Swiss Hacking Challenge 2023 - quantum
Information
Challenge category: crypto
Challenge Description
https://youtu.be/QRjntDBe15A?t=44 I’m Richard Ames. Secret Service? No – I was sent in by the La-li-lu-le-lo, just like you. What? You’re here to find out where the President is. We have little time, so I’ll be brief. How about switching to nanocommunications first? Nanocommunications? Right. Silence beats talk when it comes to safety.
The patriots are working on a new kind of nanocommunication device. They don’t (yet) know how to use quantum entanglement for superluminal communication, nevertheless they are working on something. Check out these quantum circuits, we suspect they were generated using qiskit, maybe you can rebuild them and understand them? Attention: The first qubit will be at the end of the password string, so suppose there are 4 qubites:
1,0,0,0the password string will beb"0001"
Files
We are given a quantum.zip archive containing screenshots three qiskit circuits. Our goal is to read all of the circuits in binary and use the flag.py script to get the flag.
Circuit 1
We have 2 elements: The measurements and the [x] gates. Every row goes from left to right and is measured at the measurement gate.
The [x] gates are applied to the qubit on the left. Qubits are 0 by default. The [x] gate inverts the state of the qubit.
The first circuit password is:
0100010101010001010101000101010100010101010001010101000101010100
Circuit 2
We have two new elements: The [I] gate which does nothing as it is an identity gate which isn’t relevant for the qubit value. Also we have the blue lines connecting which mean the qubits are entangled (?). This swaps the values of two qubits.
The second circuit password is
1000101010100010101010001010101000101010100010101010001010101000
Circuit 3
The third circuit is where it gets difficult. Yet another gate, the [H] gate is introduced. It puts the qubit in a superposition of 0 and 1. This means that the qubit is both 0 and 1 at the same time. When we measure the qubit, it will collapse to either 0 or 1. The probability of it collapsing to 0 or 1 is equal.
That means we can’t really tell what the value is and have to brute-force it. Thankfully this is only the case for the last 10 qubits as the other ones have an equal number of [H] gates which cancel each other out.
As there are no other gates all other qubits are 0.
possibilities = []
# generate 2^10 possibilities
for i in range(0, 2**10):
# convert the integer to binary
pw = bin(i)[2:].zfill(10)
# add the leading zeros
pw = pw.zfill(64)
# convert to bytes
pw = pw.encode('ascii')
# append to the list
possibilities.append(pw)
for pw in possibilities:
# change string backwards
circ3_key = pbkdf2_hmac("sha256", pw, SALT, 1337, 32)
# print pw
if circ3_key == b'\xa7[\x90\x9d\xfae\xc5\x03?\xa6\x95\\\x1b\\\x03Pc\xf7\xfe\xf6\xb5\xad\xf8f\x10\x7f\x86\xc8\xe1\xa6O\xf6':
print('found it ')
circ3_pw = pw
print(circ3_pw)
break
Flag
The flag is:
shc2023{p4tr10t_q4ntum_c1rcu1t_3ng1n33r1ng}
Conclusion
Never did quantum stuff before but it was very interesting.