Stereotyped messages attack(刻板消息攻击)

news/2025/3/12 23:47:17/文章来源:https://www.cnblogs.com/SevensNight/p/18766220

攻击阐述

我们用b'\x00'替换消息中的x这样就有了(m+x)^e mod n=c

  • m知道一部分
  • xb'\x00\x00******'未知的
  • (e,n)是公钥,c是密文

问题变为如何找到x

Coppersmith可以解决了这个问题

(这种题本质上就是Coppersmith的变体)

攻击成功条件

  • e = 3
  • x < N<sup>1/e</sup>

题目1:

Hmm? What's wrong with using the same flag format again? Whisper it in my ear so they don't hear.n: 103805634552377307340975059685101156977551733461056876355507089800229924640064014138267791875318149345634740763575673979991819014964446415505372251293888861031929442007781059010889724977253624216086442025183181157463661838779892334251775663309103173737456991687046799675461756638965663330282714035731741912263
e: 3
ct: 24734873977910637709237800614545622279880260333085506891667302143041484966318230317192234785987158021463825782079898979505470029030138730760671563038827274105816021371073990041986605112686349050253522070137824687322227491501626342218176173909258627357031402590581822729585520702978374712113860530427142416062

解题思路:

  • 我们可能第一时间想到是小明文攻击,但是尝试解题发现求不出来
from Crypto.Util.number import *
from gmpy2 import irootn = 103805634552377307340975059685101156977551733461056876355507089800229924640064014138267791875318149345634740763575673979991819014964446415505372251293888861031929442007781059010889724977253624216086442025183181157463661838779892334251775663309103173737456991687046799675461756638965663330282714035731741912263
e = 3
ct = 24734873977910637709237800614545622279880260333085506891667302143041484966318230317192234785987158021463825782079898979505470029030138730760671563038827274105816021371073990041986605112686349050253522070137824687322227491501626342218176173909258627357031402590581822729585520702978374712113860530427142416062m = iroot(ct,3)[0]
print(long_to_bytes(m))
# b"\x14\xd0j\x13\x18\xfe\xfc\x8d\x81.\xcf\xda\xf2)\x81'\xf4G\x95\xf1\xa3Y\xbe\x07\x98B\x86W\x12\xc0\x08\xb0\x87\x82:\xbb\xca\x81h\x9e\xc0\x8a}"
  • 但我们可以根据描述:用相同的标志?我们不难知道flag前缀"squ1rrel{"
  • 这道题其实是另一种标准的RSA攻击,具体来说的,其实是Coppersmith的一种变体,称为刻板消息攻击(Stereotyped messages attack)或者说已知明文高位攻击
  • 从本质上讲,这个攻击是在我们知道明文的形式是squ1rrel{XX...XX},其中X表示未知字符
  • Coppersmith的攻击使我们能够解密它

解答:

解法1:

n = 103805634552377307340975059685101156977551733461056876355507089800229924640064014138267791875318149345634740763575673979991819014964446415505372251293888861031929442007781059010889724977253624216086442025183181157463661838779892334251775663309103173737456991687046799675461756638965663330282714035731741912263
e = 3
c = 24734873977910637709237800614545622279880260333085506891667302143041484966318230317192234785987158021463825782079898979505470029030138730760671563038827274105816021371073990041986605112686349050253522070137824687322227491501626342218176173909258627357031402590581822729585520702978374712113860530427142416062prfx = b'squ1rrel{'
for i in range(100):t = prfx + b'\x00'*i + + b'}'m = int.from_bytes(t, byteorder='big')P.<x> = PolynomialRing(Zmod(n), implementation='NTL')pol = (m + x)^e - croots = pol.small_roots(epsilon=1/30)print(i, "Potential solutions:")for root in roots:print(root)print(bytes.fromhex(hex(m+int(root)%n)[2:]))
#squ1rrel{wow_i_was_betrayed_by_my_own_friend}

