# Hacking like it's (B)'92!

This challenge will introduce the Bennett 92 protocol! 

## What is B92?

Much like BB84, B92 relies on the properties of polarized photons. The essential working parts of the protocol are below:

1. Let Alice's bases be horizontal (H, representing 0) and +45 degrees (clockwise, representing 1)
1. Let Bob's bases be vertical (V, represented by 1) and -45 degrees (represented by 0)
1. Alice and Bob generate a random bit each, and set their polarizations accordingly.
1. Alice then sends a photon, polarized by their 'bit'.
1. If they do not match, then Bob will not detect anything.
1. If they do match then there is a 50% chance that Bob will detect a photon - if so, then Bob tells Alice there was a detection and they both record the relevant bit as part of their shared key.

**Detecting Eve**

Alice and Bob can do a form of reconciliation where they can take a sample of their bits and see how well they did. 

If Eve is present, then Eve has to make a guess as to both Bob's measurement polarization and Alice's sending polarization. If Alice makes a detection, then Eve knows Alice's polarization, but there is a 50% chance that Bob will not detect Eve's correctly aligned photon.

As such, any errors above a given level would indicate that Eve is present, meaning that Alice and Bob can terminate the key exchange safely.

Here's a handy explainer applet you can use to learn more about B92 - [https://www.st-andrews.ac.uk/physics/quvis/simulations_html5/sims/cryptography-b92/B92_photons.html](https://www.st-andrews.ac.uk/physics/quvis/simulations_html5/sims/cryptography-b92/B92_photons.html)

## The Challenge

Alice and Bob are going to exchange a key with the B92 protocol! However, Alice doesn't know this, but Eve has broken her random number generator that it now generates output from repeating short sequence of bits.

With this in mind, all Eve has to do is hack Bob so that they get the bits where Bob made a detection. 

Here is all the data that Eve has on Bob:

Bob's bases: 
```python
sdIsrkWvQFxo7RY/TW3QhVEzMRL6TCaup3fLIhDNIXUnv39EPnwgm2Uk+52SyRjjZesX1MwCsbiotVUl88UxPC2VIWGs3cWHArxnOCEEXZ3oPf+R4lV7+XqtngmAn6KIa4tPkA==
```

Bob's Detection Indices: 
```python
[1, 2, 4, 10, 11, 12, 15, 16, 20, 22, 26, 36, 43, 48, 52, 59, 63, 64, 67, 74, 75, 77, 81, 82, 86, 95, 96, 102, 113, 114, 117, 118, 123, 125, 126, 130, 131, 132, 133, 136, 141, 143, 146, 150, 153, 156, 157, 158, 159, 161, 165, 173, 174, 175, 183, 188, 195, 196, 197, 203, 204, 210, 211, 213, 216, 219, 223, 229, 231, 233, 234, 235, 241, 243, 252, 259, 263, 265, 269, 275, 278, 280, 282, 283, 286, 289, 290, 293, 303, 309, 331, 334, 338, 344, 346, 354, 371, 377, 379, 381, 383, 384, 387, 392, 398, 400, 414, 415, 416, 423, 424, 426, 427, 429, 438, 443, 445, 453, 454, 458, 466, 467, 472, 475, 479, 482, 488, 492, 501, 504, 506, 509, 522, 527, 529, 530, 531, 534, 541, 547, 548, 550, 558, 560, 562, 564, 576, 580, 584, 585, 587, 606, 609, 612, 613, 618, 619, 629, 635, 641, 643, 646, 649, 653, 654, 656, 669, 670, 676, 679, 683, 684, 689, 695, 698, 702, 707, 709, 716, 718, 719, 721, 730, 733, 741, 742, 745, 753, 757, 762, 770, 776, 777, 778, 781, 785, 786, 788, 793, 796, 798]
```

