CTF-Crypto icon indicating copy to clipboard operation
CTF-Crypto copied to clipboard

Published 20 hours ago verified publisher icon ValarDragon

RSA tools

Open nguyen-tuonghuy opened this issue 5 years ago • 4 comments

Hi,

I was looking at implementing the recovery of private key knowing the n/4 last bits and I saw it was on your TODO list.

Do you have any examples where it has been done by anyone yet ? It looks like there are many articles/surveys about that technique, but no practical implémentation yet... Thanks !

nguyen-tuonghuy avatar May 07 '19 22:05 nguyen-tuonghuy

The n/4 last bits attack requires an implementation of bivariate coppersmith. The only bivariate coppersmith implementation I know of is: https://github.com/mimoo/RSA-and-LLL-attacks, so perhaps you can adapt that?

I've also seen CTF teams use the n/4 attack in writeups, just haven't seen an implementation of it.

ValarDragon avatar May 07 '19 23:05 ValarDragon

Ok,thank you for the answer.

I'll dig into the other repository as well. I also found out Sage was using a method called small_roots and it may be related to the coppersmith method.

nguyen-tuonghuy avatar May 07 '19 23:05 nguyen-tuonghuy

Small roots is univariate coppersmith, its actually used within the library already!

ValarDragon avatar May 08 '19 00:05 ValarDragon