Suppose that Alice wants to send Bob a signed and encrypted message $m$. She will use RSA for both signing and encrypting. She first uses her private key $(n_A, d_A)$ to obtain the signature $s = m^{d_A} \bmod{n_A}$, and then uses Bob's public key $(n_B, e_B)$ to obtain the ciphertext $c = s^{e_B} \bmod{n_B}$. She sends $c$ to Bob, who then decrypts it with his private key $(n_B, d_B)$ to obtain $s' = c^{d_B} \bmod{n_B}$, and finally recovers the message $m' = s'^{e_A} \bmod{n_A}$ using Alice’s public key $(n_A, e_A)$.
nA = 62894113
eA = 3
dA = 41918819
nB = 55465219
eB = 17
dB = 26094257
m = 2
Let us first sign the message $m$ with Alice's private key, and then encrypt the signature using Bob's public key.
s = Integer(pow(m, dA, nA))
s
19714331
c = Integer(pow(s, eB, nB))
c
20507849
We now decrypt the ciphertext using Bob's private key, and then extract the message with Alice's public key.
ss = Integer(pow(c, dB, nB))
ss
19714331
mm = Integer(pow(ss, eA, nA))
mm
2
Let us try with another message.
m = 5
s = Integer(pow(m, dA, nA))
c = Integer(pow(s, eB, nB))
ss = Integer(pow(c, dB, nB))
mm = Integer(pow(ss, eA, nA))
(m, s, c, ss, mm)
(5, 62006589, 51623723, 6541370, 42173672)
We se that since the original signature $s$ was larger than Bob's modulus $n_B$, decrypting $c$ only gives $s' = s \bmod{n_B}$, leading to $m' \ne m$.
The probability of this happening can be expressed as $(n_A - n_B)/n_A$, where $n_A > n_B$. Let us compute it for our case.
N((nA - nB)/nA)
0.118117477863151
Several measures can be taken to prevent this from happening.