Quantum Safe

Technical Walkthrough

Writeup

Challenge

• Name: Quantum-Safe
• Category: Crypto
• Difficulty: Easy
• Mode: file

Summary

The challenge presents itself as “quantum safe,” but the provided Sage source uses a small linear transformation over the integers. The only unknown global value is a three-entry offset vector sampled from 0..10, so the solve is exact linear algebra plus a tiny brute force.

Artifact Inventory

Reference analysis/artifact-inventory.json and summarize the relevant files or remote surface.

• source.sage: encryption source that defines pubkey, the fixed random offset vector r, and the per-character encoding.
• output.txt: one transformed 3-vector per flag character.
• No remote instance is required.

Analysis

The Sage source writes each character as:

[ord(c), random_1, random_2] * pubkey + r

The two random coordinates are bounded to 0..100, and the shared offset vector r is bounded to 0..10 for each coordinate. Because pubkey is invertible, every candidate r can be tested by subtracting it from each output row and multiplying by pubkey^-1.

The correct offset is the only candidate that makes every recovered vector integral, keeps the first coordinate printable, and keeps the two random coordinates inside 0..100.

Solve

Run:

python3 solve/solve.py

The script parses output.txt, brute-forces all 11^3 possible offset vectors, inverts the matrix using exact rational arithmetic, filters invalid candidates, and prints the unique HTB-format flag.

Flag

Raw flag is stored in loot/flag.txt and intentionally not reproduced here.

Lessons

• A source-provided “post-quantum” theme can still reduce to ordinary linear algebra.
• Small global randomness should be brute-forced before attempting heavier tooling.
• Exact rational arithmetic avoids false positives from floating-point matrix inversion.

Source-Backed Dossier

The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets.

Notes

Scope

• Challenge: Quantum-Safe
• Category: Crypto
• Difficulty: Easy
• Mode: file
• Remote instance: none
• Start time: 2026-06-10T09:03:10Z
• Operator: harness
• State file: challenge-state.json

Harness Status

• Current phase: see challenge-state.json
• Next allowed actions: see next-action.json
• Raw flags and sensitive material stay in loot/ only. Do not paste them here.

Artifact Inventory

Evidence Ledger

Key Findings

• source.sage is the authoritative encryption logic.
• Each flag character is encoded independently as [ord(c), randint(0,100), randint(0,100)] * pubkey + r.
• The fixed offset r is sampled once as a 3-vector with values in 0..10, making exhaustive search only 11^3 candidates.
• For the correct r, multiplying each adjusted output vector by pubkey^-1 over exact rationals recovers integral triples.
• The first recovered coordinate is the flag character, while the second and third coordinates must remain within 0..100.
• The solver found a unique HTB-format candidate and captured it via the harness into loot/flag.txt.

RAG / Advisory Memory

RAG output is advisory only. Record evaluated retrievals with:

scripts/challenge_harness.py rag-record <workspace> --query "..." --tag MATCHED|PARTIAL|MISSING|<secret redacted>|GENERIC --validation "..."

Secrets/Flags

Raw flags and sensitive material stay in loot/ only. Use scripts/challenge_harness.py capture-flag to validate and record flag capture without printing the value.

Memory Summary

Metadata

• Platform: HackTheBox Challenges
• Category: Crypto
• Challenge: Quantum-Safe
• Difficulty: Easy
• Source workspace: <local workspace>

Validated Solve Chain

Concepts only. Do not include raw flags, reusable credentials, tokens, cookies, private keys, or live secrets.

1. Extracted the HTB archive and found source.sage plus output.txt.
2. Identified the encryption as a per-character integer vector transformation: [ord(c), noise1, noise2] * pubkey + r.
3. Observed that the fixed offset vector r has only 11^3 possible values.
4. Brute-forced r, inverted the public matrix over exact rationals, and required each recovered row to be integral.
5. Filtered candidates by printable flag characters and bounded noise coordinates in 0..100.
6. Recovered one unique HTB-format flag and captured it with the challenge harness.

Reusable Lessons

• For source-based crypto challenges, inspect the data model and randomness bounds before reaching for specialized tooling.
• If a linear map is invertible and the global random offset is small, brute-force the offset and solve exactly.
• Use rational/integer arithmetic for matrix recovery to avoid floating-point precision mistakes.

