[2023年第三届陕西省大学生网络安全技能大赛--职业院校组] ezMath

如是我闻

这题是真不会，问来问出，两个大神给出答案。记下来

from Crypto.Util.number import *
from secret import y,a,b
flag=b'flag{}'
l = len(flag)
m1, m2 = flag[: l // 2], flag[l // 2:]

x = bytes_to_long(m1)
c = bytes_to_long(m2)


assert (x**2+1)*(y**2+1)-2*(x+y)*(x*y+1)==gift-4*x*y

'''
4*b**6-2*a**3+3*a*c = 5530346600323339885232820545798418499625132786869393636420197124606005490080520377416491241780814130580634432917029242402389788321303783584093278303358433856193188224687198306898483386282930376793701825481151610363517100498626293248
b**5+6*c**3+2*a*b*c = 2954615125181706551778975245956905163867066802909029011696374372323491135608656194836008189370779030694961333309906927038863656553775849501064217981385517049591593537202663734020724898058374757
3*a**3-3*a*c-3*b**6 = -5530346600323339885232820545798418499625132786869393636420197035566805062067013375355549877479840082835466426039196029766850808080041755202912921908993556467660683726675045317331817898077228454499973287809035537190311008571468738911

gift=18150211062729351455633481905222609221074385988870569666008228964942099019268333450225373082700058568213818917267125668494844006433076192398714708653476096
'''

题目分两块，第一块是assert那块，给了一个算式和gift求x,其实x,y这两个都不知道，先把公式作个推导

然后对gift开根号后求爆破其中一个因子即可

##########################################################
#  (x^2 + 1)*(y^2 + 1) - 2*(x*y + 1)*(x + y) + 4*x*y  == (x - 1)^2*(y - 1)^2 == gift 
# 将 gift开根号后找出所有因子，其中一个是flag
#m = iroot(gift,2)[0]  
#(mpz(134722719178056050160068120754814615085084368799933376772770527463417306074064), True)
m = 134722719178056050160068120754814615085084368799933376772770527463417306074064
factors = [2, 2, 2, 2, 3, 7, 17, 19, 23, 131, 62191, 1233721, 1578947368421, 51097824280393004391293, 66555714308806184330497]
divs = divisors(m)  #求所有因子（所有因子不仅素因子）

from Crypto.Util.number import *
for d in divs:   
    x = long_to_bytes(d + 1)   
    if b'flag' in x:  
        print(x)
        break 

#flag{e837f64d-a556-41

第二部分给了3个版式，这3个算式手工还推不出来。由于a,b,c都是未知数，手工推不了就没着了，大神给出的resultant 消元法，记下了

##########################################################
#resultant 消元法
A = 5530346600323339885232820545798418499625132786869393636420197124606005490080520377416491241780814130580634432917029242402389788321303783584093278303358433856193188224687198306898483386282930376793701825481151610363517100498626293248
B = 2954615125181706551778975245956905163867066802909029011696374372323491135608656194836008189370779030694961333309906927038863656553775849501064217981385517049591593537202663734020724898058374757
C = - 5530346600323339885232820545798418499625132786869393636420197035566805062067013375355549877479840082835466426039196029766850808080041755202912921908993556467660683726675045317331817898077228454499973287809035537190311008571468738911

P. = PolynomialRing(ZZ)
f1 = 4*b**6-2*a**3+3*a*c-A
f2 = b**5+6*c**3+2*a*b*c-B
f3 = 3*a**3-3*a*c-3*b**6-C

from sage.matrix.matrix2 import Matrix 

def resultant(f1, f2, var):
    return Matrix.determinant(f1.sylvester_matrix(f2, var))

h1 = resultant(f1, f2, a) #b,c
h2 = resultant(f1, f3, a) #b,c
h = resultant(h1, h2, b) #c
print(h.univariate_polynomial().roots())
#[(78042915855360415267901257437397052556186367517053, 1)]
print(long_to_bytes(78042915855360415267901257437397052556186367517053))
#5f-af01-c883e3c8d9ca}

小本记上，可以睡觉了。