Random seed: 15435820894272445120