Tricky challenge. The description is trying to throw me off from “My counter can go both upwards and downwards to throw off cryptanalysts”, which is not the case. The given code for encryption given is trying to simulate AES-CTR mode by doing AES-ECB block-by-block with the given IV. However, in the code of increment(), the method for changing the IV, there is a very sneaky bug: 1 2 3 4 5 6 7 def increment(self): if self....
This takes much longer time than I would like to admit. It is known to me that ECB leads to poor diffusion of the plaintext - the classic example from the Linux penguin used in almost every cryptography book ever. The attack, however, is not exactly clear to me at the beginning. With fuzzy memory of how AES in ECB mode, I was thinking of a scheme that xor a plaintext block with a key block to generate the corresponding ciphertext block....
An embarrassing challenge for me. The solution to this challenge is quite simple. The symmetry of the xor operation enables us to decrypt the message/plaintext $P$ from the $IV$ and ciphertext $C$. Denote the output after running block cipher encryption with key k $E_k$ to be $O$, then we have: $$ O = E_k(IV) $$ $$ C = P \oplus O $$ xor both sides of the above equation, we have:...