script does rsa but uses a power of 2 instead of a normal e, and uses a prime as n.
so, basically it does pow(pt,2**64,p)
this is somewhat reversible, since we can take the modular square root of the ct repeatedly until we get our plaintext.
one problem though - there are 2 modular square roots
this means that we would potentially have to go through 2**64 roots in order to get the correct one
we can reduce this significantly by finding the "pseudo-phi", which we can just use Crypto.Util.number's inverse for
this finds pow(pt,2**30,p)
this is significantly lower, and this is feasible to bruteforce
i didnt solve so i dont have script but uhhhhhh yeah
Last updated