main.py (1416B)
1import secrets 2import hashlib 3from Crypto.Util.number import isPrime, long_to_bytes 4 5FLAG = b'grey{fake_flag}' 6 7e = 0x10001 8 9def checkN(N): 10 if (N < 0): 11 return "what?" 12 if (N.bit_length() != 4096): 13 return "N should be 4096 bits" 14 if (isPrime(N) or isPrime(N + 23)): 15 return "Hey no cheating" 16 return None 17 18def xor(a, b): 19 return bytes([i ^ j for i,j in zip(a,b)]) 20 21def encrypt(key, msg): 22 key = hashlib.shake_256(long_to_bytes(key)).digest(len(msg)) 23 return xor(key, msg) 24 25print("This is my new Oblivious transfer protocol built on top of the crypto primitive (factorisation is hard)\n") 26print("You should first generate a number h which you know the factorisation,\n") 27print("If you wish to know the first part of the key, send me h") 28print(f"If you wish to know the second part of the key, send me h - {23}\n") 29 30N = int(input(("Now what's your number: "))) 31 32check = checkN(N) 33if check != None: 34 print(check) 35 exit(0) 36 37k1, k2 = secrets.randbelow(N), secrets.randbelow(N) 38k = k1 ^ k2 39 40print("Now I send you these 2 numbers\n") 41print(f"pow(k1, e, N) = {pow(k1, e, N)}") 42print(f"pow(k2, e, N+23) = {pow(k2, e, N + 23)}\n") 43 44print("Since you only know how to factorise one of them, you can only get one part of the data :D\n") 45print("This protocol is secure so sending this should not have any problem") 46print(f"flag = {encrypt(k, FLAG).hex()}") 47print("Bye bye!") 48