2020CISCN初赛-crypto-lfsr writeup
第十三届全国大学生信息安全竞赛初赛,密码学的lfsr详解。
原题文件:https://wwe.lanzous.com/iDF95gntw5a
本题考查线性反馈移位寄存器。
初始状态,反馈函数,输出序列都已给出,已知n是100。
输出序列即题给的output.txt。
反馈函数是代码形式,需要经过分析后转化为表达式形式。
通过分析反馈函数可以发现,初始状态即是输出序列的前100位倒置。
lfsr源代码如下,
def lfsr(state, mask):
feedback = state & mask
feed_bit = bin(feedback)[2:].count("1") & 1 #当feedback中有奇数个1时,feed_bit为1
output_bit = state & 1 #取state的最后一位
state = (state >> 1) | (feed_bit << (N-1)) #state右移一位,将feed_bit反馈到state的第一位
return state, output_bit
其中feed_bit是反馈位,当feedback中有奇数个1时,feed_bit为1。
因为0异或任何数等于任何数本身,不影响最后结果,则当feedback中有奇数个1时,最低位向最高位依次做异或运算的结果是1。
因此反馈位feed_bit就是将当前状态的每一位与mask中对应位做位与,并将每一位计算结果依次异或。
设lfsr每一位依次为a1到a100,mask中每一位依次为b1到b100,可得反馈函数如下:
f e e d _ b i t = b 100 & a 100 ⊕ b 99 & a 99 ⊕ b 98 & a 98 ⊕ b 97 & a 97 ⊕ … … ⊕ b 1 & a 1 feed\_bit = b_{100}\&a_{100} ⊕ b_{99}\&a_{99} ⊕ b_{98}\&a_{98} ⊕ b_{97}\&a_{97} ⊕ …… ⊕ b_{1}\&a_{1} feed_bit=b100&a100⊕b99&a99⊕b98&a98⊕b97&a97⊕……⊕b1&a1
output_bit是输出位,取lfsr当前状态的最后一位输出。
state表示当前状态,每次state右移一位,并将feed_bit反馈到state的第一位。
整个lfsr流程如下图:
因此我们由输出序列可以知道lfsr初始状态,和其后的每一个反馈位。
本题将flag设为mask,即要求mask。
根据反馈函数,可知mask的每一位都是反馈函数的系数。
而反馈函数的值与参数都已知,我们可以通过列100个反馈函数表达式,利用矩阵解线性方程组,计算得到100个系数的值。
由于在有限域GF(2)内,只有0和1,此时乘法相当于异或,加法相当于与运算。
因此可直接将公式中的异或(⊕)替换为乘法(*),将与运算(&)替换为加法(+)。
计算原理如下(c表示输出序列):
c 101 = b 100 ∗ c 100 + b 99 ∗ c 99 + b 98 ∗ c 98 + b 97 ∗ c 97 + … … + b 1 ∗ c 1 c 102 = b 100 ∗ c 101 + b 99 ∗ c 100 + b 98 ∗ c 99 + b 97 ∗ c 98 + … … + b 1 ∗ c 2 . . . . . . c 200 = b 100 ∗ c 199 + b 99 ∗ c 198 + b 98 ∗ c 197 + b 97 ∗ c 196 + … … + b 1 ∗ c 100 \begin{aligned} &c_{101} = b_{100}*c_{100} + b_{99}*c_{99} + b_{98}*c_{98} + b_{97}*c_{97} + …… + b_{1}*c_{1}\\ &c_{102} = b_{100}*c_{101} + b_{99}*c_{100} + b_{98}*c_{99} + b_{97}*c_{98} + …… + b_{1}*c_{2}\\ &......\\ &c_{200} = b_{100}*c_{199} + b_{99}*c_{198} + b_{98}*c_{197} + b_{97}*c_{196} + …… + b_{1}*c_{100} \end{aligned} c101=b100∗c100+b99∗c99+b98∗c98+b97∗c97+……+b1∗c1c102=b100∗c101+b99∗c100+b98∗c99+b97∗c98+……+b1∗c2......c200=b100∗c199+b99∗c198+b98∗c197+b97∗c196+……+b1∗c100
[ c 100 c 99 . . . c 1 c 101 c 100 . . . c 2 . . . . . . . . . c 199 c 198 . . . c 100 ] ∗ [ b 100 b 99 . . . b 1 ] = [ c 101 c 102 . . . c 200 ] \begin{bmatrix} c_{100} & c_{99} & ... & c_{1}\\ c_{101} & c_{100} & ... & c_{2}\\ ... & ... & & ...\\ c_{199} & c_{198} & ... & c_{100}\\ \end{bmatrix} * \begin{bmatrix} b_{100}\\ b_{99}\\ ...\\ b_1 \end{bmatrix} = \begin{bmatrix} c_{101}\\ c_{102}\\ ...\\ c_{200} \end{bmatrix} ⎣⎢⎢⎡c100c101...c199c99c100...c198.........c1c2...c100⎦⎥⎥⎤∗⎣⎢⎢⎡b100b99...b1⎦⎥⎥⎤=⎣⎢⎢⎡c101c102...c200⎦⎥⎥⎤
sage脚本为:
from sage.all_cmdline import *
import hashlib
output = '010011001110111101111101101010011100101001010000111111011011110101111001111101001001011101110011011101100110000101001001110110100011011000001111101111000001010000100100001100101101101101100111111010111100101001101110001001111010110010010111100101110001111011110100101000000010010000011110010110010010000010011000111111001110011010100011010001100111011000011011111101011100000110111001100110111101011010100010101111011100101100111111100010010010001110010001010100110011101110111110011010101110110100100111001011101101001111100110000111111110000100000110110100000101010011001100110100010100101000100101100001011111110010111100000010100001011010011010100100110010001100011110100011001111010110111110011010101010100000000111001010100100111110100101011101111011000110010100111111011100011010101101101011010110001111001000001100011001011110101001000001110111011110001101111011000111101010101110110010110100111110010001100010010111101111000111110000011011100011111100011110000011001101101111111001111110001001011000001001110000101010101101110110001100110010110001100101001000110101001100000001111011011100000011000101001011111010101110000001010010000110101101010110011000010110001000101001011101100010000100000100111010101100001011100000001010110000101000001011011000011110001101100001011100111110111011101011000001100101110110000010000010001010010000001001101000011111001000111101000010001111000010111100011010001011010111000101110110110011100000111010010000000001001100111010111000000110110000000101011101001111100010110101100101001100110100011100001011111101010100001101100100111000001110010010001011010110000111011011100100000101111110010110001101001001011000001111010011000011101101101010111010100110011010010110