Ready for the third Elliptic Boogaloo? In this challenge, we dance on elliptical curves and try to forge digital signatures. But some hints went missing. However, a nasty encryption algorithm prevents us from putting the necessary pieces of the puzzle together. Can you still manage to forge a signature?

Ready for the second Elliptic Boogaloo? In this challenge, we dance on elliptical curves and try to forge digital signatures. But some hints went missing. Can you still forge a signature?

The Lorenz SZ42, codenamed Tunny, was a German teleprinter encryption device used during WW2. This is the fourteenth challenge in a series of 16 level-3 challenges with the SZ42. In this "Breaking" challenge you are only provided with one ciphertext. Can you find the MU-, CHI-, and PSI wheel patterns and decrypt the ciphertext?

The SIGABA CSP-2900 was a highly secure encryption machine used by the US for strategic communication in WWII. In this series of challenges, you are provided with a ciphertext and a partially-known plaintext, here with the length of 200 and 100 characters.

The SIGABA CSP-889 was a highly secure encryption machine used by the US for strategic communication in WWII. In this series of challenges, you are provided with a ciphertext and a partially-known plaintext, here with the length of 200 and 100 characters.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from a T52E ciphertext and a crib. The key is partially known.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from a T52D ciphertext and a crib. The key is unknown.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from a T52AB ciphertext and a crib. The key is unknown.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from a T52D ciphertext and a crib. The key is partially known.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from T52D ciphertexts "in-depth". You are also provided with cribs for each message. The key is unknown.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from T52E ciphertexts "in-depth". You are also provided with cribs for each message. The key is partially known.

The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in the first five parts of this series of challenges, you are provided with a partial known-plaintext. However, in this part you get no information about the key.

The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in the first four parts of this series of challenges, you are provided with a partial known-plaintext, and some information about the key settings. However, in this part you get even less information about the key.

The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in the first three parts of this series of challenges, you are provided with a partial known-plaintext, and some information about the key settings. However, in this part you get even less information about the key.

The SIGABA was a highly secure encryption machine used by the US for strategic communications in WWII. As in part 1 and part 2 of this series of challenges, you are provided with a partial known-plaintext, and some information about the key settings. However, in this part you get even less information about the key.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from one T52C ciphertext. The key is unknown.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover a plaintext from one T52AB ciphertext. The key is unknown.

The Siemens and Halske T52 was a family of German teleprinter encryption devices used during WW2. This challenge is part of a series of new heavier challenges with T52. In this challenge, you need to recover the plaintexts from T52D ciphertexts "in-depth". The key is unknown.

ElsieFour combines ideas of modern RC4 stream cipher, historical Playfair cipher and plaintext-dependent keystreams. It can be computed manually. Part 1 is a partly-known-plaintext challenge which provides 2 messages that were encrypted with the same key.

Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 9 is the same as Part 6, but uses an improved version of the cipher. It is a ciphertext-only challenge.

Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 8 is the same as Part 5, but uses an improved version of the cipher. You are given the ciphertext and 229 letters occuring at an unknown location in the plaintext.

Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 7 is the same as Part 4, but uses an improved version of the cipher. You are given the ciphertext and the first 229 letters of the plaintext.

Extended Handycipher is an enhancement of Handycipher. Part 6 is the same as Part 3, but uses an improved version of the cipher. You are given two encryptions of the plaintext generated with the same key. It is ciphertext-only.

Extended Handycipher is an enhancement of Handycipher. Part 5 is the same as Part 2, but uses an improved version of the cipher. You are given two encryptions of the plaintext generated with the same key, and 229 characters occuring at an unknown location in the plaintext.

Extended Handycipher is an enhancement of Handycipher. Part 4 is the same as Part 1, but uses an improved version of the cipher. You are given three encryptions of the plaintext generated with the same key, and the first 229 characters of the plaintext.

Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 6 is the same as Part 3, but uses an improved version of the cipher. It is a ciphertext-only challenge.

Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 5 is the same as Part 2, but uses an improved version of the cipher. You are given the ciphertext and 229 letters occuring at an unknown location in the plaintext.

Handycipher is a newly created cipher designed to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. Part 4 is the same as Part 1, but uses an improved version of the cipher. You are given the ciphertext and the first 229 letters of the plaintext.

Spirale is a OTP cipher designed to be simply performed by hand. Part 4 is a ciphertext-only challenge with a 485-letter ciphertext. Unlike the other three parts of this series, this one uses four new random keys.

Handycipher is a newly designed cipher to permit pen-and-paper encrypting and decrypting, while providing a significantly high level of security. You got only the ciphertext of the 993-character plaintext.

The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods!

The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods!

The double columnar transposition is considered to be one of the best manual encryption systems. This sequence considers vulnerabilities that have been used to solve the corresponding level X challenge. The three challenges of the sequence have an increasing difficulty. In the third part a German plaintext has been encrypted with random keys.

The double columnar transposition is considered to be one of the best manual encryption systems. This sequence considers vulnerabilities that have been used to solve the corresponding level X challenge. The three challenges of the sequence have an increasing difficulty. In the second part two interleaved English texts have been encrypted with random keys.

The double columnar transposition is considered to be one of the best manual encryption systems. This sequence considers vulnerabilities that have been used to solve the corresponding level X challenge. The three challenges of the sequence have an increasing difficulty. In the first part an English plaintext has been encrypted with keys derived from English sentences.

The ORYX stream cipher consists of three 32-bit LFSRs X, A, B which are shifted differently depending on some bits in the LFSR X. The key stream is a combination of the highest 8 bits of each of the three LFSRs. It is neither feasible nor necessary to search the whole 96-bit key space, there are more efficient methods!

This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 617 decimal digits.

This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 617 decimal digits.

This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 500 decimal digits.

This challenge descends from the RSA Laboratories contest to encourage research into the practical difficulty of factoring large integers of different length (between 330 and 2048 bit) and cracking RSA keys used in cryptography. This challenge is about factoring a number with 490 decimal digits.