I secured my web application with AES-GCM implemented by the intern! Great idea, isn't it ?

Challenge contributed by skilo

Connect at archive.cryptohack.org 61277

Challenge files:
  - authentification-1.zip
  - template_authentification.py

Damn, I'd forgotten to check the integrity... Good thing the intern pointed it out to me, he really is perfect! 😁

Hint (released during the CTF) : there is an implementation error in the file gcm.py that you need to exploit to solve this challenge.

Challenge contributed by skilo

Connect at archive.cryptohack.org 59670

Challenge files:
  - authentification-2.zip
  - template_authentification.py

Can you tell the difference?

Challenge contributed by skilo

Connect at archive.cryptohack.org 43607

Challenge files:
  - do-you-have-good-eyes.zip

HaSh functIonS are one-way, right?

Challenge contributed by skilo

Challenge files:
  - u-turn.zip

A sacred ward, once thought unbreakable, is built upon a foundation of misplaced trust. The ancient order that devised it never foresaw the cracks in their own defenses. A true cipher-weaver, one with a deep understanding of hidden structures, may find a way to tear it down. Can you?

Challenge contributed by r4sti

Challenge files:
  - pubkey.pem
  - output.txt
  - source.py

Version 1.0 of our new encryption service has just launched! It is blazingly fast and uses state-of-the-art encryption. Stay tuned for version 2.0; I hear it will bring tons of improvements and security fixes.

Challenge contributed by arneb

Connect at archive.cryptohack.org 21970

Challenge files:
  - server.py

LCG is fun, ECDSA is fun too, so why not combine them together?

Challenge contributed by maple3142

Challenge files:
  - output.txt
  - chall.py

Mirror of Challenge for the ZKP Section

Challenge contributed by killerdog and oberon

Connect at archive.cryptohack.org 3583

Challenge files:
  - chal.py
  - params.py
  - help.html

"My boss 1nteger_c said we will come back with a better GCM challenge. I hereby present, the **Greatest Common Multiple**."

Challenge contributed by soon_haari

Connect at archive.cryptohack.org 2762

Challenge files:
  - chall.py

Mirror of Challenge for the ZKP Section

Challenge contributed by killerdog

Connect at archive.cryptohack.org 14635

Challenge files:
  - hamiltonicity.py
  - chal.py
  - example.py

Mirror of Challenge for the ZKP Section

Challenge contributed by killerdog and Lance Roy

Connect at archive.cryptohack.org 34597

Challenge files:
  - hamiltonicity.py
  - chal.py
  - example.py

I don’t know how to design a secure stream cipher, but a large key space should be sufficient to block most attacks right?

Challenge contributed by maple3142

Challenge files:
  - output.txt
  - chall.py

Mirror of Challenge for the ZKP Section

Challenge contributed by killerdog

Connect at archive.cryptohack.org 11840

Challenge files:
  - chal.py
  - params.py

Did you know that you only need FHE to build OT?

_The timeout on the remote is 60 seconds._

Challenge contributed by Drago

Connect at archive.cryptohack.org 40704

Challenge files:
  - offtopic.py

It's just one round of encryption. How hard can it be?

_The timeout on the remote is 300 seconds._

Challenge contributed by mr96

Connect at archive.cryptohack.org 62821

Challenge files:
  - one_round_crypto.py

Do algebraic ducks go "quo quo"?

_The timeout on the remote is 600 seconds._

Challenge contributed by Robin_Jadoul

Connect at archive.cryptohack.org 23128

Challenge files:
  - quo_vadis.sage

RSA is cool, but I don't wanna do it alone. I found a way to do RSA together with my friends.

_The timeout on the remote is 60 seconds._

Challenge contributed by Devrar

Connect at archive.cryptohack.org 33824

Challenge files:
  - rsatogether.sage

Ok, so, I didn't read the part about this being a *cryptography* competition - my bad. Now it's too late to back out though, please help me figure this out!

note: it is recommended to use sagemath-10.4 to run the challenge locally, due to performance reasons.

