to navigate

to select

to close

On this page

LSB Oracle DRAFT

Implementation

info

Parameters Required:

N: the modulus
e: the public exponent
c: the encrypted message
oracle: a function which returns the last bit of a plaintext

Return: the plaintext

  from sage.all import ZZ


def attack(N, e, c, oracle):
    left = ZZ(0)
    right = ZZ(N)
    while right - left > 1:
        c = (c * pow(2, e, N)) % N
        if oracle(c) == 0:
            right = (right + left) / 2
        else:
            left = (right + left) / 2

    return int(right)

Manger

Low Exponent