解法2:

from sage.all import *n = 103805634552377307340975059685101156977551733461056876355507089800229924640064014138267791875318149345634740763575673979991819014964446415505372251293888861031929442007781059010889724977253624216086442025183181157463661838779892334251775663309103173737456991687046799675461756638965663330282714035731741912263
exp = 3
c = 24734873977910637709237800614545622279880260333085506891667302143041484966318230317192234785987158021463825782079898979505470029030138730760671563038827274105816021371073990041986605112686349050253522070137824687322227491501626342218176173909258627357031402590581822729585520702978374712113860530427142416062known = b"squ1rrel{"
known_int = int.from_bytes(known, byteorder='big')for i in range(100):try:x = PolynomialRing(Zmod(n), 'x').gen()f = (known_int * 2**(i * 8) + x)**exp - croots = f.small_roots(X=2**(i * 8), beta=0.5)if roots:ans = roots[0]unknown_part = int(ans).to_bytes((i + 1), byteorder='big')print(known.decode() + unknown_part.decode())breakexcept:continue
#squ1rrel{wow_i_was_betrayed_by_my_own_friend}

题目2:

from Crypto.Util import number
from secret import flag
import oslength = 2048
p, q = number.getPrime(length//2), number.getPrime(length//2)
N = p*q
e = 3m = number.bytes_to_long(flag)
x = number.bytes_to_long(os.urandom(length//8))c = pow(m|x, e, N)
print('N =', N)
print('e =', e)
print('c =', c)
print('m&x =', m&x)
'''
N = 13876129555781460073002089038351520612247655754841714940325194761154811715694900213267064079029042442997358889794972854389557630367771777876508793474170741947269348292776484727853353467216624504502363412563718921205109890927597601496686803975210884730367005708579251258930365320553408690272909557812147058458101934416094961654819292033675534518433169541534918719715858981571188058387655828559632455020249603990658414972550914448303438265789951615868454921813881331283621117678174520240951067354671343645161030847894042795249824975975123293970250188757622530156083354425897120362794296499989540418235408089516991225649
e = 3
c = 6581985633799906892057438125576915919729685289065773835188688336898671475090397283236146369846971577536055404744552000913009436345090659234890289251210725630126240983696894267667325908895755610921151796076651419491871249815427670907081328324660532079703528042745484899868019846050803531065674821086527587813490634542863407667629281865859168224431930971680966013847327545587494254199639534463557869211251870726331441006052480498353072578366929904335644501242811360758566122007864009155945266316460389696089058959764212987491632905588143831831973272715981653196928234595155023233235134284082645872266135170511490429493
#m&x
m_x = 947571396785487533546146461810836349016633316292485079213681708490477178328756478620234135446017364353903883460574081324427546739724
x = 15581107453382746363421172426030468550126181195076252322042322859748260918197659408344673747013982937921433767135271108413165955808652424700637809308565928462367274272294975755415573706749109706624868830430686443947948537923430882747239965780990192617072654390726447304728671150888061906213977961981340995242772304458476566590730032592047868074968609272272687908019911741096824092090512588043445300077973100189180460193467125092550001098696240395535375456357081981657552860000358049631730893603020057137233513015505547751597823505590900290756694837641762534009330797696018713622218806608741753325137365900124739257740
'''

解题思路:

  • 我们知道m&x,x但并恢复不了m,看来我们必须解密c才能得到m|x
  • 简单统计一下,m&xx的位数len(bin(m_x)[2:]),len(bin(x)[2:])
  • xm多的位数2048-440
  • m&xxm为440位,x为2048位
  • 也就意味着m|x的高1608位对应x的高位
  • 故有以下已知信息:
    • a=m|x(取低440位)
    • b=x(取x高1680位,低440位赋值为0)
    • m|x==b+a,有c==(b+a)^e (mod N)
  • 这可以归为RSA中stereotyped messages类型攻击,我们能使用Coppersmith恢复a
  • 多项式为f(x)=(m+x)^e-c想发现模N的一个根

代码实现

dd = f.degree()
beta = 1
epsilon = beta / 7
mm = ceil(beta**2 / (dd * epsilon))
tt = floor(dd * mm * ((1/beta) - 1))
XX = ceil(N**((beta**2/dd) - epsilon))
roots = coppersmith_howgrave_univariate(f, N, beta, mm, tt, XX)

