possible to decrypt RSA using these parameters only?

Question

If our message is 204, our public RSA-key is (e, N) = (47, 221) but the private key is unknown.

is it possible to retrieve the message without the private key and what would be the steps to do so?

Answer 1

This is a special situation you can easily test. In your case a private key is just the public key: $$204^{47} \equiv 68 \pmod {221}, \quad 68^{47} \equiv 204 \pmod {221}$$

The reason for this is, that $$47^{-1} \equiv 47 \pmod {\lambda(N)}$$ where $\lambda(N)$ is the Carmichael function. The often used private key via $\varphi(N)$ would be $d=143.$

Answer 2

In this case the rather obscure cycle attack works very well, by coincidence (or not; it's an exercise after all, with small parameters)

This works as follows: suppose the public key is $(N,e)$ and we receive the message $c$. Then compute $c_0 = c, c_{n+1} = c^e \pmod{N}$ until $c = c_k$ for some $k \ge 1$ (this will always happen, only normally $k$ will be very large, but with small parameters its doable). Then $c_{k-1}$ is the original message (as its encryption is $c_k =c$).

Doing it here already gives $c_2 = 204$ and $c_1 = 68$ which is the plaintext.

This paper explains why this is normally not a realistic attack in practice .