Polymero | Sebastiaan Venendaal

Check out the Archive to filter writeups by tags!


What is this CTF category?

Most of modern cryptography deals with the encoding, encryption, and authentication of data traffic. Think of web browsing, bank transfers, communication applications, etc. Our first goal is to have our data encrypted such that only those with the appropriate keys can decrypt it. Secondly, we need to find a way for us to be sure an encrypted message indeed came from whom we think it came from and vice versa. As you can imagine, this proves to be easier said than done. During CTFs, you will be confronted with insecure algorithms proving exactly this. You will have to investigate and make sense of any provided source code, look for potential vulnerabilities, and finally exploit the algorithm to work your way to the flag.


What knowledge do I need right now to get started?

Do not be put off by the maths behind cryptography. Aside from high school maths, a quick introduction into modular arithmetic should be enough to get you started. When you are ready to dive further in, some number- and group theory, linear algebra, and elliptic curve arithmetic will do wonders for you.

What about cryptographic knowledge? There are many exotic cryptosystems and even the most common ones have plenty of variants. Therefore it is probably best to learn about these along the way. However, almost all CTFs will include at least some challenges based on, but not limited to, the following cryptographic primitives:

  • XOR ciphers, which use only bitwise and/or integer operations,
  • RSA, a public key cryptosystem with many potential vulnerabilities,
  • AES, a symmetric block cipher with various modes of operation,
  • ECC, based on elliptic curve arithmetic with its commonly used signature scheme ECDSA.

The best way to hone your cryptography skills is through practice! Try your luck in beginner-focused CTFs, look for archived challenges on CTFtime, or check out CryptoHack.


What tools do I need to be successful?

Pen, paper, and Python is really all you need, although some experience with Sage (a more math-focused extension of Python) might prove useful. Usually all attacks and exploits can be written from scratch well within the duration of the CTF. No external tools are required, although the use of existing third-party scripts is generally allowed.


Search