解答:

# Coppersmith implementation import timedebug = True# display matrix picture with 0 and X
def matrix_overview(BB, bound):for ii in range(BB.dimensions()[0]):a = ('%02d ' % ii)for jj in range(BB.dimensions()[1]):a += '0' if BB[ii,jj] == 0 else 'X'a += ' 'if BB[ii, ii] >= bound:a += '~'print(a)def coppersmith_howgrave_univariate(pol, modulus, beta, mm, tt, XX):"""Coppersmith revisited by Howgrave-Grahamfinds a solution if:* b|modulus, b >= modulus^beta , 0 < beta <= 1* |x| < XX"""## init#dd = pol.degree()nn = dd * mm + tt## checks#if not 0 < beta <= 1:raise ValueError("beta should belongs in (0, 1]")if not pol.is_monic():raise ArithmeticError("Polynomial must be monic.")## calculate bounds and display them#"""* we want to find g(x) such that ||g(xX)|| <= b^m / sqrt(n)* we know LLL will give us a short vector v such that:||v|| <= 2^((n - 1)/4) * det(L)^(1/n)* we will use that vector as a coefficient vector for our g(x)* so we want to satisfy:2^((n - 1)/4) * det(L)^(1/n) < N^(beta*m) / sqrt(n)so we can obtain ||v|| < N^(beta*m) / sqrt(n) <= b^m / sqrt(n)(it's important to use N because we might not know b)"""if debug:# t optimized?print("\n# Optimized t?\n")print("we want X^(n-1) < N^(beta*m) so that each vector is helpful")cond1 = RR(XX^(nn-1))print ("* X^(n-1) = ", cond1)cond2 = pow(modulus, beta*mm)print("* N^(beta*m) = ", cond2)print("* X^(n-1) < N^(beta*m) \n-> GOOD" if cond1 < cond2 else "* X^(n-1) >= N^(beta*m) \n-> NOT GOOD")# bound for Xprint("\n# X bound respected?\n")print("we want X <= N^(((2*beta*m)/(n-1)) - ((delta*m*(m+1))/(n*(n-1)))) / 2 = M")print("* X =", XX)cond2 = RR(modulus^(((2*beta*mm)/(nn-1)) - ((dd*mm*(mm+1))/(nn*(nn-1)))) / 2)print("* M =", cond2)print("* X <= M \n-> GOOD" if XX <= cond2 else "* X > M \n-> NOT GOOD")# solution possible?print("\n# Solutions possible?\n")detL = RR(modulus^(dd * mm * (mm + 1) / 2) * XX^(nn * (nn - 1) / 2))print("we can find a solution if 2^((n - 1)/4) * det(L)^(1/n) < N^(beta*m) / sqrt(n)")cond1 = RR(2^((nn - 1)/4) * detL^(1/nn))print("* 2^((n - 1)/4) * det(L)^(1/n) = ", cond1)cond2 = RR(modulus^(beta*mm) / sqrt(nn))print("* N^(beta*m) / sqrt(n) = ", cond2)print("* 2^((n - 1)/4) * det(L)^(1/n) < N^(beta*m) / sqrt(n) \n-> SOLUTION WILL BE FOUND" if cond1 < cond2 else "* 2^((n - 1)/4) * det(L)^(1/n) >= N^(beta*m) / sqroot(n) \n-> NO SOLUTIONS MIGHT BE FOUND (but we never know)")# warning about Xprint("\n# Note that no solutions will be found _for sure_ if you don't respect:\n* |root| < X \n* b >= modulus^beta\n")## Coppersmith revisited algo for univariate## change ring of pol and xpolZ = pol.change_ring(ZZ)x = polZ.parent().gen()# compute polynomialsgg = []for ii in range(mm):for jj in range(dd):gg.append((x * XX)**jj * modulus**(mm - ii) * polZ(x * XX)**ii)for ii in range(tt):gg.append((x * XX)**ii * polZ(x * XX)**mm)# construct lattice BBB = Matrix(ZZ, nn)for ii in range(nn):for jj in range(ii+1):BB[ii, jj] = gg[ii][jj]# display basis matrixif debug:matrix_overview(BB, modulus^mm)# LLLBB = BB.LLL()# transform shortest vector in polynomialnew_pol = 0for ii in range(nn):new_pol += x**ii * BB[0, ii] / XX**ii# factor polynomialpotential_roots = new_pol.roots()print("potential roots:", potential_roots)# test rootsroots = []for root in potential_roots:if root[0].is_integer():result = polZ(ZZ(root[0]))if gcd(modulus, result) >= modulus^beta:roots.append(ZZ(root[0]))# return roots# Public key
N = 13876129555781460073002089038351520612247655754841714940325194761154811715694900213267064079029042442997358889794972854389557630367771777876508793474170741947269348292776484727853353467216624504502363412563718921205109890927597601496686803975210884730367005708579251258930365320553408690272909557812147058458101934416094961654819292033675534518433169541534918719715858981571188058387655828559632455020249603990658414972550914448303438265789951615868454921813881331283621117678174520240951067354671343645161030847894042795249824975975123293970250188757622530156083354425897120362794296499989540418235408089516991225649
length_N = 2048
ZmodN = Zmod(N);
e = 3# Obscuring term (was called `x` previously)
obs = 15581107453382746363421172426030468550126181195076252322042322859748260918197659408344673747013982937921433767135271108413165955808652424700637809308565928462367274272294975755415573706749109706624868830430686443947948537923430882747239965780990192617072654390726447304728671150888061906213977961981340995242772304458476566590730032592047868074968609272272687908019911741096824092090512588043445300077973100189180460193467125092550001098696240395535375456357081981657552860000358049631730893603020057137233513015505547751597823505590900290756694837641762534009330797696018713622218806608741753325137365900124739257740
