Challange summary In this challenge, I implemented multibit-variant of Regev's cryptosystem. Normal Regev's cryptosystem First, the cryptosystem generates LWE Oracle. The matrix $A$, vector $s$, error vector $e$, and target vector $t$ that holds: $$A\cdot s+e=t$$ and $A,t$ will be a public key.

SSSS.RNG $p$を512bitの素数、$a,b,x$を$p$未満のランダムな数とする。 以下すべて$\mathbb{Z}/p\mathbb{Z}$上の演算として、 $$ \begin{aligned} g_1&=ax+b\ g_2&=ag_1+b\ g_3&=ag_2+b\

Challenge Summary You are given a website. It is doing some weird job. First, it constructs routes object based on the salt parameter and store it to the session. const setRoutes = async (session, salt) => { const index = await fs.readFile('index.html'); session.routes = { flag: () => '*** CENSORED ***',

Challenge Summary You can create blog post. It is accepting an arbitrary HTML, but it is correctly escaped and sanitized by DOMPurify. const body = document.getElementById('body'); body.innerHTML = DOMPurify.sanitize(body.textContent); hljs.highlightAll(); The goal is to obtain the cookie of admin.

Welcome @moratorium08 :) babycrypto1 @hakatashi We can encode arbitrary block with chosen IV, so we can extend the given block with arbitrary content. from ptrlib import Socket, logger from base64 import b64encode, b64decode from Crypto.Cipher import AES

Author @hakatashi Challenge Summary There're two seperated services in this challenge, milk.chal.seccon.jp and milk-api.chal.seccon.jp. milk sends requests to milk-api with AJAX and communicates some data. The procedure is as follows. milk sends JSONP request to milk-api/csrf-token and get CSRF token. milk issues another request with the previous token and calls api. milk-api revokes CSRF token once it is used.

Author @hakatashi Challenge Summary The task is quite obvious from the appearence of the given website. You can arbitrarily change the code below the given header and the task is to get the value stored in ESNext's Private Class Field. Decapsulation. const fs = require('fs'); const {enableSeccompFilter} = require('./lib.js');

$c = \sin(m)$ is given. We can immediately calculate $m \bmod \pi$ from $c$ by using an appropriate series expansion of $\arcsin$. Note that there are two corresponding values. Now let $x = m \bmod \pi$ and the calculation error be $\delta x$. We want to calculate $$n\pi+m=x+\delta x$$ Now if we calculate $\left|\pi-\frac{x-m}{n}\right|$, $$ \begin{aligned}

Problem The flag encrypted with RSA and its public key are given. But we are given $d$ instead of $N$, by bug. Additionally, the coefficient $c=q^{-1}\bmod p$ is leaked. The problem is to restore the plaintext from these information. Solution First, we have to restore $\varphi(N)=(p-1)(q-1)$.

Problem The problem is given in the form of the follewing file: assert(len(open('flag.txt', 'rb').read()) <= 50) assert(str(int.from_bytes(open('flag.txt', 'rb').read(), byteorder='big') << 10000).endswith('1002773875431658367671665822006771085816631054109509173556585546508965236428620487083647585179992085437922318783218149808537210712780660412301729655917441546549321914516504576')) The flag is converted to an integer value and shifted 10,000 bits to the left to give the last 175 decimal digits of the value. In other words, the purpose of this problem is to restore the flag value from: $$ c=\text{flag}\cdot2^{10000}\bmod10^{175}

問題 配布ファイルは以下の通り。 assert(len(open('flag.txt', 'rb').read()) <= 50) assert(str(int.from_bytes(open('flag.txt', 'rb').read(), byteorder='big') << 10000).endswith('1002773875431658367671665822006771085816631054109509173556585546508965236428620487083647585179992085437922318783218149808537210712780660412301729655917441546549321914516504576')) フラグを整数値に変換して左に10000ビットシフトした値の末尾175桁の値が与えられる。すなわち $$ c=\text{flag}\cdot2^{10000}\bmod10^{175}

原文 (日本語) はこちら The original Japanese version is here: https://hackmd.io/@hakatashi/Syck8VfSL ROR (Crypto, 260pts) len(m) count of RSA ciphertexts are given, which is the result of encryption of the i-bit-right-rotate-shifted values of plaintext $m$. $N=2^{n_1}3^{n_2}7^{n_3},e$ is unknown Solution

The English version is here: https://hackmd.io/@hakatashi/BkG7zhfSU Overview 2020-03-07 00:00 - 2020-03-09 00:00 に48時間開催された zer0pts CTF 2020 にチームTSGのメンバーとして参加しました。結果は8847ptsで12位です。 凄まじい実力で近年頭角を現しつつあるチームzer0ptsによる初めてのCTFです。事前の宣言通り、「No boring guess」な最高のクオリティのCTFでした。ありがとうございます! ROR (Crypto, 260pts)

Why didn't many peaple solve this? It's just an implementation of IFFT from spectrogram? ;) Challenge Details We are given three image files. Obviously the first two is spectrogram, which should simply be a result of FFT of the signal. And as the third image suggests, we should implement inverse of FFT (IFFT) to recover the original data. I implemented a solver with Node.js. const {promises: fs} = require('fs');

Good and difficult crypto challenge. Should be an entry exercise for getting into Lattice-based cryptoanalysis and Symbolic Execution. challenge details We got Python script (excerpted): def create_potion(ingredients: List[int], amounts: List[int]) -> int: magic_constant = 1046961993706256953070441 effect = sum(starmap(mul, zip(ingredients, amounts))) side_effect = getrandbits(13) ^ getrandbits(37) return (effect + side_effect) % magic_constant

# CTFZone 2019 Quals チームTSG 非Writeup ※この記事は [CTF Advent Calendar 2019](https://adventar.org/calendars/4241) の6日目くらいの記事です。 博多市です。 先日開催された CTFZone 2019 Quals ですが、チームTSGは[lmt_swallow](https://twitter.com/lmt_swallow)先生の発案により「たまには本気で海外本戦行きを目指そう」というコンセプトのもと全力を出して大会に参加しました。最終的な結果は知られている通り10位ということで、(おそらく) ギリギリで予選通過というドラマチック展開に期せずしてなりました。 さて、TSGではCTF参加中の情報共有に、SlackおよびScrapboxを利用しています。基本、ここに書かれた内容はメモ書き程度のものですが、見返してみると案外面白く、本来の目的とは少し違った形で読むことができます。おそらくこういったメモ書きは他のチームにもあると思うので、ぜひとも読んで他のチームのわいわい感を知りたいなー