- Round: 32 (2023/03)
- Category: Crypto
- Points: 150
- Solves: 6
As we all know, finding a root for a polynomial modulo n requires knowing the factorization of n, so it should be as safe as RSA!
If
Computing the gcd of polynomial with degree 65537 with the naive way takes several hours on an average computer, so you are supposed to use half GCD algorithm. There is an existing implementation that you can copy from.
After computing the gcd we get
Another way is to notice the fact that bytes_to_long(m1_plus_m2)
to reveal the flag.