Unknown Public Key

Description

A police team has spotted an individual on the Internet who is suspected of running a terrorist organization. The police would like to have access to his real identity, but the individual is suspicious.

The police managed to learn that he had an account with a foreign bank issuing special cards. An account was therefore opened anonymously in this bank in order to carry out a study on these cards. Here’s what they found:

• The cards do not carry certificates (RSA public keys), and card authentication is always carried out online.
• Analysis of the RSA signature execution via auxiliary channels shows that the calculation is not constant-time.

A vast operation to identify the individual using his card was set up. The public key on the suspect’s card is retrieved, and the foreign bank is then asked to identify the owner of the associated account. Payment terminals enabling current measurement and recording of the authentication sequence are discreetly distributed to retailers in the town where the suspect is thought to reside.

As luck would have it, after a few days, a trace of a transaction with the said foreign bank is retrieved from the terminal exchanges. In the output.txt file, the message and its signature are displayed, along with the card’s private key used for authentication.

Will you be able to reconstruct the public key using this exchange and the associated trace?

Note: The flag is in the form FCSC{x} where x is the SHA256 of the concatenation of the public exponent e and then the public modulus n.

e = e.to_bytes((e.bit_length() + 7) // 8, "big")
n = n.to_bytes((n.bit_length() + 7) // 8, "big")

h = hashlib.sha256()
h.update(e)
h.update(n)
print(f"FCSC{{{h.hexdigest()}}}")