密码分析学——Md4碰撞代码实现
2024-06-30 20:14:57
密码分析学——Md4碰撞代码实现
——ECNU YZ
File: Md4.py
class Md4Orign:# ----- 这里忽略了一些规范化过程,采用小端序和无消息填充的方法,可自行通过重写get_m拓展...MAX_MARGIN = 0X100000000MAX_LEN = 32ERR_INPUT_MSG = '输入存在错误,请输入一个16进制的数组(0<=list[i]<2^512)'def __init__(self):self.FGH = [Md4Orign.F, Md4Orign.G, Md4Orign.H]self.PAD = [0x00000000, 0x5a827999, 0x6ed9eba1]self.m = [0x00000000 for i in range(16)]self.aa = 0x67452301self.bb = 0xefcdab89self.cc = 0x98badcfeself.dd = 0x10325476self.m_48 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15,0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15]self.s_48 = [3, 7, 11, 19, 3, 7, 11, 19, 3, 7, 11, 19, 3, 7, 11, 19,3, 5, 9, 13, 3, 5, 9, 13, 3, 5, 9, 13, 3, 5, 9, 13,3, 9, 11, 15, 3, 9, 11, 15, 3, 9, 11, 15, 3, 9, 11, 15]def phi(self, i, abcd, mk, s):return Md4Orign.left_s((abcd[0] + self.FGH[i](abcd[1], abcd[2], abcd[3]) + mk + self.PAD[i])% Md4Orign.MAX_MARGIN, s)def compute(self, m=None):self.get_m(m)abcd = [self.aa, self.bb, self.cc, self.dd]for i in range(48):abcd[-(i % 4)] = self.phi(int(i / 16), abcd[-(i % 4)::] + abcd[:-(i % 4):], self.m[self.m_48[i]],self.s_48[i])return "{:0>8x}{:0>8x}{:0>8x}{:0>8x}".format((abcd[0] + self.aa) % Md4Orign.MAX_MARGIN,(abcd[1] + self.bb) % Md4Orign.MAX_MARGIN,(abcd[2] + self.cc) % Md4Orign.MAX_MARGIN,(abcd[3] + self.dd) % Md4Orign.MAX_MARGIN)def get_m(self, m=None):self.m = m if m is not None and Md4Orign.m_valid(m) else self.m@staticmethoddef F(X, Y, Z):return (X & Y) | (~X & Z)@staticmethoddef G(X, Y, Z):return (X & Y) | (X & Z) | (Y & Z)@staticmethoddef H(X, Y, Z):return X ^ Y ^ Z@staticmethoddef left_s(val, s):s = s % Md4Orign.MAX_LENreturn val >> (Md4Orign.MAX_LEN - s) | ((val << s) % Md4Orign.MAX_MARGIN)@staticmethoddef right_s(val, s):s = s % Md4Orign.MAX_LENreturn val << (Md4Orign.MAX_LEN - s) | ((val >> s) % Md4Orign.MAX_MARGIN)@staticmethoddef m_valid(m):try:if len(m) != 16:print(Md4Orign.ERR_INPUT_MSG)return Falseelse:for mi in m:if type(mi) != int or not (0 <= mi < Md4Orign.MAX_MARGIN):print(Md4Orign.ERR_INPUT_MSG)return Falsereturn Trueexcept:print(Md4Orign.ERR_INPUT_MSG)return FalseFile: main.py
import struct
import timefrom MD4 import Md4Orign
import randomclass Md4Collision(Md4Orign):constraints1 = [[['=', 6]], [['0', 6], ['=', 7], ['=', 10]],[['1', 6], ['1', 7], ['0', 10], ['=', 25]],[['1', 6], ['0', 7], ['0', 10], ['0', 25]],[['1', 7], ['1', 10], ['0', 25], ['=', 13]],[['0', 13], ['=', 18], ['=', 19], ['=', 20], ['=', 21], ['1', 25]],[['=', 12], ['0', 13], ['=', 14], ['0', 18], ['0', 19], ['1', 20], ['0', 21]],[['1', 12], ['1', 13], ['0', 14], ['=', 