length_obs = 440# Ciphertext
C = 6581985633799906892057438125576915919729685289065773835188688336898671475090397283236146369846971577536055404744552000913009436345090659234890289251210725630126240983696894267667325908895755610921151796076651419491871249815427670907081328324660532079703528042745484899868019846050803531065674821086527587813490634542863407667629281865859168224431930971680966013847327545587494254199639534463557869211251870726331441006052480498353072578366929904335644501242811360758566122007864009155945266316460389696089058959764212987491632905588143831831973272715981653196928234595155023233235134284082645872266135170511490429493# Obsuring term with lower 440 bits zero'd (was called 'b' previously)obs_clean = (obs >> length_obs) << length_obs# Problem to equation.
# The `x` here was called `a` previously, which we are now solving for.
P.<x> = PolynomialRing(ZmodN)
pol = (obs_clean + x)^e - Cdd = pol.degree()
beta = 1                                # b = N
epsilon = beta / 7                      # <= beta / 7
mm = ceil(beta**2 / (dd * epsilon))     # optimized value
tt = floor(dd * mm * ((1/beta) - 1))    # optimized value
XX = ceil(N**((beta**2/dd) - epsilon))  # optimized value# Coppersmith
roots = coppersmith_howgrave_univariate(pol, N, beta, mm, tt, XX)print()
print("Solutions")
print("We found:", str(roots))'''
# Optimized t?we want X^(n-1) < N^(beta*m) so that each vector is helpful
* X^(n-1) =  7.64639144486953e938
* N^(beta*m) =  2671806721397343609369125721689846363846823887595317169259208269410807613515138193272735950395342600354585884618596837138454312445763723886601166952043062748009505139217794681937611360645445444140769994643446818754534866298130651329433014724715889837444867182984191620190905818803588933562722223328979700923934070485221893022649172511067198019458620445165662776678908770872500383557396520873649954695933963393304148547194098533517769688355801169062583949901346704912994207653877424119826970416572728246446525108981742453007188018279798743202379750534406784078069421672055702384012232185139872186089443647992149818358893834997950425662042050549158210414590239894415499371752895019920281114015215479652534190130397775610338712743962931327219145055957487978233015931879293485628652795746982880303598514651118264609343317354096189644231871614967872526120966984276731281546669197245726209804436508113354381914315232435894150854988195962920941429615473853382836785869279384612192426076678623082066854288934520774307146911493350318344271370346300740624871491708331236066262479670355346647414096649266862487754904950869424292066310431256633985253697575515680033391453124985988988670191902111914051233299493877035782843638962398086115700226338455677786300225885984533601124871244669214214105103887099092767042659106858007541232363169127153863660502490389037875332835859504268824420222360070871822883878805542227544448876610761790896706106782074035914998714448926799887557941643969590869586865208655191892111098282289241597413702345534627562696456765064323919706870792491286590311106687866963980133668858578681546024445557042142046310271577884977392878357234252136015344414426228232128893808200127782962118800708442012306882529157602730015548081294901794784475069861171020927127171831672885720955503939986515276832850113174993877171846111637519924505032034449
* X^(n-1) < N^(beta*m) 
-> GOOD# X bound respected?we want X <= N^(((2*beta*m)/(n-1)) - ((delta*m*(m+1))/(n*(n-1)))) / 2 = M
* X = 2293147898964117288808008000805061598361990209625542167130389100774470198047923394475218668318195962237962277248056358
* M = 5.42671596118645e153
* X <= M 
-> GOOD# Solutions possible?we can find a solution if 2^((n - 1)/4) * det(L)^(1/n) < N^(beta*m) / sqrt(n)
* 2^((n - 1)/4) * det(L)^(1/n) =  2.12973195403260e1702
* N^(beta*m) / sqrt(n) =  8.90602240465781e1847
* 2^((n - 1)/4) * det(L)^(1/n) < N^(beta*m) / sqrt(n) 
-> SOLUTION WILL BE FOUND# Note that no solutions will be found _for sure_ if you don't respect:
* |root| < X 
* b >= modulus^beta00 X 0 0 0 0 0 0 0 0 ~
01 0 X 0 0 0 0 0 0 0 ~
02 0 0 X 0 0 0 0 0 0 ~
03 X X X X 0 0 0 0 0 
04 0 X X X X 0 0 0 0 
05 0 0 X X X X 0 0 0 
06 X X X X X X X 0 0 
07 0 X X X X X X X 0 
08 0 0 X X X X X X X 
potential roots: [(2722393138562666557007231734043804673010965247853655886232567981247025605356740318867235245940388712958024648376448739432029199788029, 1)]Solutions
We found: [2722393138562666557007231734043804673010965247853655886232567981247025605356740318867235245940388712958024648376448739432029199788029]
'''

