crypto2025/crypto-asimmetric/RSA-4/attack.py

#!/usr/bin/env python3

from gmpy2 import gcd
from Cryptodome.Util.number import bytes_to_long, getPrime

def egcd(a, b):
    if (a == 0):
        return (b, 0, 1)
    else:
        g, y, x = egcd(b%a, a)
        return (g, x - (b//a) * y, y)

# N is the same
n = 136372941954692995052032614106416002216650352281441768759106047115825257661310123118558086046873251952204915740853517008372422353621244931366409094731856824295828106036399145756514345255241109944294641060644246049854296519101775880563276657142059245230769447888021843340822736997057074223723734593369646608283
c = [88934261481985787316571946676203348514352494646042103159736155624287938096099586834729171652139440814472420307071476143907698982272593448957770236088603490101924827608944006107576740571416087954304061091614594794358854353419664581332745351113861171522629631586344259719016707622211007808872462656489173218734, 31191490339291402076171068036548032381977184741778243810947202097002026583133103229115040414216968980627919985794378128894603186334221963211692252394535977554990491215621733091487550326776298499502932523408287882489799200954692353162958794137970552454035789701538315132727860436887544051794011893682559545564]

e = [31, 71]
#Bezut
#C1^u*C2^v = m mod n
res = egcd(e[0],e[1])
u = res[1]
v = res[2]

val = u*e[0] + v * e[1]
print(val)

decrypted = pow(c[0],u,n) * pow(c[1],v,n) % n

print(decrypted.to_bytes(decrypted.bit_length()//8 + 1, byteorder='big').decode())