pub fn hastad_broadcast_attack(
e: u32,
ciphertexts: &[BigInt],
moduli: &[BigInt],
) -> Option<BigInt>Expand description
Håstad’s broadcast attack: recover the plaintext m from k ≥ e ciphertexts cᵢ = mᵉ mod Nᵢ of the
SAME message under a small public exponent e and distinct moduli (see the module note above). CRT
reconstructs mᵉ exactly, and its integer e-th root is m. Returns the recovered message, or None
if the CRT fails or the result is not a perfect e-th power (the precondition k ≥ e did not hold).