import libnumdef recover(x, m_and_x, m_or_x):ans = []while m_and_x > 0:a = x & 1 #取x的最低一位b = m_and_x & 1c = m_or_x & 1if a == 0: # 若a=0,0 and (0 或1)=0 故看 0 or c=cassert b == 0ans.append(str(c))else:     # 若a=1,则 1 or (1 or 0)=1 ,故看1 and b=bans.append(str(b))# 都右移看下一位m_or_x >>= 1m_and_x >>= 1x >>= 1ans = ans[::-1]ans = "".join(ans)return libnum.n2s(int('0b'+ans,2))
m_or_x=2722393138562666557007231734043804673010965247853655886232567981247025605356740318867235245940388712958024648376448739432029199788029
# m_and_x为m|x低440位
m_and_x = 947571396785487533546146461810836349016633316292485079213681708490477178328756478620234135446017364353903883460574081324427546739724
x = 15581107453382746363421172426030468550126181195076252322042322859748260918197659408344673747013982937921433767135271108413165955808652424700637809308565928462367274272294975755415573706749109706624868830430686443947948537923430882747239965780990192617072654390726447304728671150888061906213977961981340995242772304458476566590730032592047868074968609272272687908019911741096824092090512588043445300077973100189180460193467125092550001098696240395535375456357081981657552860000358049631730893603020057137233513015505547751597823505590900290756694837641762534009330797696018713622218806608741753325137365900124739257740
m=recover(x,m_and_x,m_or_x)
print(m)
#utflag{C0u1dNt_c0m3_uP_w1tH_A_Cl3veR_f1aG_b61a2defc55f}

