Crypto Challenge Set 8

This is the second of two sets we generated after the original 6.

This set focuses on abstract algebra, including DH, GCM, and (most importantly) elliptic curve cryptography. Fair warning - it's really tough! There's a ton of content here, and it's more demanding than anything we've released so far. By the time you're done, you will have written an ad hoc, informally-specified, bug-ridden, slow implementation of one percent of SageMath.

  1. Diffie-Hellman Revisited: Small Subgroup Confinement
  2. Pollard's Method for Catching Kangaroos
  3. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks
  4. Single-Coordinate Ladders and Insecure Twists
  5. Duplicate-Signature Key Selection in ECDSA (and RSA)
  6. Key-Recovery Attacks on ECDSA with Biased Nonces
  7. Key-Recovery Attacks on GCM with Repeated Nonces
  8. Key-Recovery Attacks on GCM with a Truncated MAC

But wait, where are the actual challenges?! You'll need to mail in for them, just like in the original cryptopals. Send a mail to and make the subject "Crazy Flamboyant for the Rap Enjoyment". BUT replace the # with the number of the set you want. Which would be 8. So replace it with 8.

Cryptography Services | NCC Group