010100010001100101100000101111001000001100011011101111001101000110110001001011111010110110111010011101000000110100001101101001111011110100000010001100000010100100000001101010101000010000111011000011001100011110101110010010111110111111111010100001101000110110001001010011100000001000010110010011010100000100101110001111100110100110110001010000011101010111101110111111110110000001000011111001110101010010111010010101010001111010010000011101000100010001101001110001001100000111011010011011001010010011011101100101001001010000011010111000001111001011010001010100011000011110101101101011110110011110010100110100110110011110100010010110110001011101001011110010011110110111010111001101011001111101111101000001100010001001010111000100100011111110010001010000000100101011101010001011100101101110111001011011111011010001111110111011101100011100101001011000100101101110011010111110010000010111000000101111001110111010110100101111110001100110011100101101100101101110100010110010001110100001110101101011001011111101001111011111111110000110110100110110111100010011001001010000010000010011010010011001000010010110000010101010100011111010100111111101101111110110111001010011000001011011100110111001110110000111111100111011001001001110111110011111100001001101001001110000000101001111111111000111111011011011000100100111101100110111011010110001101000111111001000101101000001111010110011001001000111001010001000000001010101001011101101010101101100001001001101011010110101110010010111000110000011111001010110001010001010001000010111100001111100011100001111000111011000001100010011001010111111111110001101000001001001011111111000000001010010010110110101011101100000101000000010101101011001110100011001101100111010110100100110110001001111000110100100100001100110110000110110000010111100000111010000110000100010000000001101001100100101111001100001101100010001101100101110011111100001101101000010000001111011001101111011100000101110110111011010100010101111111000010000011111111001111111110001010100100001101000111011111101110001011100111011000100010101000100100111111111011100110100100100011000011010000000001001010000101011110100111000101110101100010000000100100101111100010001111100001101000111000111111111011110001000111010101110101110001010000001111000010001100110000010011100011101101110100011001001101001111001001000011101000101111111101011001110011101111010011100010110010011100100101000100010001111010110010001000000000011001011110110111110101100110111100000000010000010100101111000001001111001100000010011100100111000100001001111101010000100101001010011111101011100100111011010101001010001001010010110000000101001011110110100011010011111000000011111000001111001100110101011110101011101011101000000011001000101111010111011000100011011110111010110100100110000110111000100010000011010000010000011111001011011001001111110001001111100111011101101010101000101111111000000001111000101001100110101011001010110010110011001011100110010011110100010001010001001010000001001011110110011111010110111110100101011001000111111100110101011111010111100100011110100111010000011111101000011100001010100100110110011100111111111110001101011111000110100010000101000000000110110100111000100000111001000001011000100100110101011111100100101010001101111101100001100100110100011001010100001010000100100001111100110110111101111100100001001011101101011001001101010110010000010110011011001101111000011001100000000101100011110010100001101101101001011100011010111010111110010001010101010100001100011100001000100100010011010111100100100111110011000010110001001110110000100001010001010111000111111010110010100010111000011001010010110010110010110010011111101010010101001110011010001111100100010001000110111111110101111010011100111010100110100001000101100011110111000101010010110111100011010100101110111011011011011010101101000111001111101111001101010011010011111101010111110111110011000011001011111011010011000001111011011111110111101001101000010101011110000111111011000000100000100001110100101001010010010000000110101110111001100101101111001011110111110101001101000011011010100010001011011010110101011011001001101001111111110000100100011011110100111100001100100001011110011000111011001101101110010101101010110001100111111100010000001110011001100100101100010001011000010000110001101000011011001110000011100001000101101000111001010100010001000100111000101100101000011101001010111000