Recently Updated
A Small Broadcast
Challenge I RSA encrypted the same message 3 different times with the same exponent. Can you decrypt this?
1
2
3
4
5
6
7
8
9
10
11
Problem updated on 7/17/16 @ 8PM EST - fixed values
I RSA encrypted the same message 3 different times with the same exponent. Can you decrypt it?
N1:79608037716527910392060670707842954224114341083822168077002144855358998405023007345791355970838437273653492726857398313047195654933011803740498167538754807659255275632647165202835846338059572102420992692073303341392512490988413552501419357400503232190597741120726276250753866130679586474440949586692852365179
C1:34217065803425349356447652842993191079705593197469002356250751196039765990549766822180265723173964726087016890980051189787233837925650902081362222218365748633591895514369317316450142279676583079298758397507023942377316646300547978234729578678310028626408502085957725408232168284955403531891866121828640919987
N2:58002222048141232855465758799795991260844167004589249261667816662245991955274977287082142794911572989261856156040536668553365838145271642812811609687362700843661481653274617983708937827484947856793885821586285570844274545385852401777678956217807768608457322329935290042362221502367207511491516411517438589637
C2:48038542572368143315928949857213341349144690234757944150458420344577988496364306227393161112939226347074838727793761695978722074486902525121712796142366962172291716190060386128524977245133260307337691820789978610313893799675837391244062170879810270336080741790927340336486568319993335039457684586195656124176
N3:95136786745520478217269528603148282473715660891325372806774750455600642337159386952455144391867750492077191823630711097423473530235172124790951314315271310542765846789908387211336846556241994561268538528319743374290789112373774893547676601690882211706889553455962720218486395519200617695951617114702861810811
C3:55139001168534905791033093049281485849516290567638780139733282880064346293967470884523842813679361232423330290836063248352131025995684341143337417237119663347561882637003640064860966432102780676449991773140407055863369179692136108534952624411669691799286623699981636439331427079183234388844722074263884842748
Solution
used the same value for d
three times? can we calculate p’s and q’s from this? assume e=65537
? bruteforceable? maybe a math problem? Those values are all interrelated, set of linear equations?
-> yep, need to brush up on modular arithmetic I think
what we know about RSA:
- A public key is composed of the pair
(N,e)
- the modulusN
and the public exponente
- A private key is composed of the pair
(N,d)
- the modulusN
and the private exponentd
- Decrypting a ciphertext is taking the integer value of a ciphertext to the private exponent and applying modulo
N
to it -c^d mod N = m
- Encrypting a message is taking the integer value of a message to the public exponent and applying modulo
N
to it -m^e mod N = c
- A modulus
N
is composed of a multiplication of two (large) prime numbersp
andq
- This multiplication is a trapdoor - easy in one way (multiplication), difficult in the other (factoring)
- The totien
phi(N)
can be calculated as follows:phi(N) = phi(p*q) = (p-1)*(q-1)
- The public exponent
e
is chosen in the range[3,phi(N)[
, often65537
as it is in this case - The private exponent
d
is calculated using thephi(N)
modular multiplicative inverse ofe
so thate*d = 1 mod phi(N)
- Private components are therefore
p
,q
,d
andphi(N)
- Public components are therefore
e
andN
- OAEP Padding is used to avoid several attacks against RSA
Flag