Tags: oracle rsa 

Rating:

tl;dr
This is just a fancy version of the parity oracle attack, where the parity is obtained probabilistically and by pinging the server multiple times with the same input we can determine the parity of a ciphertext, then the parity oracle attack comes easily.

Original writeup (https://github.com/Ariana1729/CTF-Writeups/blob/master/2018/Google%20CTF%20Quals%202018/Perfect%20Secrecy/README.md).