If you ever have a situation, or a challenge where the Modulus is unknown, you can recover it, provided you have two known plaintexts-ciphertexts pairs. This ‘attack’, which is less of an attack, but rather simple math.

Send/encrypt two messages #

m1 = 2
m2 = 3
#c1 = m1 encrypted by oracle
#c2 = m2 encrypted by orcacle

Raise the plaintext to the power of the exponent #

mm1 = (m1**e)
mm2 = (m2**e)

Substract the ciphertext from each plaintext #

pt1 = mm1-c1
pt2 = mm2-c2

Compute the GCD of the two values #

N = gcd(mm1,mm2)

Verify the output #

assert pow(m1,e,N) == c1
assert pow(m2,e,N) == c2

That’s it! 🤪