Category: cryptography

Brief overview of the AJPS cryptosystem and a full comprehensive write-up as to the intended solution of the challenge as well as an unintentional solution not found by myself largely due to the modifications I made to the original AJPS cryptosystem to facilitate the attack as it was described in the paper.

While reviewing browser traffic purely by coincidence, I found an encrypted telemetry beacon being sent at regular intervals from a heavily obfuscated client-side JavaScript file being sent from a unique subdomain + endpoint. What I found was certainly not what I expected...

At first glance this looks like a standard ECDLP setup: you get prime $p$, coefficient $a$, an $x$-coordinate for a “generator” $G$, and an $x$-coordinate for a public key $Q$ where:

This is a simple RSA crypto challenge that becomes instantly solvable because the same plaintext (the flag) is encrypted many times using a **small public exponent**.

Comprehensive overview of RSA, its origins, modern variations and optimizations, and where things can go wrong (Part 1).

Comprehensive