101010001110110111001011110001011001000001101011100110100010011101101010000101001110000010000101010001011010011100000000111110000010001110010101101110111111110110111001111101000011011110100000100111011100000100010110011010010011110010001101110001001111110101000110101010010111000011001100010000111110010000100000010001110110101101111100001111001011011010101001110100000111100101110010100100110111100001111000000101001101000111000011100110110001111001100110000011110100101100011011101100110110110110010110011010010101111111111011000011110100000010010101110011100111111101101010011001000100000110101000111001001000010111100000101010000010110000001010111010000000011001100101100001110110100000010011111101011111010001111110110000100111000110010110000101000010000011011110100110101000001110000000010000010110101001010111110110011011011100001110011100101001010010100011101100100111001111110001001001011010011110110011011011100101111001000011101111101010100001000110111001111101011001110001000111111101110011010001111011000110100111000101000111001111010111110101110110000011101101110111000011011110101000100001111001101110110001110010111010000010001011011001101010101100001001011000000010001001100111001001111001011011100111101101010111101100000011111000001101110010001001111001011000000111111011100010011101010011001011110001000011010101111001101011001100101101101001011100100000000000100101010101000110000011011110100000001010010001010010101111111001101110011110100111010101000110000010010011011111000111100001110001011000110110101001100101111110101100011011000011111110110000000000100001001001001110100100011110000001011101101100100110011000010101011000101100000101101011100011110011101101010101001110010010010001000000110100110101011111001010010100000110011111011111111000010111110011000111011101011100111111011110000011101101101011101100111101010001000011101111111100010011011000110000011010100000101001001010011101110000001111111000100001001101010100111101011110001111011011011100000011110101011000110000010000110110100110101011111000110110110010110110100100010000010011011111101001101001111101011011011110100100010001011110110001101011101111101001111000010000110010110111111001010100000010111110100000111111010000000101101111111110010011010110101110010110100101101000110001010110110000010100000111011010101010000101110001000011101001110111000000001000000000001011110011100001000000011011001101110111000000111101110001110111110001100001100100010011101010101101010111001101001101101101010001101100011011110100111001111000010001001100001000000110101001001100011100000000010110001101000100010001010010010001100010111010001000111110100101010000100000011001001110101110100000010001000001101011010011111010111000111100100000010101110101011111011010010001101000001101011111100100111110110111011111011100000101011110001000100100110000000011001110000110010011101001111101100101000110111111100001011010100001110000101011010010111011100100110000000011011010101100111000001100111110000110111010010110111110011000101001101100101011011100010001000011000111110111001110000110100010011000011100011000101101111010001010101101100100111110100111001110000111000101010001100111011010110100110101010100111001111000101110101110010000110110011011011010101110101011001110000000101101011101110100000010111011111001000000000010100111001111101100111000110001011100101001011001110000100001111110111110110011100010101110001100000110000000000001000011111101001010111010101110001010000100000010011111101011111001001011101011001010011100001011110000000010001011101001001101001100110001000100000110011010010111010011011011110101000110000101001111101110000001011011011000000010010110011010010110011100101010001000101101000101001111010011010100011000111000010011111100100011001111001011100011001000111111111110101111010011110100100110111011001111100011001011100001101111100111010110110\
1000011010101011010111101011101111011100101001111111000101100100000011000100101001011001011110001101001100101001'
list1 = [int(i) for i in list((output[100:200]))]
y = vector(GF(2),list1) #值向量
list2 = []
for i in range(100):
list2.append([int(j) for j in list(reversed(output[i:i+100]))])
x = matrix(GF(2),list2) #参数矩阵
mask = x.solve_right(y) #解方程x*mask=y
mask = ''.join([str(i) for i in list(mask)])
flag = int(mask,2)
print(flag)
得到结果
则flag为 flag{856137228707110492246853478448}