An overview of CTFs I participated in during 2021 can be found here.

Check out the Archive to filter by tags!

What is this CTF category?

Most of modern cryptography deals with the encoding, encryption, and authentication of data traffic. Think of web browsing, bank transfers, communication applications, etc. Our first goal is to have our data encrypted such that only those with the appropriate keys can decrypt it. Secondly, we need to find a way for us to be sure an encrypted message indeed came from whom we think it came from and vice versa. As you can imagine, this proves to be easier said than done. During CTFs, you will be confronted with insecure algorithms proving exactly this. You will have to investigate and make sense of any provided source code, look for potential vulnerabilities, and finally exploit the algorithm to work your way to the flag.

What knowledge do I need right now to get started?

Do not be put off by the maths behind cryptography. Aside from high school maths, a quick introduction into modular arithmetic should be enough to get you started. When you are ready to dive further in, some number- and group theory, linear algebra, and elliptic curve arithmetic will do wonders for you.

What about cryptographic knowledge? There are many exotic cryptosystems and even the most common ones have plenty of variants. Therefore it is probably best to learn about these along the way. However, almost all CTFs will include at least some challenges based on, but not limited to, the following cryptographic primitives:

  • XOR ciphers, which use only bitwise and/or integer operations,
  • RSA, a public key cryptosystem with many potential vulnerabilities,
  • AES, a symmetric block cipher with various modes of operation,
  • ECC, based on elliptic curve arithmetic with its commonly used signature scheme ECDSA.

The best way to hone your cryptography skills is through practice! Try your luck in beginner-focused CTFs, look for archived challenges on CTFtime, or check out CryptoHack.

What tools do I need to be successful?

Pen, paper, and Python is really all you need, although some experience with Sage (a more math-focused extension of Python) might prove useful. Usually all attacks and exploits can be written from scratch well within the duration of the CTF. No external tools are required, although the use of existing third-party scripts is generally allowed.

Recent Write-ups

My Challenges

  • UMassCTF 2022 - HatMash

    Cryptography – 500 pts (1 solve) – Chall author: Polymero (me)

    What do you mean “We think you spend too much time with matrices.”? It’s just a hash function, jeez…

  • HackPack CTF 2022 - Repeating Offense

    Cryptography – 443 pts (20 solves) – Chall author: Polymero (me)

    One-time oracles using RSA or Paillier are not a great idea due to those slippery mathemagicians… I would like to see them slip their way through RSA AND Paillier! After all, you cannot rob two banks at the same time. … What?

  • HackPack CTF 2022 - P(ai)^3

    Cryptography – 469 pts (15 solves) – Chall author: Polymero (me)

    Pai-ai-ai… My Paillier scheme seems to be broken and I stored my favourite flag in it. Please help me get it back, will you? Who could have guessed this would ever happen? … Me… I- I wrote it… yeah.

  • K3RN3LCTF 2021 - Total Encryption

    Cryptography – 500 pts (0 solves) – Chall author: Polymero (me)

    “To store our most embarrassing secrets, we created a Remote Secure Armoury protected by layered RSA encryption with XOR blinding. Never again will my friends be able to mock me for my use of words!”

  • K3RN3LCTF 2021 - Tick Tock

    Cryptography – 496 pts (6 solves) – Chall author: Polymero (me)

    “I chopped up my flag and hid it behind this simple key exchange. Try dlogging your way in if you are brave enough!”

  • K3RN3LCTF 2021 - Shrine of the Sweating Buddha

    Cryptography – 500 pts (0 solves) – Chall author: Polymero (me)

    “Welcome to the Shrine of the Sweating Buddha. Share the burden of your worries, my child ~~~.”

    Hint: share some (7) of your worries and perhaps your fortune will guide you to the flag.

  • K3RN3LCTF 2021 - HADIOR

    Cryptography – 499 pts (3 solves) – Chall author: Polymero (me)

    “HADIOR will hold the DOOR.”

  • K3RN3LCTF 2021 - Game of Secrets

    Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)

    “John wants to play a game, a game of secrets. Recover his secret or be encrypted.”

  • K3RN3LCTF 2021 - lightningrod

    Reverse Engineering – 499 pts (3 solves) – Chall author: Polymero (me)

    “Warning: Weather Control Device detected! ZAP ZAP [insert conscript_death.mp3 here]”

    “Note: there is a typo in the flag, sorry >m<.”

  • K3RN3LCTF 2021 - Poly-Proof

    Cryptography – 490 pts (11 solves) – Chall author: Polymero (me)

    They asked me to set up a zero-knowledge proof that runs in polynomial time. I don’t know what that means but I assume they want me to use polynomials, right?

  • K3RN3LCTF 2021 - Poly Expo go BRRRRR

    Cryptography – 494 pts (9 solves) – Chall author: Polymero (me)

    “I’m going to say this again: I did not have sexual relations with that polynomial, Miss Polinsky.”

  • K3RN3LCTF 2021 - Beecryption

    Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)

    I was watching the bees and it seemed as if they were trying to tell me something… Have I finally gone crazy?!?

  • K3RN3LCTF 2021 - Twizzty Buzzinezz

    Cryptography – 100 pts (116 solves) – Chall author: Polymero (me)

    “Some bees convinced me to invest in their new cryptosystem. They zzzaid their new XOR keyzztream would revolutionizzze the crypto market. However, they quickly buzzed away so all I have is this weird flyer they dropped. Luckily it has some source code on the back.”
    “Have I just really been scammed by some bees??”

  • K3RN3LCTF 2021 - Objection!

    Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)

    “Looks like Harry is hoarding his flags again… Maybe he will stop if we can convince him both Alice and Carlo dislike hoarding too. Alice and Carlo, being stereotypical CTF admins, are not responding to your complaints. Guess you will just have to answer for them… Luckily, I managed to secure you a channel to the domain controller of the CTF server.”

  • K3RN3LCTF 2021 - Non-Square Freedom (1 and 2)

    Cryptography – 465 pts (21 solves) and 490 pts (11 solves) – Chall author: Polymero (me)

    “What can I say, I just like squares.”

  • K3RN3LCTF 2021 - Cozzmic Dizzcovery

    Cryptography – 499 pts (3 solves) – Chall author: Polymero (me)

    “See that comb over there? It came from that meteorite I mentioned yesterday. Take a look at this, if I send bytes in, different bytes come out! Then there’s this button that seems to just produce random bytes… I’m absolutely stumped :S”

  • K3RN3LCTF 2021 - Ain't no Mountain High Enough

    Cryptography – 500 pts (1 solve) – Chall author: Polymero (me)

    “Hills are easy to climb, but mountains? Hoho, they sure are something else!”

  • K3RN3LCTF 2021 - 1-800-758-6237

    Cryptography – 437 pts (28 solves) – Chall author: Polymero (me)