Description
A message was encrypted using a shared secret... but it looks like one side of the exchange leaked something. Can you piece together the secret and get the flag? Download the message.txt and source encryption.py .
Setup
Download message.txt and encryption.py.
Read encryption.py to understand the Diffie-Hellman key exchange scheme used.
cat message.txt
cat encryption.py
Solution
- Step 1Analyse the encryption schemeThe source shows a Diffie-Hellman exchange with g=2 and a large prime p. Both parties publish their public key (g^priv mod p). The shared secret is A^b mod p where A is one party's public key and b is the other's leaked private key.
- Step 2Compute the shared secretExtract the leaked private key b, the other party's public key A, and the prime p from message.txt. Compute the DH shared secret, then derive the single-byte XOR key as shared % 256.python3 << 'EOF' # Values from message.txt p = YOUR_PRIME A = YOUR_PUBLIC_KEY # g^a mod p b = YOUR_LEAKED_PRIV # leaked private key shared = pow(A, b, p) key = shared % 256 print("XOR key:", hex(key)) ct = bytes.fromhex("YOUR_CIPHERTEXT_HEX") pt = bytes(c ^ key for c in ct) print(pt.decode()) EOF
Flag
picoCTF{dh_sh4r3d_s3cr3t_...}
Diffie-Hellman with a leaked private key b. Compute shared = A^b mod p, then key = shared % 256. XOR each ciphertext byte with key to decrypt the flag.