picoCTF Solutions
picoCTF 2019CryptographyEasy

Easy1

Published: April 2, 2026

Description

The one-time pad can be unbreakable when used correctly -- but can you break this one? A Vigenere-style lookup table, the key SOLVECRYPTO, and ciphertext UFJKXQZQUNB are provided.

Setup

Download the table image or text file from the challenge page.

Solution

  1. Step 1Use the OTP table to decrypt each character
    For each position, find the row indexed by the key letter (S, O, L, V, E, C, R, Y, P, T, O) and scan across that row to find the column that matches the ciphertext letter. The column header is the plaintext letter. Working through all 11 characters produces CRYPTOISFUN.
    Learn more

    A one-time pad (OTP) is a theoretically unbreakable encryption scheme when used correctly. The key must be: (1) truly random, (2) at least as long as the message, and (3) never reused. When all three conditions are met, ciphertext provides zero information about the plaintext -- every possible plaintext of the same length is equally likely.

    This challenge uses a Vigenere-style tabula recta -- a 26×26 grid where each row is a Caesar-shifted alphabet. To encrypt, find the row labeled by the key letter and the column labeled by the plaintext letter; the intersection is the ciphertext. To decrypt, find the row labeled by the key letter, scan across until you find the ciphertext letter, then read the column header as plaintext. This is exactly inverting the encryption operation.

    This challenge fails as a true OTP on all three counts: the key SOLVECRYPTO is not random (it's a meaningful word), it's shorter than any message longer than 11 characters (requiring reuse), and the lookup table itself is the Vigenere square rather than XOR. The Vigenere cipher is a repeating-key polyalphabetic cipher -- a significant improvement over Caesar but still breakable when the key is short relative to the message.

    Understanding why OTP fails in practice matters for real cryptography. Modern symmetric ciphers like AES in CTR mode approximate OTP properties using pseudorandom keystreams derived from a short key -- but they rely on computational hardness rather than information-theoretic security. The key insight is that "unbreakable" cryptography requires strict operational discipline, not just a clever algorithm.

Flag

picoCTF{...}

A true one-time pad requires a random key at least as long as the message that is never reused -- all three conditions are violated here, making it breakable.

More Cryptography