I only left with one question: why do we create three c? I don't see any regards to the number of it in CRT and Gauss method. And don't feel strong connection of the number of c_iphers with _e (which is also 3). Does it only connected with the length of the _m_essage? So that longer the message we cipher, than more ciphers we need to use CRT? And how is it connected with the limitation that _m_essage can't be longer than modulus?

Thank you for wonderful explanation, useful links, and this additional coverage!

Thank you for great explanation! Other solutions (1, 2) indicated the cause, but without you it was hard to understand this flipping behavior of the result.

Actually, it's #32 (and in the content links at the start page too). =)

For me the point turned out to break my intuition, acquired with previous challenges, that second block of keystream would differ from the first only slightly (as only one byte of counter is changed). But apparently AES introduce enough entropy so it wouldn't be that simple for human eye.