D4
/
architecture
mirror of https://github.com/D4-project/architecture
2
0
Fork 0
Code Issues Releases Wiki Activity
architecture/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/README.md

2.6 KiB
Raw Blame History

What to run to get the answer

Run

$sage fermat.sage

This scripts runs the fermat algorithm on a moduli n, after a few second, you obtain:

n = 112421669060399956986367421471522274763620630713869928275575801768805742928429125845443925273931224902361917953532406156094313050840872610487333863447808074966477755274534568334940704111115937296330388429409569440785006316555673801318745308608773691570316883074174605863734103561500162053873040254255024422007
p = 10602908518911212269196394177169313611302648397290858147355211341039858033427866435756684124880003295417095989705061290172988160459431024782951095853727631
q = 10602908518911212269196394177169313611302648397290858147355211341039858033427866435756684124880003295417095989705061290172988160459431024782951095853727897
p * q = 112421669060399956986367421471522274763620630713869928275575801768805742928429125845443925273931224902361917953532406156094313050840872610487333863447808074966477755274534568334940704111115937296330388429409569440785006316555673801318745308608773691570316883074174605863734103561500162053873040254255024422007

This n corresponds to the veryclosepq.pem file. It outputs the two primes p, and q, that when multiplied equal n. It actually factored n, breaking the key.

You can uncomment the second n, and comment the first to compute the modulus corresponding to notsoclosepq.pem The computation will take way longer (25h on my laptop):

p = 22157691135118301489929674559231673892644010748661833901588762699146589433597772776737145770818674169792068962295837261628180455856666583009960744201462119
q = 22157691135118301489929674559231673892644010748661833901588762699146589611309046815477146817565891659898679783418932444200455480172523644395164206769491779
p * q = 490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701

Explanations

How did we get the modulo?

We can use the script:

./getModulusBase10.sh ../notsoclosepq.pem

That has the follwing content:

openssl rsa -in $1 -pubin -modulus -noout | # asks openssl to output the keys' modulus
awk '{print substr($1 ,9)}'               | # remove 'Modulus='
./convert10.sh                              # pipes the result into convert10.sh

./convert10.sh converts anything it gets in input (stdin) into base 10.

How close are p and q?

veryclosepq.pem

p - q = 266

notsoclose.pem

(still computing)