search

Crypto - Easy Calc

😆 - Laika

hashtag
Full Implementationarrow-up-right

hashtag
Challenge

def f(s, p):
    u = 0
    for i in range(p):
        u += p - i
        u *= s
        u %= p
    return u
    
p = getPrime(1024)
s = random.randint(1, p - 1)

A = f(s, p)

Given the value of p and A, we have to find the value of s, which is used in encrypting the flag

f(s,p) generates a polynomial of the form

f(s,p)=(∑i=0p−1(p−i)⋅si)mod  pf(s, p) = \left( \sum_{i=0}^{p-1} (p - i) \cdot s^{i} \right) \mod p

Since it is under modulo p, therefore we can write the polynomial as

f(s,p)=(∑i=0p−1(−i)⋅si)mod  pf(s, p) = \left( \sum_{i=0}^{p-1} (- i) \cdot s^{i} \right) \mod p

On expanding, we get

f(s,p)=−(1⋅s1+2⋅s2+3⋅s3+...+(p−1)⋅sp−1)mod  p \quad f(s, p) = - \left( 1 \cdot s^{1} + 2 \cdot s^{2} + 3 \cdot s^{3} + ... + (p-1) \cdot s^{p-1} \right) \mod p

This form of series is known as an AGP series or arithmetico-geometric progression. While there is a direct formula to calculate the sum of the series, in this case, it is easier to use the method which is used to derive the formula to solve rather then substituting into the formula itself.

Let2f(s,p)=−(1⋅s1+2⋅s2+3⋅s3+...+(p−1)⋅sp−1)mod  p2222222222222s⋅f(s,p)=−(0⋅s1+1⋅s2+2⋅s3+...+(p−2)⋅sp−1+(p−1)⋅sp)mod  p\phantom{} Let \phantom{2} f(s, p) = - \left( 1 \cdot s^{1} + 2 \cdot s^{2} + 3 \cdot s^{3} + ... + (p-1) \cdot s^{p-1} \right) \mod p \phantom{22222222222} \\ \phantom{22} s\cdot f(s, p) = - \left( 0 \cdot s^{1} + 1 \cdot s^{2} + 2 \cdot s^{3} + ... + (p-2) \cdot s^{p-1} + (p-1) \cdot s^{p} \right) \mod p \phantom{}

On subtracting the two equations, we get

(1−s)⋅f(s,p)=−(s1+s2+s3+...+sp−1+(p−1)⋅sp)mod  p(1-s) \cdot f(s,p) = -( s^{1}+s^{2}+s^{3}+ ...+s^{p-1}+ (p-1) \cdot s^{p} ) \mod p

We now use the series formula for geometric progressions to simplify

(1−s)⋅f(s,p)=−((s⋅(1−sp−1))1−s+(p−1)⋅sp)mod  p(1-s) \cdot f(s,p) = -(\frac{( s \cdot (1- s^{p-1}))}{1-s }+ (p-1) \cdot s^{p} ) \mod p

From Fermat's theorem, we get

1−sp−1≡0(modn)1 - s^{p-1} \equiv 0 \pmod n
p−1⋅sp≡−s(modp)p-1 \cdot s^{p} \equiv -s \pmod p

Substituting into the equation, we get

f(s,p)=s1−smod  pf(s,p) = \frac{s}{1-s} \mod p

Finally, we get

f(s,p)=A=11−s−1(modp)f(s,p) = A = \frac{1}{1-s} -1 \pmod p
s≡−(A+1)−1+1(modp){s} \equiv -(A+1)^{-1} + 1 \pmod p

Therefore, we can simply attain the value of s by a single line of code, after which we get the flag

PreviousCrypto - ReplacementNextCrypto - dance

Last updated