## Interpolation Attack

I made one crypto challenge each for CODEGATE CTF 2022 quals and finals. In this article, I’m gonna explain how the interpolation attack works, and show the way to solve my challenge “Hidden Command Service” from the finals. Interpolation Attack Once upon a time, there was a dangerous attack technique called ‘differential cryptanalysis’… Then, two crypto-magicians made a scheme which is provably safe from the differential cryptanalysis, called KN-Cipher. However, it soon turned out that the structure of S-boxes used in those ciphers are vulnerable to a new attack called ‘interpolation attack’, and a variant of KN-Cipher called PURE is broken....

2022-11-07 · 10 min · RBTree

## Cube Attack

I made one crypto challenge each for CODEGATE CTF 2022 quals and finals. In this article, I’m gonna explain how the cube attack works, and show the way to solve my challenge “Happy S-box” from the quals. Cube Attack Consider a multivariate equation over $\text{GF}(2)$, $f(x_1, \dots, x_n)$. There will be multiple monomials in $f$, and what we want to do is to pick one monomial $g = x_{i_1}x_{i_2} \cdots x_{i_k}$ and divide $f$ by $g$....

2022-11-07 · 6 min · RBTree

## Posts from the Samsung Software Membership blog

Finally, I copied my posts from the Samsung Software Membership blog. Those are not translated yet. I hope I can finish the translation someday. 😢😢😢 Digital Signatures and Nonce Reuse Shellcoding and Bitflip Conjecture Smooth numbers and Factorization On Factoring Given Any Bits Forgery Attack on ElGamal Signatures How to build WebAssembly apps with Rust AntiVirus Oracle Singular Elliptic Curves Anomalous Elliptic Curves SMT Solvers in CTF -...

2022-04-26 · 1 min · RBTree

## SageMath script for AES-GCM challenges

There was an interesting challenge about AES-GCM in LINE CTF 2022, called ’lazy STEK.' I’m not gonna talk about the challenge itself. When I was solving this challenge, I realized that I did not save a script to convert between byte blocks and $\mathbb{F}_{2^{128}}$ elements in SageMath. As it is a bit confusing to understand how the conversion works, I share my script with the solution of lazy STEK here for someone struggling with this problem....

2022-03-27 · 2 min · RBTree

## Attacking a Variant of the RSA Cryptosystem

서론 이번 글은 저번 달의 글에 이어서 pbctf 2021를 출제하면서 사용한 논문 하나를 리뷰하려고 합니다. 이 논문은 Yet Another RSA라는 문제로 작성하게 되었습니다. 해당 논...

2021-11-21 · 7 min · RBTree