*The timeout on the remote is 120 seconds.*

Challenge contributed by PhiQuadro

Connect at archive.cryptohack.org 25469

Challenge files:
  - smithing.sage

Mirror of Challenge for the ZKP Section

Challenge contributed by Mathias Hall-Andersen, zksecurity.xyz

Connect at archive.cryptohack.org 26896

Challenge files:
  - main.rs
  - example.py
  - Cargo.toml
  - Dockerfile
  - maestro.rs

Is this what people mean by "message blinding"?

Challenge contributed by CryptoHack

Challenge files:
  - output.txt
  - blind.sage

I have developed a variant of GLP, GLP420!

Challenge contributed by y011d4

Connect at archive.cryptohack.org 26931

Challenge files:
  - server.sage

I have hidden my flag among the elliptic curve points. Go seek!

Challenge contributed by CryptoHack

Challenge files:
  - output.txt
  - hide_and_seek.sage

Yum, time for dessert.

Challenge contributed by CryptoHack

Challenge files:
  - output.txt
  - irish_flan.py

The flag is hidden somewhere in the 1337th universe.

Challenge contributed by maple3142

Connect at archive.cryptohack.org 3721

Challenge files:
  - server.py

Ring Signatures are used in some cryptocurrencies to provide anonymity for who has signed a transaction or sent money. Can you break the anonymity of the ring signatures?

Challenge contributed by CryptoHack

Challenge files:
  - ed25519.py
  - data.json
  - chal.py

My primes are prefectly random. I wonder if you can find them.

Challenge contributed by CryptoHack

Challenge files:
  - output.txt
  - RRSSAA.py

I hope I actually implemented Shamir Secret Sharing correctly this year. I am pretty sure you won't be able to guess my secret even when I give you all but one share.

Challenge contributed by maple3142

Connect at archive.cryptohack.org 12739

Challenge files:
  - server.py

Apparently, there is something weird happening with the prime generation.

Challenge contributed by maple3142

Challenge files:
  - output.txt
  - challenge.py

Champagne for my real friends, real pain for my sham friends.

Challenge contributed by CryptoHack

Challenge files:
  - output.txt
  - tough_decisions.py

I'll shout about my curve all day, it's totally secure. You'll have to pull the solution from my cold dead hands!

Challenge contributed by CryptoHack

Connect at archive.cryptohack.org 11718

Challenge files:
  - twist_and_shout.py
  - Dockerfile
  - twist_and_shout.xinetd

Elliptic curves were originally studied for their beauty, then mathematics came.

Challenge contributed by Shadowwws

Connect at archive.cryptohack.org 39003

Challenge files:
  - chall.sage

I have reimplemented a cryptosystem, but it sometimes behaves strangely. But I don't think it matters.

Challenge contributed by y011d4

Connect at archive.cryptohack.org 56048

Challenge files:
  - server.py

In CTF, there are many people who mistakenly encrypt p, q in RSA. But this time...

Challenge contributed by y011d4

Challenge files:
  - output.txt
  - chall.py

also known as conveyor belt sushi

Challenge contributed by y011d4

Challenge files:
  - chall.sage
  - output.txt

What if /dev/urandom is unrandom...?

Challenge contributed by y011d4

Connect at archive.cryptohack.org 2783

Challenge files:
  - server.py

Hash-based authentication is great and I have invented one. Can you prove that my system is secure?

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 40156

Challenge files:
  - chall.py

"Find a collision for my hash algorithm! It is basically military-graded: The output is 256-bit long, and discrete log is hard! I even made it harder such that you don't even have the public parameters!"

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 9391

Challenge files:
  - chall.py

Breaking random functions is a dark art, and I need your help in this.

Challenge contributed by rkm0959

Connect at archive.cryptohack.org 35802

Challenge files:
  - chal.py

"I have designed a failproof encryption system with possibly arbitrarily small public keys. I will be as famous as Et Al one day, but only if I can somehow figure out a decryption mechanism..."

Challenge contributed by deuterium

Connect at archive.cryptohack.org 42351

Challenge files:
  - ctf.xinetd
  - source.py
  - Dockerfile

"I am sure it's failproof now, I have increased the security levels too!¬"

Challenge contributed by deuterium

Connect at archive.cryptohack.org 36813

Challenge files:
  - ctf.xinetd
  - source.py
  - Dockerfile

It only took me four heat deaths of the universe to encrypt this flag.

