RSA 解密问题 (Python)
Problems with decrypting in RSA (Python)
我刚刚写了一个 python 使用 RSA 加密和解密的小程序。这只是为了好玩。我的问题是它从未完成解密, 显然不是故意的。 d 很大,我不确定它是否能够解密。有没有逻辑错误?我错过了什么? generatePrimes Funktion 生成位长为 512 的素数。
from generatePrime import generatePrime
from math import gcd as bltin_gcd
def coprime(a, b):
return bltin_gcd(a, b) == 1
def encript(msg,e,N):
print("encripting :")
return msg**e % N
#THIS HERE IS THE PROBLEM!
def decript(en,d,N):
print("decripting :")
pow(en, d, N) #Like this?
def RSA():
print("generating P ")
P = generatePrime()
print("generating Q ")
Q = generatePrime()
print("calculating N ")
N = P* Q
print("calculating phi ")
phi = (Q-1)*(P-1)
e = 65537
if not coprime(e,P) and not coprime(e,Q):
RSA()
d = int((1+ phi)/e)
#print(d)
encripted = encript(16468,e,N)
print(encripted)
decripted = decript(encripted,d,N)
print(decripted)
print("sucsess!")
RSA()
print("Done!")
d 很大,但它必须很大,不是吗?我不知道。
这是 generatePrime 函数( 我偷了)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import re
import random
import math
def fermat_primality_test(p, s=5):
"""
a^(p-1) ≡ 1 mod p
Input: prime candidate p and security paramter s
Output: either p is a composite (always trues), or
p is a prime (with probability)
"""
if p == 2:
return True
if not p & 1: # if p is even, number cant be a prime
return False
for i in range(s):
a = random.randrange(2, p-2)
x = pow(a, p-1, p) # a**(p-1) % p
if x != 1:
return False
return True
def square_and_multiply(x, k, p=None):
"""
Square and Multiply Algorithm
Parameters: positive integer x and integer exponent k,
optional modulus p
Returns: x**k or x**k mod p when p is given
"""
b = bin(k).lstrip('0b')
r = 1
for i in b:
r = r**2
if i == '1':
r = r * x
if p:
r %= p
return r
def miller_rabin_primality_test(p, s=5):
if p == 2: # 2 is the only prime that is even
return True
if not (p & 1): # n is a even number and can't be prime
return False
p1 = p - 1
u = 0
r = p1 # p-1 = 2**u * r
while r % 2 == 0:
r >>= 1
u += 1
# at this stage p-1 = 2**u * r holds
assert p-1 == 2**u * r
def witness(a):
"""
Returns: True, if there is a witness that p is not prime.
False, when p might be prime
"""
z = square_and_multiply(a, r, p)
if z == 1:
return False
for i in range(u):
z = square_and_multiply(a, 2**i * r, p)
if z == p1:
return False
return True
for j in range(s):
a = random.randrange(2, p-2)
if witness(a):
return False
return True
def generatePrime(n=512, k=1):
"""
Generates prime numbers with bitlength n.
Stops after the generation of k prime numbers.
Caution: The numbers tested for primality start at
a random place, but the tests are drawn with the integers
following from the random start.
"""
assert k > 0
assert n > 0 and n < 4096
# follows from the prime number theorem
necessary_steps = math.floor( math.log(2**n) / 2 )
# get n random bits as our first number to test for primality
x = random.getrandbits(n)
primes = []
while k>0:
if miller_rabin_primality_test(x, s=7):
primes.append(x)
k = k-1
x = x+1
return primes[0]
我试过了:
from Crypto.Util import number
def generatePrime(len=512):
return number.getPrime(len)
但这并没有解决问题。
一段时间后我开始工作了。
这是我的最终代码:
om RSAresources import *
class RSA:
def __init__(self,msg,e=65537,P=generatePrime(),Q = generatePrime()):
self.e = e
self.P = P
self.Q = Q
self.msg = msg
while not coprime(e,P) and not coprime(e,Q):
self.P = generatePrime()
self.Q = generatePrime()
self.N = P * Q
self.phi = (Q-1)*(P-1)
self.d = mod_inverse(self.e,self.phi)
def encript(self):
return pow(self.msg,self.e, self.N)
def decript(self):
return pow(self.msg,self.d,self.N)
这是RSAresources.py:
from Crypto.Util import number
def generatePrime(leng=1024):
return number.getPrime(leng)
def mod_inverse(x,y):
def eea(a,b):
if b==0:return (1,0)
(q,r) = (a//b,a%b)
(s,t) = eea(b,r)
return (t, s-(q*t) )
inv = eea(x,y)[0]
if inv < 1: inv += y
return inv
from math import gcd as bltin_gcd
def coprime(a, b):
return bltin_gcd(a, b) == 1
我刚刚写了一个 python 使用 RSA 加密和解密的小程序。这只是为了好玩。我的问题是它从未完成解密, 显然不是故意的。 d 很大,我不确定它是否能够解密。有没有逻辑错误?我错过了什么? generatePrimes Funktion 生成位长为 512 的素数。
from generatePrime import generatePrime
from math import gcd as bltin_gcd
def coprime(a, b):
return bltin_gcd(a, b) == 1
def encript(msg,e,N):
print("encripting :")
return msg**e % N
#THIS HERE IS THE PROBLEM!