16], ['0', 18], ['0', 19], ['0', 20], ['0', 21]],[['1', 12], ['1', 13], ['1', 14], ['0', 16], ['0', 18], ['0', 19], ['0', 20], ['=', 22], ['1', 21], ['=', 25]],[['1', 12], ['1', 13], ['1', 14], ['0', 16], ['0', 19], ['1', 20], ['1', 21], ['0', 22], ['1', 25], ['=', 29]],[['1', 16], ['0', 19], ['0', 20], ['0', 21], ['0', 22], ['0', 25], ['1', 29], ['=', 31]],[['0', 19], ['1', 20], ['1', 21], ['=', 22], ['1', 25], ['0', 29], ['0', 31]],[['0', 22], ['0', 25], ['=', 26], ['=', 28], ['1', 29], ['0', 31]],[['0', 22], ['0', 25], ['1', 26], ['1', 28], ['0', 29], ['1', 31]],[['=', 18], ['1', 22], ['1', 25], ['0', 26], ['0', 28], ['0', 29]],[['0', 18], ['=', 25], ['1', 26], ['1', 28], ['0', 29], ['=', 31]]]constraints2 = [[['=', 18, 2], ['1', 25], ['0', 26], ['1', 28], ['1', 31]],[['=', 18, 0], ['=', 25, 1], ['=', 26, 1], ['=', 28, 1], ['=', 31, 1]]]M_1 = 0x80000000M_2 = 0x70000000M_12 = -0x10000def modify_m(self, m):abcd = [self.aa, self.bb, self.cc, self.dd]# Round1for i in range(16):abcd[-(i % 4)], m[i] = self.one_step_modify(abcd[-(i % 4)::] + abcd[:-(i % 4):], m[i], self.s_48[i],Md4Collision.constraints1[i], Md4Collision.F)# Round2abcdi = self.get_abcdi(m, 3)# - a5abcd[0], m[0] = self.one_step_modify(abcd, m[0], 3, Md4Collision.constraints2[0], Md4Collision.G, abcd)abcdi[1][0] = Md4Collision.left_s((self.aa + self.F(self.bb, self.cc, self.dd) + m[0]) % Md4Orign.MAX_MARGIN, 3)self.mutiple_step_modify(abcdi, m, 0)# - d5abcd[3], m[4] = self.one_step_modify(abcd[3:]+abcd[:3], m[4], 5, Md4Collision.constraints2[1], Md4Collision.G,abcd)abcdi[2][0] = Md4Collision.left_s((abcdi[1][0] + self.F(abcdi[1][1], abcdi[1][2], abcdi[1][3]) + m[4])% Md4Orign.MAX_MARGIN, 3)self.mutiple_step_modify(abcdi, m, 1)return mdef find_collision(self):m1_o, m1, m2 = Md4Collision.get_random_m(), None, Noneh1, h2 = "h1", "h2"i = 1print('--------正在寻找Md4碰撞中---------')while h1 != h2:m1_o = Md4Collision.get_random_m()m1 = self.modify_m(m1_o)m2 = m1.copy()m2[1] = (m2[1] + Md4Collision.M_1) % Md4Collision.MAX_MARGINm2[2] = (m2[2] + Md4Collision.M_2) % Md4Collision.MAX_MARGINm2[12] = (m2[12] + Md4Collision.M_12) % Md4Collision.MAX_MARGINh1, h2 = self.compute(m1), self.compute(m2)i += 1print('总时长:%ds' % time.perf_counter(), '; 尝试次数:%d次' % i)print('m1:', "".join(["%x" % mi for mi in m1]))print('m2:', "".join(["%x" % mi for mi in m2]))print(self.compute(m1), '(m1 结果) ==', self.compute(m2), '(m2 结果)')return m1, m2, h1, h2def one_step_modify(self, abcd, mi, si, constraintsi, f, abcd_normal=None):v = Md4Collision.left_s((abcd[0] + f(abcd[1], abcd[2], abcd[3]) + (self.PAD[1] if f == self.FGH[1] else 0) + mi)% Md4Orign.MAX_MARGIN, si)for c in constraintsi:if c[0] == '=':v ^= (v ^ (abcd[1] if len(c) < 3 else abcd_normal[c[2]])) & (2 ** c[1])elif c[0] == '0':v &= ~(2 ** c[1])elif c[0] == '1':v |= 2 ** c[1]return v, (Md4Collision.right_s(v, si) - abcd[0] - f(abcd[1], abcd[2], abcd[3]) -(self.PAD[1] if f == self.FGH[1] else 0)) % Md4Collision.MAX_MARGINdef mutiple_step_modify(self, abcd_i, m, i): # i=0 / i=1for j in range(1, 5):m[self.m_48[i * 4 + j]] = \(Md4Collision.right_s(abcd_i[i + 1 + (1 if j >= 4 else 0)][-j], self.s_48[i * 4 + j]) -abcd_i[i + (1 if j >= 4 else 0)][-j] - Md4Collision.F(abcd_i[i + 1][-j + 1],abcd_i[i + (1 if j >= 2 else 0)][-j + 2],abcd_i[i + (1 if j >= 3 else 0)][-j + 3])) % Md4Collision.MAX_MARGINdef get_abcdi(self, m, ii):abcd = [self.aa, self.bb, self.cc, self.dd]abcd_i = [abcd.copy()]for i in range(ii * 4):abcd[-(i % 4)] = self.phi(int(i / 16), abcd[-(i % 4)::] + abcd[:-(i % 4):], m[self.m_48[i]],self.s_48[i])if i % 4 == 3:abcd_i.append(abcd.copy())return abcd_i@staticmethoddef Endian(b):return [struct.unpack('<I', ''.join(b[i:i + 4]))[0] for i in range(0, len(b), 4)]@staticmethoddef get_random_m():return [random.randint(0, Md4Collision.MAX_MARGIN - 1) for i in range(16)]def md4ValidPre(md4):m1 = [0x4d7a9c83, 0x56cb927a, 0xb9d5a578, 0x57a7a5ee, 0xde748a3c, 0xdcc366b3, 0xb683a020, 0x3b2a5d9f,0xc69d71b3, 0xf9e99198, 0xd79f805e, 0xa63bb2e8, 0x45dd8e31, 0x97e31fe5, 0x2794bf08, 0xb9e8c3e9]m2 = [0x4d7a9c83, 0xd6cb927a, 0x29d5a578, 0x57a7a5ee, 0xde748a3c, 0xdcc366b3, 0xb683a020, 0x3b2a5d9f,0xc69d71b3, 0xf9e99198, 0xd79f805e, 0xa63bb2e8, 0x45dc8e31, 0x97e31fe5, 0x2794bf08, 0xb9e8c3e9]print('m1:', ["0x%x" % mi for mi in m1])print('m2:', ["0x%x" % mi for mi in m2])print(md4.compute(m1), '(m1 result) ==', md4.compute(m2), '(m2 result)')def test(md4):m1 = [0x4d7a9c83, 0x56cb927a, 0xb9d5a578, 0x57a7a5ee, 0xde748a3c, 0xdcc366b3, 0xb683a020, 0x3b2a5d9f,0xc69d71b3, 0xf9e99198, 0xd79f805e, 0xa63bb2e8, 0x45dd8e31, 0x97e31fe5, 0x2794bf08, 0xb9e8c3e9]print('m1:', ["0x%x" % mi for mi in m1])m2 = m1.copy()m2[1] = (m2[1] + Md4Collision.M_1) % Md4Collision.MAX_MARGINm2[2] = (m2[2] + Md4Collision.M_2) % Md4Collision.MAX_MARGINm2[12] = (m2[12] + Md4Collision.M_12) % Md4Collision.MAX_MARGINprint(md4.compute(m1) == md4.compute(m2))print(md4.compute(m1), '(m1 result) ==', md4.compute(m2), '(m2 result)')if __name__ == '__main__':md4_collision = Md4Collision()md4_collision.find_collision()密码分析学——Md4碰撞代码实现相关推荐
- 密码分析学-Enigma机破解
密码分析学 Enigma机破解 目录 作业要求 摘要 正文 一:Enigma机加密 1.1 背景 1.2 加密原理 1.3 安全性分析 1.4 加密算法实现 二:Enigma解密 2.1 历史上的解密 ...