题目3:

from Crypto.Util.number import *
from secret import flagflag_start = b'flag{t'
flag_end = b'}'p = getPrime(456)
q = getPrime(456)
e = 3
n = p * q
flag = b'flag{t****************}'
flag_int = bytes_to_long(flag)
m = flag[6:-1]
assert flag_int ** e > n # 不给这个条件你也应该知道
t = b'\x00' * (len(m))
pad = bytes_to_long(t)
c = pow((flag_int+pad),e,n)print(f'n = {n}')
print(f'c = {c}')
'''
n = 15198997803601307326483182753401553751107030400663919854381663609601066220459849413924313482180354810070491802144431035961020221185817362006013303785963614208654863928227963717321258650220354346657611711515631415979360341600648357039818518380073738588049931038623009355815437
c = 13372780607812687832430575693779681742524553489911373152395085032375134765008965073417747041590968756237889308887046493756435743737100866647029135622665354398233971261261078947167452569261788042034543984545405209320829950091369679478346674657183902385231489619055114151016899
'''

解题思路:

  • 看上去很像小明文攻击,但是根据assert flag_int ** e > n显然小明文攻击无效
  • 因为必须确保密文不会超过模数c=m^e mod n才可以直接开方
  • 这是典型的RSA Attack: Stereotyped message attack
  • 假如我在这里明确了flag的长度(40),我们可以直接通过已知m高位Coppersmith方法求小根,不过由于我没说flag的长度,而且还用了m = flag[6:-1]裁切以确定t的大小,所以也许可以通过遍历字节数来求

m_high_int = int.from_bytes(m_high+b'\x00'*(**<font style="color:#DF2A3F;">需要遍历的</font>**), byteorder='big')

(貌似求不出来哈哈)

  • 类似的短填充攻击形如c = pow(m+r, e, n),这个r是已知的,如果不知道同样可以慢慢遍历

解答:

预期解:

n = 15198997803601307326483182753401553751107030400663919854381663609601066220459849413924313482180354810070491802144431035961020221185817362006013303785963614208654863928227963717321258650220354346657611711515631415979360341600648357039818518380073738588049931038623009355815437
c = 13372780607812687832430575693779681742524553489911373152395085032375134765008965073417747041590968756237889308887046493756435743737100866647029135622665354398233971261261078947167452569261788042034543984545405209320829950091369679478346674657183902385231489619055114151016899
e = 3
flag_start = b'flag{t'
flag_end = b'}'
for i in range(100):t = flag_start + b'\x00'*i + flag_endm = int.from_bytes(t, byteorder='big')P.<x> = PolynomialRing(Zmod(n), implementation='NTL')pol = (m + x)^e - croots = pol.small_roots(epsilon=1/30)print(i, "Potential solutions:")for root in roots:print(root)print(bytes.fromhex(hex(m+int(root)%n)[2:]))
'''
33 Potential solutions:
3091325547141372540146599315252335874790320352118005219426376315454979073888185088
b'flag{thI5_1s_Stere0typed_mes5age_att4ck}'
'''

m = 3091325547141372540146599315252335874790320352118005219426376315454979073888185088
print(long_to_bytes(m))
#hI5_1s_Stere0typed_mes5age_att4ck\x00

非预期解:

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.hqwc.cn/news/897431.html

如若内容造成侵权/违法违规/事实不符,请联系编程知识网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

反素数(emirp数)

反素数(emirp数)

反素数,英文称作emirp(prime(素数)的左右颠倒拼写),是素数的一种,把一个素数的阿拉伯字数字序列(十进制)变成由低位向高位反写出来,得到的另一个数还是素数,例如素数<font style="color:rgb(32, 33, 34);">13</font>,反写就是<font style="color…
阅读更多...
ai烟雾检测智能摄像机

ai烟雾检测智能摄像机

ai烟雾烟头识别摄像头作为现代火灾预防技术的重要组成部分,特别是在大范围要求高的林业、农田等,具有独特的优势,有效降低了火灾发生。AI烟雾烟头识别摄像头厂家也逐渐多了起来。AI烟雾烟火识别摄像头能准确捕捉到火焰的形状、大小、颜色等特征,还能结合环境背景、光线变化…
阅读更多...
24-关于华夏ERP的搭建、审计、扫描