Challenge contributed by CryptoHack

Challenge files:
  - output.txt
  - functional.sage

I got bored and made a new block cipher, but someone stole my flag and now i need to break it to get it back. Will you help me?

Challenge contributed by zeski

Connect at archive.cryptohack.org 44134

Challenge files:
  - key_recovery.py

Mystiz's computer is lack of entropy. He needs to reuse randomness to generate the primes for RSA...

Challenge contributed by Mystiz

Challenge files:
  - output.txt
  - chall.py

Find a collision for my hash algorithm! It is basically military-graded: The output is 256-bit long, and discrete log is hard! I even made it harder such that you don't even have the public parameters!

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 14846

Challenge files:
  - chall.py

Find a collision for my hash algorithm! It is basically military-graded: The output is 256-bit long, and discrete log is hard! I even made it harder such that you don't even have the public parameters!

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 56434

Challenge files:
  - chall.py

I've been learning about probability distributions, but it's all very confusing so I'm just going to assume that my variant of blackjack gives an advantage to the house. I'll even bet a flag on it.

Challenge contributed by Neobeo

Connect at archive.cryptohack.org 59737

Challenge files:
  - probability.py
  - Dockerfile

So I got all the hex digits of the private key, but it seems that the hex digits went through some sort of a permutation.... Can you help me?

Challenge contributed by rkm0959

Connect at archive.cryptohack.org 45400

Challenge files:
  - chal.py

ON 2-out-of-3 SECRET SHARING BASED ON RSA - MemeCrypt 2022

Challenge contributed by rkm0959

Connect at archive.cryptohack.org 42957

Challenge files:
  - chal.py

Another boring crypto challenge about signatures.

Challenge contributed by maple3142

Challenge files:
  - output.txt
  - challenge.py

I want to keep my private key small, but I've heard this is dangerous. I think I've found a way around this though!

Challenge contributed by CryptoHack

Challenge files:
  - output.txt
  - challenge.py

"Welcome to the Diffecient Security Key Database API, for securely and efficiently saving tons of long security keys! Feel *free* to query your security keys, and pay a little to add your own to our state-of-the-art database. We trust our product so much that we even save our own keys here!"

Challenge contributed by deuterium

Connect at archive.cryptohack.org 29201

Challenge files:
  - ctf.xinetd
  - source.py
  - Dockerfile

Ed25519 is all the rage these days - it's fast, has small keys and signatures, and is designed to be robust against side-channel attacks. But the scheme has some magic as originally conceived.

Challenge contributed by CryptoHack

Connect at archive.cryptohack.org 31144

Challenge files:
  - chal.py
  - magic.xinetd
  - Dockerfile

I am a bot imitating Pekora. You can talk with me through Elliptic-curve Diffie–Hellman protocol!

Challenge contributed by maple3142

Connect at archive.cryptohack.org 45328

Challenge files:
  - server.py
  - elliptic_curve.py

1337crypt is back. This time, with added complexity.

Challenge contributed by joseph

Challenge files:
  - 1337crypt-v2.sage
  - output.txt

"COVID: *exists* vaccine jokes: *challenge_name*"

Challenge contributed by deuterium

Challenge files:
  - challenge.py

In the beginning of 2020, Khaled A. Nagaty invented a cryptosystem based on key exchange. The cipher is faster than ever... It is impossible to break, right?

Challenge contributed by Mystiz

Challenge files:
  - output.txt
  - chall.py

"What's the fun of rolling up a hash function if it's not chaotic enough?"

Challenge contributed by deuterium

Connect at archive.cryptohack.org 18948

Challenge files:
  - chaos.xinetd
  - Dockerfile
  - challenge.py

Every slightest mistake in cryptography would lead to a disastrous result. Let's see what will happen when you allow end-users to pick the mode of operation...

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 2951

Challenge files:
  - chall.py

Mystiz made a key vault which could encrypts his darkest secrets (i.e., the flag). Everything is protected with a bank-level encryption (i.e., a 256-bit key). You are welcome to look at the encrypted secrets and praise his cryptographic knowledge.

