[pbctf 2020] LeaK
I know there’s a famous attack on biased nonces. Then, how about this? source output
Being aware of this paper early on, already when first seeing the challenge, we incorrectly conclude that the bounds for the lattice with 2 unknowns don’t match what we need for this challenge. After postponing trying to deal with lattice-induced headaches for a while, we eventually decide to implement the extended HNP based approach as described e.