首页 发现 帮助
登录
maker
/
bachelor
关注 1
点赞 0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

A working (but probably inefficient version) of Pollard's (p-1) factorization.

Appartently it is not really trivial to choose B and compute 2^(B!). For eaxmple, take:
N = pq = 15770708441
p = 135979
q = 115979
φ(N) = (p-1)(q-1) = 15770456484

Then,
if a ≡ 2^(562!) (mod N) ≡ 12104578623 (mod N) →   gcd(a-1, N) = p
if a ≡ 2^(563!) (mod N) ≡ 1           (mod N) →   gcd(a-1, N) = 1
Michele Orrù 12 年之前
父节点
763f021f9a
当前提交
773c479543
共有 3 个文件被更改,包括 83 次插入3 次删除
分列视图 显示文件统计
  1. 46 3
      src/questions/pollard.c
  2. 9 0
      src/questions/test/pollard.pem
  3. 28 0
      src/questions/test/test_pollard.c

+ 46 - 3
src/questions/pollard.c
查看文件 

@@ -23,16 +23,24 @@
 
  */
 
 
 #include <openssl/x509.h>
 
+#include <openssl/err.h>
 
 
 #include "questions.h"
 
 
+static BIGNUM *two;
 
+
 
 int pollard1_question_setup(void)
 
 {
 
+  /* create 2 */
 
+  two = BN_new();
 
+  BN_one(two);
 
+  BN_uadd(two, two, BN_value_one());
 
   return 0;
 
 }
 
 
 int pollard1_question_teardown(void)
 
 {
 
+  BN_free(two);
 
   return 0;
 
 }
 
 
@@ -43,6 +51,8 @@ int pollard1_question_test(X509 *cert)
 
 }
 
 
 
+int BN_sqrtmod(BIGNUM*, BIGNUM*, BIGNUM*, BN_CTX*);
 
+
 
 /**
 
  * \brief Pollard (p-1) factorization.
 
  *
 
@@ -57,21 +67,54 @@ int pollard1_question_test(X509 *cert)
 
  */
 
 int pollard1_question_ask(X509 *cert)
 
 {
 
+  int ret = 1;
 
   RSA *rsa;
 
-  BIGNUM *a, *B;
 
+  BIGNUM *a, *B, *a1;
 
+  BIGNUM *gcd, *rem;
 
   BIGNUM *n;
 
+  BIGNUM *p, *q;
 
+  BN_CTX *ctx;
 
 
   rsa = X509_get_pubkey(cert)->pkey.rsa;
 
   n = rsa->n;
 
   a = BN_new();
 
   B = BN_new();
 
+  a1 = BN_new();
 
+  gcd = BN_new();
 
+  rem = BN_new();
 
+  ctx = BN_CTX_new();
 
+
 
+  /* take ⁸√N */
 
+  BN_sqrtmod(gcd, rem, n, NULL);
 
+  BN_sqrtmod(B, rem, gcd, NULL);
 
+  /* compute 2^(B!) */
 
+  for (BN_copy(a, two), BN_one(gcd);
 
+       !(BN_is_zero(B) || !BN_is_one(gcd) || BN_cmp(gcd, n)==0);
 
+       BN_usub(B, B, BN_value_one())) {
 
 
-  BN_dec2bn(&a, "2");
 
+    BN_mod_exp(a, a, B, n, ctx);
 
+    /* p ≟ gcd(a-1, N) */
 
+    BN_usub(a1, a, BN_value_one());
 
+    BN_gcd(gcd, a1, n, ctx);
 
+  }
 
+
 
+  /* Either p or q found :) */
 
+  ret = BN_is_zero(B);
 
+  if (!ret) {
 
+    p = BN_dup(gcd);
 
+    q = BN_new();
 
+    BN_div(q, NULL, n, gcd, ctx);
 
+    printf("p:%s, q=%s \n", BN_bn2dec(p), BN_bn2dec(q));
 
+  }
 
 
   BN_free(a);
 
   BN_free(B);
 
+  BN_free(a1);
 
+  BN_free(gcd);
 
+  BN_free(rem);
 
+  BN_CTX_free(ctx);
 
 
-  return 0;
 
+  return ret;
 
 }

+ 9 - 0
src/questions/test/pollard.pem
查看文件 

@@ -0,0 +1,9 @@
 
+-----BEGIN CERTIFICATE-----
 
+MIIBSzCCAT+gAwIBAgIJAKpAKJWNqUmaMAMGAQAwSjELMAkGA1UEBhMCSVQxDjAM
 
+BgNVBAgMBUl0YWx5MQ8wDQYDVQQHDAZUcmVudG8xDjAMBgNVBAoMBXVuaXRuMQow
 
+CAYDVQQDDAFtMB4XDTEzMTIwNDE5NDgyMFoXDTE0MDEwMzE5NDgyMFowSjELMAkG
 
+A1UEBhMCSVQxDjAMBgNVBAgMBUl0YWx5MQ8wDQYDVQQHDAZUcmVudG8xDjAMBgNV
 
+BAoMBXVuaXRuMQowCAYDVQQDDAFtMB4wDQYJKoZIhvcNAQEBBQADDQAwCgIFA6wB
 
+6dkCAQKjUDBOMB0GA1UdDgQWBBQnmJytKoIwBb1y4Da0JP9hw097LzAfBgNVHSME
 
+GDAWgBQnmJytKoIwBb1y4Da0JP9hw097LzAMBgNVHRMEBTADAQH/MAMGAQADAQA=
 
+-----END CERTIFICATE-----

+ 28 - 0
src/questions/test/test_pollard.c
查看文件 

@@ -0,0 +1,28 @@
 
+#include <assert.h>
 
+
 
+#include <openssl/x509.h>
 
+#include <openssl/pem.h>
 
+
 
+#include  "questions.h"
 
+#include "qpollard.h"
 
+
 
+void test_pollard(void)
 
+{
 
+  X509 *crt;
 
+  FILE *fp = fopen("test/pollard.pem", "r");
 
+  if (!fp) exit(EXIT_FAILURE);
 
+  crt = PEM_read_X509(fp, NULL, 0, NULL);
 
+  if (!crt) {
 
+    exit(EXIT_FAILURE);
 
+  }
 
+
 
+  PollardQuestion.ask(crt);
 
+}
 
+
 
+int main(int argc, char **argv)
 
+{
 
+  PollardQuestion.setup();
 
+  test_pollard();
 
+  PollardQuestion.teardown();
 
+  return 0;
 
+}