The challenge provides a Python script that encrypts a flag using a custom-built keystream generator. The core of the generator relies on a , which is a type of mapping where the -th bit of the output only depends on the
: The state size or the complexity of the mixing function is insufficient to prevent a guess-and-determine attack or a simple breadth-first search on the bit transitions [3, 5]. Solution Strategy (Write-up) ti_moe_more
-th bits of the input [3]. While T-functions are often used to create long-period sequences, improper implementation can lead to significant linear vulnerabilities. Key Vulnerabilities The challenge provides a Python script that encrypts
The graph above illustrates the of T-functions: bit only depends on bits , allowing for the bit-by-bit recovery used in the exploit. While T-functions are often used to create long-period
-th bit of the state update does not depend on bits higher than