Skip to main content

hastad_broadcast_attack

Function hastad_broadcast_attack 

Source
pub fn hastad_broadcast_attack(
    e: u32,
    ciphertexts: &[BigInt],
    moduli: &[BigInt],
) -> Option<BigInt>
Expand description

Håstad’s broadcast attack: recover the plaintext m from k ≥ e ciphertexts cᵢ = mᵉ mod Nᵢ of the SAME message under a small public exponent e and distinct moduli (see the module note above). CRT reconstructs mᵉ exactly, and its integer e-th root is m. Returns the recovered message, or None if the CRT fails or the result is not a perfect e-th power (the precondition k ≥ e did not hold).