0%

# 2022GoogleCTF·密码复现

「何时才能登陆梦中的彼岸」

## ELECTRIC MAYHEM CLS

### 题目

The server presents power traces of a secret firmware crypto operation. The goal is to recover the secret key. Note, the flag is ‘CTF{XXX}’ where XXX is your recovered key.

### 题解

🧙‍♀️懂不懂原理我不知，但她确实没讲清楚

### 总结

• 搜索能力弱了，接受新鲜事物的能力也差

• 可以关注关注日韩CTF圈子

不少密码难题的wp都是日韩出的，值得重视

## CYCLING

### 题目

It is well known that any RSA encryption can be undone by just encrypting the ciphertext over and over again. If the RSA modulus has been chosen badly then the number of encryptions necessary to undo an encryption is small. However, if the modulus is well chosen then a cycle attack can take much longer. This property can be used for a timed release of a message. We have confirmed that it takes a whopping 2^1025-3 encryptions to decrypt the flag. Pack out your quantum computer and perform 2^1025-3 encryptions to solve this challenge. Good luck doing this in 48h.

### 题解

xchgeaxeax师傅分享了他找到的wp，膜拜了下来自日本的密码魔女wp

It is well known that any RSA encryption can be undone by just encrypting the ciphertext over and over again.

$m≡c^{e^{2^{1025}-3}}≡(m^e)^{e^{2^{1025}-3}}≡m^{e^{2^{1025}-2}} \mod n$

1⃣️$d≡e^{2^{1025}-3}$

2⃣️$ed≡e^{2^{1025}-2}≡1 \mod phi$

$\phi(phi) = 2^{1025}-2$

$=a•b•c•d•e•f•g•h•…$

$(a•b+1)(a•c+1)(a•d+1)···(a•b•c+1)···(c•e•h+1)···$

（前面算得的K*phi记为res）

$e^{2^{1025}-3}≡e^{2^{1025}-2}•e^{-1}≡e^{-1} \mod K•phi$

（哪位师傅来教一下我，为什么可以）

### 总结

• Cycle attack on RSA

循环攻击给了确定次数，即可攻破

• 通过$\phi(phi)$获得$K*phi$

• d可以放缩成$d \mod K*phi$

## MAYBE SOMEDAY

### 题目

Leave me your ciphertexts. I will talk to you later.