Rating:

The challange name refers to the concept of "[Partially Homomorphic Encryption.](https://en.wikipedia.org/wiki/Homomorphic_encryption)" Which is an encryption scheme that allows some computations to be performed on encrypted values without them being decrypted.

init.txt has a line saying "HEllo Pascal!" which gives the hint that we're using the [Paillier cryptosystem](https://en.wikipedia.org/wiki/Paillier_cryptosystem).

Four numbers are given in the challenge. The first two are a number and it's encryption. I will refer to these as p and c. Then we are given n². Finally we're given x, which is a multiple of p.

We are then asked to encrypt x and send it back. The Peillier encryption scheme allows homomorphic multiplication of plaintexts. First we find the factor we must multiply p to get x. (x /p ) this will be denoted f. The wikipedia article says that to mutiply a decrypted value by a factor while it's still in its encrypted form, all you have to do is raise it to the power of that factor and mod n².
$$e(p \cdot f) = e(p)^{f} \mod n^2 $$

Then send the encrypted value back and we're done!

Here is the code I used to automate the process:

```
#!/usr/bin/env python3

import pwn

host = 'challenges.ctfd.io'
port = 30004

s = pwn.remote(host, port)
s.recvuntil('this for me? ')
c = int(s.recvuntil('\n', drop=True)) # Get the cipher text

s.recvuntil('lucky number ')
p = int(s.recvuntil(' !', drop=True)) # Get the plain value

s.recvuntil('as well: ')
n2 = int(s.recvuntil('\n', drop=True)) # Get n²

s.recvuntil('encryption of ')
x = int(s.recvuntil('?', drop=True)) # Get the number they want us to encrypt

f = x // p

answer = pow(c, f, n2) # Perform the homomorphic operation

s.sendline(str(answer))
s.recvline()
response = s.recvline().decode('utf-8').strip()

s.close()

print("The flag is: " + response)
```