Tags: crypto otp xor

Rating:

## Intro
**N1TP** was a crypto challenge at [email protected] 2021 CTF.

You were given an encrypted flag and an encryption oracle.

## Investigation
From the context of the challenge one can deduce the applied encryption scheme here is a [One-Time Pad](https://en.wikipedia.org/wiki/One-time_pad). A OTP is cryptographically secure unless being re-used. If so, given an encryption oracle and a ciphertext C = M ^ K where K is the OTP , one can recover the original message M by simply calculating C1 = M1 ^ K and then:


C ^ C1 ^ M1 = M ^ K ^ M1 ^ K ^ M1 = M


## Solution
I fetched the encrypted flag and the ciphertext for the plaintext I provided and predicted that the OTP would be re-used. Applying the aforementioned formula proved me right and rewarded me with the flag.

> flag{9276cdb76a3dd6b1f523209cd9cd9c0a11b}

##### Edit
I learned after the event that because we know the original message starts with the word flag{ I could have chosen a plaintext for the oracle starting with the same word to learn that the OTP is being re-used here - the first bytes of the two ciphertexts are then equal and therefore the OTP is re-used.

Original writeup (https://github.com/dystobic/writeups/tree/main/2021/HacktivityCon%20CTF/N1TP).