The encrypted flag is: `Ls11rzMwfGNtf+Ysm/19fU8kSD4mD9U=`

In [4]:
import base64
import numpy as np

bob_bases = base64.b64decode("sdIsrkWvQFxo7RY/TW3QhVEzMRL6TCaup3fLIhDNIXUnv39EPnwgm2Uk+52SyRjjZesX1MwCsbiotVUl88UxPC2VIWGs3cWHArxnOCEEXZ3oPf+R4lV7+XqtngmAn6KIa4tPkA==")

bob_detections = [1, 2, 4, 10, 11, 12, 15, 16, 20, 22, 26, 36, 43, 48, 52, 59, 63, 64, 67, 74, 75, 77, 81, 82, 86, 95, 96, 102, 113, 114, 117, 118, 123, 125, 126, 130, 131, 132, 133, 136, 141, 143, 146, 150, 153, 156, 157, 158, 159, 161, 165, 173, 174, 175, 183, 188, 195, 196, 197, 203, 204, 210, 211, 213, 216, 219, 223, 229, 231, 233, 234, 235, 241, 243, 252, 259, 263, 265, 269, 275, 278, 280, 282, 283, 286, 289, 290, 293, 303, 309, 331, 334, 338, 344, 346, 354, 371, 377, 379, 381, 383, 384, 387, 392, 398, 400, 414, 415, 416, 423, 424, 426, 427, 429, 438, 443, 445, 453, 454, 458, 466, 467, 472, 475, 479, 482, 488, 492, 501, 504, 506, 509, 522, 527, 529, 530, 531, 534, 541, 547, 548, 550, 558, 560, 562, 564, 576, 580, 584, 585, 587, 606, 609, 612, 613, 618, 619, 629, 635, 641, 643, 646, 649, 653, 654, 656, 669, 670, 676, 679, 683, 684, 689, 695, 698, 702, 707, 709, 716, 718, 719, 721, 730, 733, 741, 742, 745, 753, 757, 762, 770, 776, 777, 778, 781, 785, 786, 788, 793, 796, 798]

encrypted_flag = base64.b64decode("Ls11rzMwfGNtf+Ysm/19fU8kSD4mD9U=")

In [6]:
import base64

# Decoding bob_bases from base64
bob_bases_raw = base64.b64decode("sdIsrkWvQFxo7RY/TW3QhVEzMRL6TCaup3fLIhDNIXUnv39EPnwgm2Uk+52SyRjjZesX1MwCsbiotVUl88UxPC2VIWGs3cWHArxnOCEEXZ3oPf+R4lV7+XqtngmAn6KIa4tPkA==")
bob_bases_bits = [bin(b)[2:].zfill(8) for b in bob_bases_raw]  # Converting each byte to bits

# Printing the first 10 bytes of bob_bases_bits to understand the encoding
print(bob_bases_bits[:10])

# Checking the first 10 indices in bob_detections
bob_detections = [1, 2, 4, 10, 11, 12, 15, 16, 20, 22, 26, 36, 43, 48, 52, 59, 63, 64, 67, 74, 75, 77, 81, 82, 86, 95, 96, 102, 113, 114, 117, 118, 123, 125, 126, 130, 131, 132, 133, 136, 141, 143, 146, 150, 153, 156, 157, 158, 159, 161, 165, 173, 174, 175, 183, 188, 195, 196, 197, 203, 204, 210, 211, 213, 216, 219, 223, 229, 231, 233, 234, 235, 241, 243, 252, 259, 263, 265, 269, 275, 278, 280, 282, 283, 286, 289, 290, 293, 303, 309, 331, 334, 338, 344, 346, 354, 371, 377, 379, 381, 383, 384, 387, 392, 398, 400, 414, 415, 416, 423, 424, 426, 427, 429, 438, 443, 445, 453, 454, 458, 466, 467, 472, 475, 479, 482, 488, 492, 501, 504, 506, 509, 522, 527, 529, 530, 531, 534, 541, 547, 548, 550, 558, 560, 562, 564, 576, 580, 584, 585, 587, 606, 609, 612, 613, 618, 619, 629, 635, 641, 643, 646, 649, 653, 654, 656, 669, 670, 676, 679, 683, 684, 689, 695, 698, 702, 707, 709, 716, 718, 719, 721, 730, 733, 741, 742, 745, 753, 757, 762, 770, 776, 777, 778, 781, 785, 786, 788, 793, 796, 798]
print(bob_detections[:10])


