Using same modulus for RSA

Question

I know that there exist some attack when using same modulus.
Can two different pairs of RSA key have the same modulus?
RSA cracking: The same message is sent to two different people problem

But with a little modification,
$m$ is the plain-text
$N$ is the RSA modulus
$r_1, r_2$ is the random padding
$e, s$ is the public exponent
$C_e, C_s$ is the cipher-text

encrypt as follow $$С_e = (m + r_1)^e \bmod N$$ $$С_s = (m + r_2)^s \bmod N$$

If attacker only knows $C_e, C_s, r_1, r_2, e, s, N$.
Is it possible to know $m$?

It seems the RSA cracking: The same message is sent to two different people problem does not work?

Answer 1

Yes, it is possible. Like SEJPM suggested, you can use a variant of the Franklin-Reiter related-message attack to accomplish this. Let $\Delta = r_2 - r_1$. Compute $\gcd(X^{e} - c_e, (X + \Delta)^{s} - c_s)$ over $\mathbb{Z}/n\mathbb{Z}[X]$, which yields the linear polynomial $X - (m + r_1)$. Recovering $m$ is now trivial. This, of course, will only be reasonably efficient for small exponents $e$ and $s$; but it should be quite doable for common exponents below $65537$.