扩展欧几里得算法,大于2 ^ 64整数

时间:2015-07-11 23:21:00

标签: python rsa dsa

我知道“永远不会滚动你自己的加密”,但我在教育方面做的比什么都重要。因此,我尝试模仿RSA签名和验证程序,制作一个Python程序,这很麻烦。现在我遇到的问题是我用数字做得很小,可以用手做,< 2 ^ 8 primes - > 2 ^ 16模数等现在我试图将其加到128位RSA。我正在玩,看看它是如何工作的。现在我意识到,只要我使用超过2 ^ 32个素数或2 ^ 64个整数的任何东西,我就会得到与ext_euclid相反的奇怪的逆模。我使用http://www.christelbach.com/RSAtoy.aspx来查看真正的密钥应该是什么,并且出于某种原因,每当我将primesize碰到2 ^ 32以上时,我的数量都非常小。如果它的2 ^ 32或更少的一切都运行得很好,我已经在2 ^ 16/24/32进行了几十次测试,一旦2 ^ 32 +来了它就会变得非常错误。这是我的代码还是与Long to Int等有关,我该如何解决?

#RSA
from random import choice,randint
from math import log


primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997, 1009, 1013, 1019, 1021]
def randomPrime(mi=2**15,ma=2**16,length=0):
    if length == 0:
        length = min(len(primes),int(ma**.5/log(ma**.5)))
    primality = False
    while primality == False:
        n = randint(mi/2,ma/2)*2 + 1
        go = False
        prime = 0
        while prime <= (length - 1) and n % primes[prime] != 0:
            prime += 1
        if prime == (length):
            primality = True
    return n

def ext_euclid(phi,e,verbose=False):
    # PLACEHOLDER VALUE
    place = 0
    # x is the e remainder table
    # y is the 1 remainder table
    x = phi
    nx = e
    y = phi
    ny = 1
    while nx != 0:
        if verbose == True: print("%s|%s|%s|%s" % (x,nx,y,ny))
        #Y table
        place = ny
        ny = y - int(x/nx)*ny
        y = place
        ny %= phi
        #X table
        place = nx
        nx = x % nx
        x = place
    if verbose == True: print("%s|%s|%s|%s" % (x,nx,y,ny))
    return y

def generatee(phi):
    e = choice(primes)
    while phi % e == 0:
        e = choice(primes)
    return e

import hashlib
#HASH
def md5(string,bitlength=32):
    m = hashlib.md5()
    m.update(string.encode("utf-8"))
    return m.hexdigest()

class Keys():
    def __init__(self,p1=0,p2=0,e=0):
        #Constants
        self.primesize = 2**36


        self.p1 = randomPrime(2**16,self.primesize) if p1 == 0 else p1
        self.p2 = randomPrime(2**16,self.primesize) if p2 == 0 else p2
        self.phi = (self.p1-1)*(self.p2-1)
        self.n = self.p1*self.p2
        self.e = generatee(self.phi) if e == 0 else e
        self.d = ext_euclid(self.phi,self.e)
        self.address = md5(str((self.e << 32) + self.n))
    def sign(self, txhash):
        return pow(txhash, self.d, self.n)
    def verify(self, txhash, signature):
        if txhash % self.n == pow(signature, self.e, self.n): return True
        return False

编辑: 这是一个64位模数的例子,例如RSA64

>>> a = Keys(209289323,1313573563,17)
>>> a.d
80857917702383813
>>> hx = 0x1234567890abcdef1234567890abcdef
>>> hx
24197857200151252728969465429440056815
>>> a.sign(hx)
246853824751040294
>>> b = a.sign(hx)
>>> a.verify(hx,b)
True
>>> a.verify(hx,b+1)
False

一旦我使用128位模数,就会出现错误的地方,例如RSA128:

>>> a = Keys(5546871069653045437,958651707892273957,17)
>>> hx = 0x1234567890abcdef1234567890abcdef
>>> a.sign(hx)
2245162084047934309650005641010351850
>>> b = a.sign(hx)
>>> a.verify(hx,b)
False
>>> a.d
938385427831965304326654898162630658
>>> a.d = 938385427831965264301982408934258497 #What it should be
>>> a.verify(hx,b)
False
>>> a.sign(hx)
4020359161743820942266145714554570767
>>> b = a.sign(hx)
>>> a.verify(hx,b)
True

0 个答案:

没有答案