def decript(en,d,N):
print("decripting :")
pow(en, d, N) #Like this?
def RSA():
print("generating P ")
P = generatePrime()
print("generating Q ")
Q = generatePrime()
print("calculating N ")
N = P* Q
print("calculating phi ")
phi = (Q-1)*(P-1)
e = 65537
if not coprime(e,P) and not coprime(e,Q):
RSA()
d = int((1+ phi)/e)
#print(d)
encripted = encript(16468,e,N)
print(encripted)
decripted = decript(encripted,d,N)
print(decripted)
print("sucsess!")
RSA()
print("Done!")
d 很大,但它必须很大,不是吗?我不知道。
这是 generatePrime 函数( 我偷了)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import re
import random
import math
def fermat_primality_test(p, s=5):
"""
a^(p-1) ≡ 1 mod p
Input: prime candidate p and security paramter s
Output: either p is a composite (always trues), or
p is a prime (with probability)
"""
if p == 2:
return True
if not p & 1: # if p is even, number cant be a prime
return False
for i in range(s):
a = random.randrange(2, p-2)
x = pow(a, p-1, p) # a**(p-1) % p
if x != 1:
return False
return True
def square_and_multiply(x, k, p=None):
"""
Square and Multiply Algorithm
Parameters: positive integer x and integer exponent k,
optional modulus p
Returns: x**k or x**k mod p when p is given
"""
b = bin(k).lstrip('0b')
r = 1
for i in b:
r = r**2
if i == '1':
r = r * x
if p:
r %= p
return r
def miller_rabin_primality_test(p, s=5):
if p == 2: # 2 is the only prime that is even
return True
if not (p & 1): # n is a even number and can't be prime
return False
p1 = p - 1
u = 0
r = p1 # p-1 = 2**u * r
while r % 2 == 0:
r >>= 1
u += 1
# at this stage p-1 = 2**u * r holds
assert p-1 == 2**u * r
def witness(a):
"""
Returns: True, if there is a witness that p is not prime.
False, when p might be prime
"""
z = square_and_multiply(a, r, p)
if z == 1:
return False
for i in range(u):
z = square_and_multiply(a, 2**i * r, p)
if z == p1:
return False
return True
for j in range(s):
a = random.randrange(2, p-2)
if witness(a):
return False
return True
def generatePrime(n=512, k=1):
"""
Generates prime numbers with bitlength n.
Stops after the generation of k prime numbers.
Caution: The numbers tested for primality start at
a random place, but the tests are drawn with the integers
following from the random start.
"""
assert k > 0
assert n > 0 and n < 4096
# follows from the prime number theorem
necessary_steps = math.floor( math.log(2**n) / 2 )
# get n random bits as our first number to test for primality
x = random.getrandbits(n)
primes = []
while k>0:
if miller_rabin_primality_test(x, s=7):
primes.append(x)
k = k-1
x = x+1
return primes[0]
我试过了:
from Crypto.Util import number
def generatePrime(len=512):
return number.getPrime(len)
但这并没有解决问题。
一段时间后我开始工作了。 这是我的最终代码:
om RSAresources import *
class RSA:
def __init__(self,msg,e=65537,P=generatePrime(),Q = generatePrime()):
self.e = e
self.P = P
self.Q = Q
self.msg = msg
while not coprime(e,P) and not coprime(e,Q):
self.P = generatePrime()
self.Q = generatePrime()
self.N = P * Q
self.phi = (Q-1)*(P-1)
self.d = mod_inverse(self.e,self.phi)
def encript(self):
return pow(self.msg,self.e, self.N)
def decript(self):
return pow(self.msg,self.d,self.N)
这是RSAresources.py:
from Crypto.Util import number
def generatePrime(leng=1024):
return number.getPrime(leng)
def mod_inverse(x,y):
def eea(a,b):
if b==0:return (1,0)
(q,r) = (a//b,a%b)
(s,t) = eea(b,r)
return (t, s-(q*t) )
inv = eea(x,y)[0]
if inv < 1: inv += y
return inv
from math import gcd as bltin_gcd
def coprime(a, b):
return bltin_gcd(a, b) == 1