{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "# Common modulus attack\n",
    "\n",
    "Suppose Alice sends the RSA encryptions of the same message $m$\n",
    "to two people using the same RSA modulus $n$ and relatively prime public exponents $e_1$ and $e_2$.\n",
    "An attacker can retrieve the message $m$ only from the public data\n",
    "(i.e., the modulus $n$, the public exponents $e_1$ and $e_2$,\n",
    "and the encryptions $c_i = m^{e_i} \\bmod{n}$ for $i = 1, 2$).\n",
    "\n",
    "By using the extended Euclidean algorithm,\n",
    "one can compute integers $a$ and $b$ such that $a e_1 + b e_2 = 1$.\n",
    "Then the message $m$ can be retrieved as $c_1^a c_2^b \\equiv m^{a e_1 + b e_2} \\equiv m \\pmod{n}$."
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Example\n",
    "\n",
    "Let $n = 55$, $e_1 = 3$, $e_2 = 7$, $c_1 = 8$ and $c_2 = 18$."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 1,
   "metadata": {},
   "outputs": [],
   "source": [
    "from algorithms.euclidean import eea\n",
    "n = 55\n",
    "e1, e2 = 3, 7\n",
    "c1, c2 = 8, 18"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Let us compute $a$ and $b$."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "(-2, 1)"
      ]
     },
     "execution_count": 2,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "a, b = eea(c1, c2)\n",
    "a, b"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "We can now retrieve the message."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 3,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "2"
      ]
     },
     "execution_count": 3,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "m = c1^a * c2^b % n\n",
    "m"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Let us verify that the decryption really encrypts to the given ciphertexts."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 4,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "[8, 18]"
      ]
     },
     "execution_count": 4,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "[m^e % n for e in (e1, e2)]"
   ]
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "SageMath 9.2.rc2",
   "language": "sage",
   "name": "sagemath"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.8.5"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 2
}