Modified Hastad's Broadcast Attack README

Author: ashutosh1206

RSA-encryption/Attack-Hastad-Broadcast/Challenges/Multicast/README.md

@@ -1,8 +1,10 @@
 # Multicast
 
-Many messages intercepted.  
-Break them.  
-  
-Points: 175
-   
-Check the writeup of this challenge [here](https://github.com/ashutosh1206/Crypto-CTF-Writeups/tree/master/2017/Plaid-CTF/Multicast)
+1. Challenge Description: Many messages intercepted. Break them.  
+2. Challenge Writeups:
+   + [My writeup](https://github.com/ashutosh1206/Crypto-CTF-Writeups/tree/master/2017/Plaid-CTF/Multicast)
+   + [Other writeups](https://ctftime.org/task/3999)
+
+## Directory Contents
+1. [data.txt](data.txt)- output file
+2. [generate.sage](generate.sage)- encryption script

RSA-encryption/Attack-Hastad-Broadcast/Challenges/README.md

@@ -1,7 +1,6 @@
 # Challenges
+  
 
-## Hastad's Broadcast Attack on unpadded messages
-
-
-## Hastad's Broadcast Attack on padded messages
-1. Multicast - Plaid CTF 2017
+| S.No. | Challenge                                                            | CTF                      | Year | Difficulty Level | Points |
+|-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:|
+| 1     | [Multicast](Multicast/)                                              | Plaid                    | 2017 | _None_           | 175    |

RSA-encryption/Attack-Hastad-Broadcast/Pictures/1.gif

@@ -9,12 +9,12 @@ We will start by discussing the simplest form of Hastad's Broadcast Attack and t
 ## Hastad's Broadcast Attack on unpadded message
 Suppose Alice sends an unpadded message M to `k` people P<sub>1</sub>, P<sub>2</sub>, ..., P<sub>k</sub> each using a same small public key exponent `e` and different moduli `N` for ith individual, the public key for ith individual (N<sub>i</sub>, e). The attack states that as soon as `k>=e`, the message M is no longer secure and we can recover it easily using Chinese Remainder Theorem. Let us see how, using an example: Alice sends a message M to 3 three different people using the above conditions and using the same public key exponent `e = 3`. Let the ciphertext received by ith receiver be C<sub>i</sub> where C<sub>i</sub> = M<sup>3</sup> mod N<sub>i</sub>. We have to assume that **gcd(N<sub>i</sub>, N<sub>j</sub>)** where `i != j` (Otherwise if we get a common factor between a pair of moduli let us suppose it to be k, we can factorise both of them, since we then know one of the factors of N<sub>i</sub> and we can calculate the other as N<sub>i</sub>/k). We can now write:
 
-![equation](https://latex.codecogs.com/png.latex?{\displaystyle&space;M^{3}\equiv&space;C_{1}{\pmod&space;{N_{1}}}})  
-![equation](https://latex.codecogs.com/png.latex?{\displaystyle&space;M^{3}\equiv&space;C_{2}{\pmod&space;{N_{2}}}})  
-![equation](https://latex.codecogs.com/png.latex?{\displaystyle&space;M^{3}\equiv&space;C_{3}{\pmod&space;{N_{3}}}})  
+![equation](Pictures/1.gif)  
+![equation](Pictures/2.gif)  
+![equation](Pictures/3.gif)  
 
 Thus we can get the following by solving using Chinese Remainder Theorem:
-![equation](https://latex.codecogs.com/png.latex?M^{3}&space;=&space;\sum_{i=1}^3&space;C_i&space;b_i&space;b'_i&space;\pmod{N})
+![equation](Pictures/4.gif)
 where **b<sub>i</sub> = N/N<sub>i</sub>** , **b<sub>i</sub><sup>'</sup> = b<sub>i</sub><sup>-1</sup> mod N<sub>i</sub>** and N = N<sub>1</sub>*N<sub>2</sub>*N<sub>3</sub>. Since we know that M < N<sub>i</sub> (If our message M is larger than the modulus N, then we won't get the exact message when we decrypt the ciphertext, we will get an equivalent message instead, which is not favourable). Therefore we can write M < N<sub>1</sub>N<sub>2</sub>N<sub>3</sub>. We can easily calculate M now by directly taking the `cube root` of M<sup>3</sup> to get `M`.