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 4077

Challenge files:
  - chall.py

Mystiz is really lazy. He expects that someone would crack the bank-level encryption, but he doesn't care about that. After all, the darkest secret is not that dark. He decided to change the numbers and release it to the public again. Now crack it!

Challenge contributed by Mystiz

Challenge files:
  - transcript.zip
  - chall.py

Some of the block cipher modes of operation are pretty vulnerable, which includes but not limited to padding oracle in CBC, key-recovery attacks with repeated nonces in GCM and _Zerologon_ in CFB8... What about OFB?

Challenge contributed by Mystiz

Challenge files:
  - output.txt
  - secret.py
  - chall.py

"Do you believe in games of luck? I hope you make your guesses real or you'll be floating around,"

Challenge contributed by deuterium

Connect at archive.cryptohack.org 16189

Challenge files:
  - real.xinetd
  - Dockerfile
  - challenge.py

Okay. My secure authentication system was proved insecure (see [here](https://github.com/samueltangz/ctf-archive-created/tree/master/20201006-hkcert-ctf/sign-in-please)) as it got exploited last year by a bunch of bad guys. I improved the system and you would not be able to eavesdrop the passwords ever again.

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 60192

Challenge files:
  - chall.py

* Wait, `spongebob` and `squarepants` don't hash to the same thing?

Challenge contributed by CryptoHack

Connect at archive.cryptohack.org 37916

Challenge files:
  - spongebob.py

`AddRoundKey`, `SubBytes`, `ShiftRows` and `MixColumns` are four crucial components are AES. They are used to protect the world in 2021. I wonder what will happen if some of them is out of function.

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 36161

Challenge files:
  - aes.py
  - chall.py

Wait a MInute, that's not a substitution cipher!

Challenge contributed by joseph

Challenge files:
  - output.txt
  - substitution-cipher-iii.sage

The deadline for writing challenges is coming! Mystiz, who claimed himself not well-known for reusing challenges, decided to free-ride and plagarize challenges from HKCERT CTF 2020. Maybe you can reuse the solve script last year for the flag. Ciphertext: `6ccb80c46c19243a37633d316a66871ca70ec8a44f48a80134f31d8d27f920c6bd5d810831833221d0f282130d2c222de38c2080ef995b2ad10dc5af8518`

Challenge contributed by Mystiz

Challenge files:
  - challenge.py

"Wise men once said, “Well, shake it up, baby, now Twist and shout come on and work it on out” I obliged, not the flag is as twisted as my sense of humour"

Challenge contributed by deuterium

Connect at archive.cryptohack.org 46347

Challenge files:
  - twist.xinetd
  - Dockerfile
  - challenge.py

We’re about to launch a new public key cryptosystem, but its security has not been carefully reviewed yet. Can you help us?

Challenge contributed by NDH

Challenge files:
  - output.txt
  - source.py

A new public key encryption algorithm is being invented, but the author is not quite sure how to implement the decryption routine correctly. Can you help him?

Challenge contributed by NDH

Challenge files:
  - output.txt
  - source.py

"Python is so slow! Lets use nUmPy tO MAkE iT FaSTer. Only if there was a module for crypto in it :("

Challenge contributed by deuterium

Connect at archive.cryptohack.org 7265

Challenge files:
  - numpymt.xinetd
  - Dockerfile
  - challenge.py

Can you solve my factorisation problem if I give you a hint?

Challenge contributed by joseph

Challenge files:
  - output.txt
  - 1337crypt.sage

Can you guess the 2020th number?

Challenge contributed by ndh

Connect at archive.cryptohack.org 63222

Challenge files:
  - Dockerfile
  - 2020.py

I am so excited having a chance talking to Alice. She told me to calm down - and sent me an encrypted secret.

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 53580

Challenge files:
  - chall.py

I have implemented a secure authentication system. You can't eavesdrop the passwords, can you?

Challenge contributed by Mystiz

Connect at archive.cryptohack.org 1024

Challenge files:
  - chall.py