24-关于华夏ERP的搭建、审计、扫描

1、使用IDEA和PHPStudy搭建华夏erp 需要先下载 jshERP3.3-最新包,JSH_ERP-v3.3源码前端部署在网站根目录下创建一个名为ERP的文件夹,将前端压缩包 前端包/dist.zip 解压到该目录下 使用小皮创建 huaxi.com网站,连接到刚刚的ERP目录访问http://huaxi.com,出现如下页面说明前…
阅读更多...
AMM算法进阶

AMM算法进阶

题目: from Crypto.Util.number import * import os from gmpy2 import *def getMyPrime1(nbits):while True:n = 2*1009*7*getPrime(nbits//2)*getPrime(nbits//2)if is_prime(n+1):return n+1def getMyPrime2(nbits):while True:n = 2*1009*getPrime(nbits//2)*getPrime(nbit…
阅读更多...
AMM算法

AMM算法

题目: from Crypto.Util.number import * import os from gmpy2 import *def getMyPrime(nbits):while True:n = 2*1009*getPrime(nbits//2)*getPrime(nbits//2)if is_prime(n+1):return n+1p = getMyPrime(700) q = getMyPrime(700) n = p*qe = 1009flag = bNSSCTF{******} + …
阅读更多...
[PaperReading] Scaling Vision Transformers to 22 Billion Parameters

[PaperReading] Scaling Vision Transformers to 22 Billion Parameters

目录名称TL;DRMethodCode && ImplementationExperiment实现细节Linear Eval on ImageNetZero-shot Eval on ImageNetDense PredictionRelated works中值得深挖的工作 名称 Scaling Vision Transformers to 22 Billion Parameters 论文链接 时间:2023.02 作者与单位:G…
阅读更多...
【CF VP记录】Codeforces Round 1008 (Div. 2)

【CF VP记录】Codeforces Round 1008 (Div. 2)

比赛链接 本文原文发布于博客园,如您在其他平台刷到此文,请前往博客园获得更好的阅读体验。 跳转链接:https://www.cnblogs.com/TianTianChaoFangDe/p/18766146 开题 + 补题情况 坠机场,要是赛时打了的话就又回青了,前两题很快开出来了,第三题脑残了,一开始觉得只需要构…
阅读更多...
32位系统上的Linux的highmem

32位系统上的Linux的highmem

什么是highmem? Linux内存管理 highmem的出现与Linux的内存管理相关。众所周知,linux内核一般将处理器的虚拟地址空间分为两个部分。底部较大的部分用于用户进程,而顶部的较小部分用于内核。这个划分的比例通常是1:3(在编译内核时可以通过特殊的配置选项修改这个比例)。所…
阅读更多...
halcon 深度学习教程(一)分类检测 (工业里如何使用halcon深度学习去检测分类产品)

halcon 深度学习教程(一)分类检测 (工业里如何使用halcon深度学习去检测分类产品)

原文作者:aircraft 原文链接:https://www.cnblogs.com/DOMLX/p/18766108深度学习教程目录如下,还在继续更新完善中 深度学习系列教程目录 本篇主要是入门halcon的深度学习篇,参考halcon实例classify_fruit_deep_learning.hdev,不过去实例的话会比较复杂一些,不便于理解,这…
阅读更多...
3-11

3-11

今天学习android atudio 设置了Onclick事件监听 实现了页面跳转
阅读更多...
浅谈动态 dp

浅谈动态 dp

DDP,即动态动态规划,一般是指在原有的 DP 模型上不断对初始值进行修改并得出答案。 一般而言都是进行单点修改,并且搭配数据结构以及矩阵进行实现。 这里要先给出一个前置知识: 广义矩阵乘法 原矩阵乘法式子为 \(C_{i,j}=\sum_kA_{i,k}\times B_{k,j}\)。 其实写成这样同样…
阅读更多...
【Gradle】运行

【Gradle】运行

阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023