This challenge was a bit different from Strength in the sense that the moduli of the intercepted ciphertexts were different. There is an attack called Wiener’s attack which is based on the following theorem:
Let with and . Given and with , the attacker can efficiently recover .
So by running the attack on all the instances, we hope that at least one satisfies the constraints in Wiener's theorem. After running implementation here on a few of the instances, we find the exponent
and can recover
which translates to ‘ flag_S0Y0UKN0WW13N3R$4TT4CK!’