Forum

Challenge "Partial Key Exposure with RSA — Part 1"  

  By: admin on Feb. 7, 2012, 12:22 p.m.

With RSA keys, the private key d must remain private. If the public key e is very small, this is not completely possible. This exercise demonstrates how simple it is to compute a portion of the secret key d.
Read more...

 Last edited by: admin on Oct. 31, 2021, 2:55 a.m., edited 1 time in total.

Re: Challenge  

  By: Veselovský on Feb. 7, 2012, 5:50 p.m.

Find the integer value d' that approximates d for exactly 510 bits.

I think I found the d' but I can not submit it in correct format.
Should it be submitted as a sequence of 510 "0" and "1" or we should pad it with two "0" on the left or to pad it also on the right to make its length equal to 1024?

Re: Challenge  

  By: Bart13 on Feb. 7, 2012, 6:48 p.m.

This exercise demonstrates how simple it is to compute a portion of the secret key d.

Ha, ha, that's why it's level II…..:)

Re: Challenge  

  By: Bart13 on Feb. 7, 2012, 7:04 p.m.

I think I found the d' but I can not submit it in correct format.

Victor, the task: find the INTEGER value d' that approximates d for exactly 510 bits.

EDIT: looked into the challenge myself and I know understand your question Victor.

Re: Challenge  

  By: jomandi on Feb. 7, 2012, 9:28 p.m.

it is very confusing, what exactly d' is. it occurs in the text of the challenge, but it is never defined.

can someone specify, what d' is, resp. clearify, how the solution should look like?

best regards,
jomandi

p.s.: in the hall of fame the number of the remaining trials for a challenge is wrong. i sended 2 of 15 possible attempts for this challenge, so i have to have 13 trials left. but the site writes:

Level II - Partial Key Exposure with RSA – Part 1 - Last attempt: 2012-02-07 (21:06:53) - 2 trials left

so obviously it counts in the wrong direction.

Re: Challenge  

  By: fretty on Feb. 7, 2012, 10:29 p.m.

I have returned lol.

I think this challenge is ambiguous…it doesn't say how we have to approximate. Do we match up the left most 510 bits of d or the right most?

Re: Challenge  

  By: jomandi on Feb. 7, 2012, 10:57 p.m.

it is unique, where the 510 matching bits are, so this is not the problem.

i have the two possible approximations of d, which are mentioned in the challenge, so i also know the greater one.

the problem is, that i do not know, what they expect as solution.

i have tested the most probable "solutions" but none of them have been accepted.

Re: Challenge  

  By: fretty on Feb. 7, 2012, 11:24 p.m.

I have never really considered a problem like this before so I might have got confused. I don't see a way to find d' without using its relationship with d…and that depends on whether it shares the right hand bits or the left hand bits with d.

Re: Challenge  

  By: Bart13 on Feb. 7, 2012, 11:24 p.m.

…so obviously it counts in the wrong direction.

Isn't that nice. The more wrong answers you give, the more chances you get …

If this were my challenge and I'd uploaded it only this afternoon I would be keen to see the reactions so I could give a reply when needed !

Re: Challenge  

  By: DarkFibre on Feb. 8, 2012, 12:42 a.m.

I really wish they would standardize that every problem must have a keyword for a solution instead of entering hundreds of characters into a 20 character text box. That would simplify it for the solvers as well as the puzzle makers.

For example, in this problem instead of having to explain about multiple d's so pick the larger one and then type in 510 1s and 0s there could be a ciphertext. The right key would decrypt it, and it would say what keyword to enter as the solution. No explanation about picking the right d' needed as only the right one would work, no grumbling in the forums about answer format as there would be no format.

Re: Challenge  

  By: Witten on Feb. 8, 2012, 4:47 p.m.

ok, i'll wait for the author to answer all the previous comments, i wasted many attempts trying all the possible answer for my d'

d' as it is

d' padded on the left with 0 to reach 1024 bits

d' truncated to the 510 bits coincident with d

both for the smaller and for the greater number.

Re: Challenge  

  By: DarkFibre on Feb. 8, 2012, 8:06 p.m.

I tried entering it as an integer last night, too.

Re: Challenge  

  By: Javex on Feb. 8, 2012, 9:03 p.m.

To answer some of the problems that occur right now, I will quickly address the issues. Please keep in mind, that I lack the cryptographic knowledge and right know I assume that I recieved an incomplete solution.

  • The solution (right now) is a string base 2 of 1023 bit. As you seem to point out that 1023 is not a complete string, there may be an error here.

  • The string is not padded

  • We are currently working on the idea to standarize the submission of solutions. One possible way would be to submit a hash, or as in some challenges already used: To use the solution as a key to get the correct solution to be submitted. Please be patient here, we will consider those solutions for the future.

  • Don't waste any further attempts. I will look into your submitted solutions and will make sure that you do not have any disadvantages. If you did already submit the correct solution, then I will be able to see that.

Please stay tuned for further announcements. Feel free to ask any questions regarding this challenge but be aware that there seems to be an error and right now I am waiting for the correct solution to reach me. I will then take further actions to ensure everything goes as planned.

Thank you for your patience,
javex

Re: Challenge  

  By: Bart13 on Feb. 8, 2012, 9:25 p.m.

Javex, thank you for your efforts !

Re: Challenge / Fomat of d  

  By: be on Feb. 8, 2012, 10:26 p.m.

ok, i'll wait for the author to answer all the previous comments, i wasted many attempts trying all the possible answer for my d'

Sorry for the trouble, we had a wrong hash value at the PHP server.

The solution is the binary value of d' (as written in the challenge template), so it consists only of 0s and 1s (at all its 1023 binary digits without padding).


Currently 22 guests and 0 members are online.
Powered by the CrypTool project
Contact | Privacy | Imprint
© 2009-2024 MysteryTwister team