Dead Ends

• Sage was not installed locally, but it was unnecessary because the source translated cleanly to Python.
• Heavy crypto or quantum-specific tooling was not needed.

Tool Quirks

• Local tool_readiness.py reported Sage, sympy, and z3 missing.
• The final solver uses only Python standard library modules.

Evidence Paths

• files/extracted/crypto_quantum_safe/source.sage
• files/extracted/crypto_quantum_safe/output.txt
• analysis/research/local-crypto-strategy.md
• solve/solve.py
• loot/flag.txt

Ingestion Decision

• Proposed for LightRAG: yes
• Requires user approval before ingestion: yes

Hypothesis Board

Keep no more than 3 active hypotheses on Easy/Medium and 5 on Hard unless the user explicitly asks for breadth.

Closed Branches

Memory Summary

approval_required: true

Sanitized Memory Summary

Metadata

• Platform: HackTheBox Challenges
• Category: Crypto
• Challenge: Quantum-Safe
• Difficulty: Easy
• Source workspace: <local workspace>

Validated Solve Chain

Concepts only. Do not include raw flags, reusable credentials, tokens, cookies, private keys, or live secrets.

1. Extracted the HTB archive and found source.sage plus output.txt.
2. Identified the encryption as a per-character integer vector transformation: [ord(c), noise1, noise2] * pubkey + r.
3. Observed that the fixed offset vector r has only 11^3 possible values.
4. Brute-forced r, inverted the public matrix over exact rationals, and required each recovered row to be integral.
5. Filtered candidates by printable flag characters and bounded noise coordinates in 0..100.
6. Recovered one unique HTB-format flag and captured it with the challenge harness.

Reusable Lessons

• For source-based crypto challenges, inspect the data model and randomness bounds before reaching for specialized tooling.
• If a linear map is invertible and the global random offset is small, brute-force the offset and solve exactly.
• Use rational/integer arithmetic for matrix recovery to avoid floating-point precision mistakes.

Dead Ends

• Sage was not installed locally, but it was unnecessary because the source translated cleanly to Python.
• Heavy crypto or quantum-specific tooling was not needed.

Tool Quirks

• Local tool_readiness.py reported Sage, sympy, and z3 missing.
• The final solver uses only Python standard library modules.

Evidence Paths

• files/extracted/crypto_quantum_safe/source.sage
• files/extracted/crypto_quantum_safe/output.txt
• analysis/research/local-crypto-strategy.md
• solve/solve.py
• loot/flag.txt

Ingestion Decision

• Proposed for LightRAG: yes
• Requires user approval before ingestion: yes

Notes

Notes

Scope

• Challenge: Quantum-Safe
• Category: Crypto
• Difficulty: Easy
• Mode: file
• Remote instance: none
• Start time: 2026-06-10T09:03:10Z
• Operator: harness
• State file: challenge-state.json

Harness Status

• Current phase: see challenge-state.json
• Next allowed actions: see next-action.json
• Raw flags and sensitive material stay in loot/ only. Do not paste them here.

Artifact Inventory

Evidence Ledger

Key Findings

• source.sage is the authoritative encryption logic.
• Each flag character is encoded independently as [ord(c), randint(0,100), randint(0,100)] * pubkey + r.
• The fixed offset r is sampled once as a 3-vector with values in 0..10, making exhaustive search only 11^3 candidates.
• For the correct r, multiplying each adjusted output vector by pubkey^-1 over exact rationals recovers integral triples.
• The first recovered coordinate is the flag character, while the second and third coordinates must remain within 0..100.
• The solver found a unique HTB-format candidate and captured it via the harness into loot/flag.txt.

RAG / Advisory Memory

RAG output is advisory only. Record evaluated retrievals with:

scripts/challenge_harness.py rag-record <workspace> --query "..." --tag MATCHED|PARTIAL|MISSING|<secret redacted>|GENERIC --validation "..."

Secrets/Flags

Raw flags and sensitive material stay in loot/ only. Use scripts/challenge_harness.py capture-flag to validate and record flag capture without printing the value.