扩展欧几里得

题目:

from Crypto.Util.number import *
flag = b'******'

m1 = bytes_to_long(flag[:len(flag)//2])
m2 = bytes_to_long(flag[len(flag)//2:])

assert 18608629446895353521310408885845687520013234781800558*m1-14258810472138345414555137649316815272478951117940067*m2 == 1

解题思路:

• extgcd(a,b)函数实现了扩展欧几里得算法,它不仅计算两个整数a和b的最大公约数,还返回满足ax+by=gcd(a,b)的整数x和y,这是解决线性同余方程的关键步骤
• 通过调用extgcd函数,我们得到了a和b的最大公约数g,以及满足ax+by=g的整数x和y,在这个问题中,g应该是1,因为 a 和 b 是互质的(即它们的最大公约数是1)
• 由于a和b是互质的,我们可以找到一个特定的解x0和y0,使得ax0+by0=1,然后,我们可以将这个解扩展到所有可能的解,即x=x0+kb和y=y0-ka,其中k是任意整数。

知识拓展:

裴蜀定理 - OI Wiki

1. 裴蜀定理(贝祖定理):对于整数域中的不定方程ax+by=m,其有解的充要条件为gcd⁡(a,b)∣m

2. 扩展欧几里得算法是一种实际的计算方法,用来求解贝祖定理中所描述的线性组合的系数x和y

解答:

• 通过扩展欧几里得算法来解线性同余方程

from Crypto.Util.number import *
#扩展欧几里得算法
def extgcd(a, b):
    if b == 0:
        return a, 1, 0
    
    g, x, y = extgcd(b, a%b)
    return g, y, x - (a//b)*y
#调用extgcd函数解线性同余方程
solve = extgcd(18608629446895353521310408885845687520013234781800558,14258810472138345414555137649316815272478951117940067)
a = abs(solve[1])
b = abs(solve[2])

for _ in range(10):
    b += 18608629446895353521310408885845687520013234781800558
    a += 14258810472138345414555137649316815272478951117940067
    if b'NSSCTF' in long_to_bytes(a):
        print(long_to_bytes(a)+long_to_bytes(b))
        break
#NSSCTF{4cdc3370-b5db-4f88-bd95-a43d232a9af9}

from Crypto.Util.number import long_to_bytes
#扩展欧几里得算法
def extgcd(a, b):
    if b == 0:
        return a, 1, 0
    g, x, y = extgcd(b, a % b)
    return g, y, x - (a // b) * y
#使用扩展欧几里得算法找到ax+by=gcd(a,b)的解(x,y),然后通过调整k的值来生成所有可能的解
def generate_solutions(a, b, c):
    g, x, y = extgcd(abs(a), abs(b))
    if c % g != 0:
        return "No solutions"
    else:
        solutions = []
        x *= c // g
        y *= c // g
        for k in range(-10, 11):
            x_new = x + k * (b // g)
            y_new = y - k * (a // g)
            solutions.append((x_new, y_new))
        return solutions

a = 18608629446895353521310408885845687520013234781800558
b = 14258810472138345414555137649316815272478951117940067
c = 1
#调用generate_solutions函数生成所有可能的解
solutions = generate_solutions(a, b, c)
if solutions != "No solutions":
    for solution in solutions:
        x_abs = abs(solution[0])
        y_abs = abs(solution[1])
        m = str(x_abs) + str(y_abs)
        print(f"Concatenated string: {m}")

found_flag = False
for solution in solutions:
    x_abs = abs(solution[0])
    y_abs = abs(solution[1])
    m = int(str(x_abs))
    n = int(str(y_abs))
    flag_bytes1 = long_to_bytes(m)
    flag_bytes2 = long_to_bytes(n)

    if b'NSSCTF' in flag_bytes1:
        print(flag_bytes1+flag_bytes2)
        found_flag = True
if not found_flag:
    print("无结果")