#!/usr/bin/env python3

from Crypto.Util.number import *

def genprimes(nbit, k):
	while True:
		p, q = [2 ** k * getRandomNBitInteger(nbit - k) + 1 for _ in '01']
		if isPrime(p) and isPrime(q):
			return p, q

def keygen(PRIMES, k):
	p1, p2, p3, p4 = PRIMES
	PUBKEYS = []
	while True:
		y1 = getRandomRange(2, p1 * p2)
		if pow(y1, (p1 - 1) // 2, p1) == p1 - 1 and pow(y1, (p2 - 1) // 2, p2) == p2 - 1:
			PUBKEYS.append((k, p1 * p2, y1))
			break
	while True:
		y2 = getRandomRange(2, p3 * p4)
		if pow(y2, (p3 - 1) // 2, p3) == p3 - 1 and pow(y2, (p4 - 1) // 2, p4) == p4 - 1:
			PUBKEYS.append((k, p3 * p4, y2))
			break
	while True:
		y3 = getRandomRange(2, p2 * p3)
		if pow(y3, (p2 - 1) // 2, p2) == p2 - 1 and pow(y3, (p3 - 1) // 2, p3) == p3 - 1:
			PUBKEYS.append((k, p2 * p3, y3))
			break
	while True:
		y4 = getRandomRange(2, p4 * p1)
		if pow(y4, (p4 - 1) // 2, p4) == p4 - 1 and pow(y4, (p1 - 1) // 2, p1) == p1 - 1:
			PUBKEYS.append((k, p4 * p1, y4))
			break
	return PUBKEYS

nbit, k = 256, 64
flag = b'CCTF{3nj0Y_Joye-Libert_cRyp7O5yST3m!!}'

p1, p2 = genprimes(nbit, k)
p3, p4 = genprimes(nbit, k)

PUBKEYS = keygen([p1, p2, p3, p4], k)