['10110001', '11010010', '00101100', '10101110', '01000101', '10101111', '01000000', '01011100', '01101000', '11101101']
[1, 2, 4, 10, 11, 12, 15, 16, 20, 22]


In [12]:
# Mapping binary bits to Bob's bases
bob_bases = ['V' if bit == '1' else '-45' for byte in bob_bases_bits for bit in byte]
print(bob_bases)

['V', '-45', 'V', 'V', '-45', '-45', '-45', 'V', 'V', 'V', '-45', 'V', '-45', '-45', 'V', '-45', '-45', '-45', 'V', '-45', 'V', 'V', '-45', '-45', 'V', '-45', 'V', '-45', 'V', 'V', 'V', '-45', '-45', 'V', '-45', '-45', '-45', 'V', '-45', 'V', 'V', '-45', 'V', '-45', 'V', 'V', 'V', 'V', '-45', 'V', '-45', '-45', '-45', '-45', '-45', '-45', '-45', 'V', '-45', 'V', 'V', 'V', '-45', '-45', '-45', 'V', 'V', '-45', 'V', '-45', '-45', '-45', 'V', 'V', 'V', '-45', 'V', 'V', '-45', 'V', '-45', '-45', '-45', 'V', '-45', 'V', 'V', '-45', '-45', '-45', 'V', 'V', 'V', 'V', 'V', 'V', '-45', 'V', '-45', '-45', 'V', 'V', '-45', 'V', '-45', 'V', 'V', '-45', 'V', 'V', '-45', 'V', 'V', 'V', '-45', 'V', '-45', '-45', '-45', '-45', 'V', '-45', '-45', '-45', '-45', 'V', '-45', 'V', '-45', 'V', '-45', 'V', '-45', '-45', '-45', 'V', '-45', '-45', 'V', 'V', '-45', '-45', 'V', 'V', '-45', '-45', 'V', 'V', '-45', '-45', '-45', 'V', '-45', '-45', '-45', 'V', '-45', '-45', 'V', '-45', 'V', 'V', 'V', 'V', 'V', '-45

In [13]:
# Extracting shared key bits from Bob's bases using bob_detections indices
shared_key_bits = [bob_bases[i] for i in bob_detections]
# Converting bases to bits (assuming 'V' maps to '1' and '-45' maps to '0')
shared_key = ''.join(['1' if base == 'V' else '0' for base in shared_key_bits])
print(shared_key)

010010001010000100010100110010000100100001100001010100010011000000000100000010111000001100001100110010011000100000010001010011100011010100001001000010100000011100010100001011101010100000000011000101000


In [17]:
# Length of the encrypted flag in bits
encrypted_flag_length_bits = len(encrypted_flag) * 8

# Number of times the shared_key needs to be repeated to at least match the length of the encrypted_flag
repetition_factor = (encrypted_flag_length_bits + len(shared_key) - 1) // len(shared_key)

# Repeating the shared_key to match the length of the encrypted flag
repeated_key = (shared_key * repetition_factor)[:encrypted_flag_length_bits]

# Converting binary string to bytes
repeated_key_bytes = bytes(int(repeated_key[i:i+8], 2) for i in range(0, len(repeated_key), 8))

# XORing the encrypted flag with the repeated key
decrypted_flag = bytes([a ^ b for a, b in zip(encrypted_flag, repeated_key_bytes)])

# Printing the decrypted flag
print(decrypted_flag)

b'flag{Q-Site Rul3z-B92!}'
