I am one of the authors of this challenge. We tried to create a challenge which explains how differential cryptanalysis works in practice (clearly, using toy ciphers).

We would like to ask some questions to our solvers:

1) How would you rate the difficulty of this challenge? Did it fit to level 2? Did you use our tutorial and information to learn about differential cryptanalysis or did you already have pre-knowledge about that?

2) Which tools did you use for solving the challenge?

3) Do you have any suggestions how we can improve future challenges about (differential) cryptanalysis?

Dear Nils,

1) In my opinion, level 2 is appropriate: of course programming skills and a thorough understanding of the method are required, but solving the challenge doesn't need "significant computational power"; my programs finished within a few seconds.

2) I did the entire challenges in python.

3) In the first of the two challenges it was a bit ambiguous what exactly (for example) s-box21_Differential should be. It took me some time to figure out that this is actually the input difference (as opposed to output, as I would have expected) to S21 (if I remember correctly). A clearer description of what exactly the files contain would have saved some time. But still, the challenge is obviously solvable as it is and some experimentation to get the right results does not hurt ;)

A suggestion for future challenges of this kind: it would be nice to have an actual oracle, i.e. one chooses the plaintexts and sends them to some server for encryption. I know that there already are some challenges of this kind on MT (e.g. the Heartbleed-challenge or the lunchtime attack on homomorphic encryption) and they were quite fun. But this would just be a nice gimmick and I don't know if it's worth the effort and maintenance it would require. I also don't know if the required number of plaintext/ciphertext-pairs is too high for this particular challenge. An alternative would maybe be an oracle in form of a compiled program contained in the additional files (but then again some reversing skills could reveal the key without any knowledge of (differential) cryptanalysis, so this might be a bad idea…).

Apart from that, I enjoyed the challenges and I'm looking forward to future ones of this kind :)