h4ck1t 2016: Portugal - Interceptor, Crypto 95pts

Looks like in this time Alice and Bob have decided to pay a minimal attention to malicious Eve, who has been "sniffing"(as always) all the traffic during their private chat. Is their private life`s secret in danger for now?..

This is a pretty basic attack on RSA where the user encrypts the same message multiple times with different N's. Since E=3, we only need 3 different cipher texts with different N's, which we recieved. Basically, due to the Chinese Remainder Theorem, we can construct a number C' that satisfies:
C' ☰ C1 mod N1
C' ☰ C2 mod N2
C' ☰ C3 mod N3
Thus, we can construct this:
C' ☰ C1 mod N1N2N3 ☰ P^3 mod N1N2N3
Since RSA requires that any plaintext be smaller than N, we know that:
P^3 < N1N2N3
meaning that simply:
(C')^1/3 = P To actually find C' I just used the Wolfram Mathematica API and then cube rooted C' to find P. I then just converted the number to hex and decoded it into ASCII to get key=bff149a0b87f5b0e00d9dd364e9ddaa0.

This post was originally uploaded on aaroncook.xyz