It is possible to break the cryptosystem by repeated encryption if a unit of has small field
order (Simmons and Norris 1977, Meijer 1996), where is the ring of integers
between 0 and
under addition and multiplication (mod ). Meijer (1996) shows that "almost" every encryption
exponent
is safe from breaking using repeated encryption for factors of
the form

Coutinho, S. C. The Mathematics of Ciphers: Number Theory and RSA Cryptography. Wellesley, MA:
A K Peters, 1999.Flannery, S. and Flannery, D. In
Code: A Mathematical Journey. Profile Books, 2000.Honsberger,
R. Mathematical
Gems III. Washington, DC: Math. Assoc. Amer., pp. 166-173, 1985.Meijer,
A. R. "Groups, Factoring, and Cryptography." Math. Mag.69,
103-109, 1996.Rivest, R. L. "Remarks on a Proposed Cryptanalytic
Attack on the MIT Public-Key Cryptosystem." Cryptologia2, 62-65,
1978.Rivest, R.; Shamir, A.; and Adleman, L. "A Method for Obtaining
Digital Signatures and Public-Key Cryptosystems." MIT Memo MIT/LCS/TM-82, 1977.Rivest,
R.; Shamir, A.; and Adleman, L. "A Method for Obtaining Digital Signatures and
Public Key Cryptosystems." Comm. ACM21, 120-126, 1978.RSA
Laboratories. "The RSA Factoring Challenge" http://www.rsa.com/rsalabs/node.asp?id=2092.Schnorr,
C. P. "Fast Factoring Integers by SVP Algorithms." Cryptology ePrint
Archive: Report 2021/232. 1 Mar 2021. https://eprint.iacr.org/2021/232.Simmons,
G. J. and Norris, M. J. "Preliminary Comments on the MIT Public-Key
Cryptosystem." Cryptologia1, 406-414, 1977.