Aleksei Udovenko hellman
🍊
hellman
/ crypto_backdoor.py
Last active
November 4, 2024 03:09
Google CTF 2017 Quals - Crypto Backdoor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def I(s): | |
| val = 0 | |
| for i in range(len(s)): | |
| digit = ord(s[len(s) - i - 1]) | |
| val <<= 8 | |
| val |= digit | |
| return val | |
| def Sn(i, length): | |
| s = '' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #[macro_use] | |
| extern crate arrayref; | |
| extern crate crypto; | |
| use crypto::aead::AeadDecryptor; | |
| use crypto::chacha20poly1305::ChaCha20Poly1305; | |
| use std::env; | |
| use std::fs::File; | |
| use std::io::{Read, Write}; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use permutation::Permutation; | |
| use cube::Cube; | |
| use crypto::blake2b::Blake2b; | |
| #[derive(Copy, Clone, Eq, PartialEq, Hash)] | |
| pub struct SecretKey { | |
| pub a: u64, | |
| pub b: u64, | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import signal, random | |
| import sys | |
| class LinearCongruentialGenerator: | |
| def __init__(self, a, b, nbits): | |
| self.a = a | |
| self.b = b |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <stdlib.h> | |
| using namespace std; | |
| #define REP(i,x) for(int i = 0; i < (int)x; i++) | |
| #define M 8 | |
| int N; | |
| string s[1000]; | |
| long q[M], p[M], hs[M][1000], hr[M][1000]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'securerandom' | |
| ## Parameters | |
| P = 115792089237316195423570985008687907853269984665640564039457584007913129639747 | |
| N = 100 | |
| K = 25 | |
| L = 38 # The number of liars | |
| def apply_polynomial(coeffs, x) | |
| r = 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| """ | |
| In this challenge we have a Paillier cryptosystem. | |
| We are given a decryption oracle, which leaks only one bit in the middle of the plaintext. | |
| Due to homomorphic properties of the Paillier cryptosystem, we can recover the full decryption using such an oracle. | |
| 1. First, we recover the lower half of the message bit-by-bit. | |
| This can be done by manipulating and observing the carry bit going through the pinhole, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| ''' | |
| In the challenge we are given a recently proposed cryptosystem | |
| based on Mersenne primes ( https://eprint.iacr.org/2017/481 ). | |
| The cryptosystem was broken quickly in https://eprint.iacr.org/2017/522.pdf | |
| using random partitioning and LLL. Here this attack is implemented. | |
| ''' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Attacking McEliece with Generalized Reed-Solomon codes (GRS), method by Sidelnikov & Shestakov. | |
| The task is almost the same as The Russian Attack from Sharif CTF: | |
| http://ctf.sharif.edu/blog/Write-Ups/SharifCTF-6/Crypto/08.%20The%20Russian%20Attack%20(500%20+%20300%20pts)/ | |
| The only change is the field changed from GF(p) to GF(2^8). | |
| Here is Sage analogue of the GAP script, because finally Sage supports GRS decoding. | |
| ''' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| CRC is applied before CTR so CTR is not protected and we can bitflip. | |
| We can fix MAC randomly and save the difference between admin=0 and admin=1. | |
| Since CRC is linear, the same difference will work for any other MAC. | |
| ''' | |
| from sock import Sock | |
| def xor(a, b): return "".join([chr(ord(a[i]) ^ ord(b[i % len(b)])) for i in xrange(len(a))]) |