|
|
- '''
- Created on Dec 14, 2011
-
- @author: pablocelayes
- '''
-
- #!/usr/bin/python
- # -*- coding: utf-8 -*-
- """\
-
- This module generates RSA-keys which are vulnerable to
- the Wiener continued fraction attack
-
- (see RSAfracCont.pdf)
-
- The RSA keys are obtained as follows:
- 1. Choose two prime numbers p and q
- 2. Compute n=pq
- 3. Compute phi(n)=(p-1)(q-1)
- 4. Choose e coprime to phi(n) such that gcd(e,n)=1
- 5. Compute d = e^(-1) mod (phi(n))
- 6. e is the publickey; n is also made public (determines the block size); d is the privatekey
-
- Encryption is as follows:
- 1. Size of data to be encrypted must be less than n
- 2. ciphertext=pow(plaintext,publickey,n)
-
- Decryption is as follows:
- 1. Size of data to be decrypted must be less than n
- 2. plaintext=pow(ciphertext,privatekey,n)
-
- -------------------------------
-
- RSA-keys are Wiener-vulnerable if d < (n^(1/4))/sqrt(6)
-
- """
-
- import random, MillerRabin, Arithmetic
-
- def getPrimePair(bits=512):
- '''
- genera un par de primos p , q con
- p de nbits y
- p < q < 2p
- '''
-
- assert bits%4==0
-
- p = MillerRabin.gen_prime(bits)
- q = MillerRabin.gen_prime_range(p+1, 2*p)
-
- return p,q
-
- def generateKeys(nbits=1024):
- '''
- Generates a key pair
- public = (e,n)
- private = d
- such that
- n is nbits long
- (e,n) is vulnerable to the Wiener Continued Fraction Attack
- '''
- # nbits >= 1024 is recommended
- assert nbits%4==0
-
- p,q = getPrimePair(nbits//2)
- n = p*q
- phi = Arithmetic.totient(p, q)
-
- # generate a d such that:
- # (d,n) = 1
- # 36d^4 < n
- good_d = False
- while not good_d:
- d = random.getrandbits(nbits//4)
- if (Arithmetic.gcd(d,phi) == 1 and 36*pow(d,4) < n):
- good_d = True
-
- e = Arithmetic.modInverse(d,phi)
- return e,n,d
-
- if __name__ == "__main__":
- print("hey")
- for i in range(5):
- e,n,d = generateKeys()
- print ("Clave Publica:")
- print("e =")
- print(e)
- print("n =")
- print(n)
- print ("Clave Privada:")
- print("d =")
- print(d)
- print("-----------------------")
|