- matlab编程实现二进制树搜索,binary-tree-collision-code 射频识别技术里的二进制树碰撞代码,防 能力 matlab 238万源代码下载- www.pudn.com...
文件名称: binary-tree-collision-code下载 收藏√ [ 5 4 3 2 1 ] 开发工具: matlab 文件大小: 794 KB 上传时间: 2013-04-22 ...
- 唯密文攻击、已知明文攻击、选择密文攻击、选择明文攻击(密码分析学中,四大攻击方式)
唯密文攻击.已知明文攻击.选择密文攻击.选择明文攻击(密码分析学中,四大攻击方式) 唯密文攻击:唯密文攻击是假定密码分析者拥有密码算法及明文统计特性,并截获一个或多个用同一密钥加密的密文,通过对这些密 ...
- 【二】gym初次入门一学就会---代码详细解析简明教程----平衡杆案例
相关文章: [一]gym环境安装以及安装遇到的错误解决 [二]gym初次入门一学就会-简明教程 [三]gym简单画图 [四]gym搭建自己的环境,全网最详细版本,3分钟你就学会了! [五]gym搭建自 ...
- 南京工业大学计算机专业代码,南京工业大学学院代码目录
技校网专门为您推荐的类似问题答案 问题1: 湖北工业大学商贸学院学校代码和建筑工程技术专业的代码 4628,是土木工程吧,18 回答人的补充 2011-07-01 16:10 国际经济与贸易01,金融 ...
- 刘鑫成同学与老师们的对话:“学编程=敲代码?”
博文来自刘鑫成同学的博客:http://www.cnblogs.com/liuxincheng/ 感悟 原博文地址:http://www.cnblogs.com/liuxincheng/p/53081 ...
- html代码seo,SEO必学基础html代码基础
一.网页基础代码 html 注:超文本标记语言,"超文本"指页面内可以含图片.链接.视频.程序等非文字元素. 正确写法: 开始结束. head标签 head指头部,头部的信息是不会 ...
- 电机学Matlab仿真代码
仿真代码目录 资源链接在文章底部 一.变压器仿真 1.1电压供电时气隙大小对线电流和磁涌的影响 %气隙大小对线圈电流的影响 %clear all %close all clc a=0.03; b=0. ...
- 加勒比海盗船——最优装载问题(趣学算法C++代码和python代码)
C++代码: #include<iostream> #include<algorithm> #include<conio.h> const int N=100000 ...
最新文章
- Android窗口管理服务WindowManagerService计算窗口Z轴位置的过程分析
- JVM_03 运行时数据区[ 堆 ]
- 一句简单的SQL查询语句的背后...
- js原生代码编写一个鼠标在页面移动坐标的检测功能,兼容各大浏览器
- jcaptcha maven
- JEECG社区招募新人啦
- Python 多线程爬取西刺代理
- 一文看懂什么是MQ消息队列
- 判断数据是增量分区全量分区
- 系统工程师Python工程师基础班
- 使用ajaxfileupload.js上传文件成功之后,没有执行success方法
- Chrome浏览器的翻译插件开发
- 文件格式介绍:文本,图片,音频,视频
- css参考手册 pdf,css4.0参考手册
- Mac故障 重置PRAM或NVRAM(何时重置,如何重置)
- 订单审批流程 数据库表设计
- 计算机主机爆炸,意外:插入计算机后,主机的电源就会烧断。发生了什么?计算机电源爆炸了吗?...
- 微博app打开微信小程序的方法
- DASCTF X CBCTF 2022九月挑战赛 dino3d
- 2021年安全生产模拟考试(全国特种作业操作证高处作业-高处安装维护拆除模拟考试题库二)安考星