No Padding, No Problem (90)
RSA chosen-ciphertext attack (CCA)
Last updated
Was this helpful?
RSA chosen-ciphertext attack (CCA)
Last updated
Was this helpful?
Oracles can be your best friend, they will decrypt anything, except the flag's ciphertext. How will you break it? Connect with nc mercury.picoctf.net 30048
.
This is a chosen-ciphertext attack (CCA) against RSA. We are able to choose any ciphertext, except the flag's ciphertext, to decrypt.
TL;DR: we can use as the ciphertext, then halve the result.
Note that:
is chosen such that , i.e. .
The decryption of would yield:
From Euler's Theorem, if , then
Thus, we have
At this point, we can halve the result to get .