RSA不同于模数攻击的破解法

题目：Alice decides to use RSA with the public key N = 1889570071. In order to guard against transmission errors, Alice has Bob encrypt his message twice, once using the encryption exponent e1 = 1021763679 and once using the encryption exponent e2 = 519424709. Eve intercepts the two encrypted messagesc1 = 1244183534 and c2 = 732959706. Assuming that Eve also knows N and the two encryption exponents e1 and e2. Please help Eve recover Bob’s plaintext without finding a factorization of N. 

推导过程

原题中有两个公钥e1,e2都可以用私钥d解密则可以根据v扩战的欧基里德定理e1,e2互素，则可以使得   e1*s1+e2*s2=1;c1=m^e1   c2=m^e2[m^(e1*s1)]*[m^(e2*s2)]=m^(e1*s1+e2*s2)=m^1=m而 m^(e1*s1)=c1^s1   m^(e2*s2)=c2^s1根据推导则可以直接求出s1, s2进一步 [c1^s1]*[c2^s1]=m可以求出明文m

代码实现

#include <iostream>#include "Bignum.h"using namespace std;bignum ex_gcd(bignum a,bignum b,bignum &x,bignum &y){    bignum xi_1,yi_1,xi_2,yi_2;    xi_2=1,yi_2=0;    xi_1=0,yi_1=1;    x=0,y=1;    bignum r=a%b;    bignum q=a/b;    while (r==1)    {        x=xi_2-q*xi_1;        y=yi_2-q*yi_1;        xi_2=xi_1;        yi_2=yi_1;        xi_1=x,yi_1=y;        a=b;        b=r;        r=a%b;        q=a/b;    }    return b;}bignum PowerMod(bignum a, bignum b, bignum c){    bignum ans ;    ans=1;    a = a % c;    while(b>0) {        if(b%2==1)        ans = (ans * a) % c;        b = b/2;        a = (a * a) % c;    }    return ans;}int main(){  bignum e1,e2,s1,s2,c1,c2,m,n;  cin >> e1>>e2>>c1>>c2>>n;  ex_gcd(e1,e2,s1,s2);  m=PowerMod(c1,s1,n)*PowerMod(c2,s2,n);  cout << m;  return 0;}

输入输出：

input:1021763679 519424709 1244183534 732959706 1889570071output:732959706