work

1 files changed, 0 insertions, 148 deletions

diff --git a/index.html b/index.html
deleted file mode 100644
index 1fd52b1..0000000
--- a/index.html
+++ /dev/null
@@ -1,148 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>Forbidden Salamanders</title>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <link rel="stylesheet" type="text/css" href="/static/styles.css">
-    <link rel="stylesheet" type="text/css" href="/forbidden-salamanders/static/styles.css">
-    <link rel="shortcut icon" type="image/x-icon" href="/forbidden-salamanders/static/favicon.ico">
-  </head>
-  <body>
-	<div class="container">
-        <div>
-            <div class="home">
-                <a href="/forbidden-salamanders" class="home-title">Forbidden Salamanders</a>
-                <span> at </span><a href="/">cyfraeviolae.org</a>
-            </div>
-            <div class="crumbs">
-                <a href="/git/forbidden-salamanders">source code</a>
-                <span class="sep"> · </span>
-                <a href="/forbidden-salamanders/nonce-reuse">nonce reuse</a>
-                <span class="sep"> · </span>
-                <a href="/forbidden-salamanders/nonce-truncation">nonce truncation</a>
-                <span class="sep"> · </span>
-                <a href="/forbidden-salamanders/key-commitment">key commitment</a>
-            </div>
-        </div>
-		<p>
-            The FIPS-compliant sorcerer Roseacrucis uses the <a href="https://en.wikipedia.org/wiki/Galois/Counter_Mode">Advanced Encryption Standard in Galois/Counter Mode</a>
-            to correspond with his retinue. The Library&rsquo;s cryptanalysts
-            have intercepted the communication channel, but we need your
-            help to exploit their broken protocols.
-		</p>
-		<p>
-			Choose one of the following missions.
-		</p>
-        <p>
-            <strong><a href="/forbidden-salamanders/nonce-reuse">Nonce
-            reuse</a>.</strong> Due to rising entropy prices, Roseacrucis has
-            started to reuse nonces. You must perform the Forbidden Attack in order to
-            recover the authentication key and forge arbitrary ciphertext.
-        </p>
-        <p>
-            <strong><a href="#">Nonce truncation</a>.</strong> The sorcerer
-            aims to conserve bandwidth by truncating nonces from twelve bytes
-            to four. Use the enemy as a decryption oracle to once again,
-            recover the authentication key and forge arbitrary ciphertext.
-        </p>
-        <p>
-            <strong><a href="#">Key commitment</a>.</strong> One of
-			our agents has infiltrated Roseacrucis&rsquo; inner circle, but all
-			secret keys are required to be surrendered to the
-			counterintelligence authority. Help her send ciphertexts to the
-			Library that decrypt to confidential information under one key, but
-			innocuous banter under another.
-        </p>
-        <br>
-		<details>
-			<summary>
-                Though it is not required to complete your missions, we now
-                review the construction of AES-GCM.
-			</summary>
-            <p>
-                AES-GCM is a block cipher that accepts a key of 16 bytes,
-                a nonce of 12 bytes, plaintext, and additional authenticated data.
-                It returns ciphertext and a message authentication code (MAC).
-            </p>
-            <p>
-                The ciphertext is computed as in <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)">counter mode</a>, whereas the MAC is computed using the algorithm GMAC.
-            </p>
-			<p>
-				Let
-				\[
-					m = \alpha^{128}+\alpha^7 + \alpha^2 + \alpha + 1
-				\]
-				\[
-					\mathbb{K} = \mathbb{F}(2^{128})/m.
-				\]
-			</p>
-			<p>
-				The finite field \(\mathbb{K}\) can be
-				interpreted as the set of polynomials with coefficients in \(\mathbb{F}_2\)
-				of degree less than \(128\). Multiplication
-				is performed modulo \(m\). This field is of characteristic 2;
-				e.g., \((\alpha^5 + 1)+(\alpha^5 + 1) = 0\).
-			</p>
-			<p>
-				We interpret 16-byte blocks as elements in \(\mathbb{K}\)
-				in little-endian bit order:
-                \[
-				b_0b_1b_2\ldots{}b_{127} \mapsto
-                b_0 + b_1\alpha + b_2\alpha^2 + \ldots + b_{127}\alpha^{127},
-                \]
-				where \(b_0\) is the least significant bit of the first byte of
-				the block.
-			</p>
-			<p>
-                12-byte nonces are interpreted as 96-bit integers in big-endian
-                byte order. Let \(\operatorname{Byte} = [0, 2^8-1]\) and
-                \(x_i\) refer to the \(i\)th 16-byte chunk of the bytestring
-                \(x\).
-            </p>
-            <p>
-                \(\operatorname{encode_{big}}(x, n)\) encodes an integer \(x\) into \(n\) bytes in big-endian
-                byte order. \(\operatorname{pad_n}(x, p)\) pads the length of
-                the bytestring \(x\) to the nearest multiple of \(n\) with the
-                byte \(p\). \(\operatorname{AES}(k, x)\) refers to
-                the <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard">128-bit AES block cipher</a>.
-            </p>
-			<br>
-			<div class="algorithm">
-                <p>\(\operatorname{GMAC}(h\in \mathbb{K}, s\in \mathbb{K}, aad\in \operatorname{Byte}^{y}, c\in \operatorname{Byte}^{z})\)</p>
-				<ol class="algorithm-code">
-					<li>\( len = \operatorname{encode_{big}}(8y, 8) \mathbin\Vert \operatorname{encode_{big}}(8z, 8) \)</li>
-					<li>\( blocks = \operatorname{pad}_{16}(aad, 0) \mathbin\Vert \operatorname{pad}_{16}(c, 0) \mathbin\Vert len \mathbin\Vert s \)</li>
-                    <li>\( N = \frac{\vert blocks \vert}{16} \)</li>
-                    <li>\( \operatorname{return} \sum\limits_{i=1}^{N} blocks_{N-i} h^{i-1}\)</li>
-				</ol>
-			</div>
-			<br>
-			<br>
-			<div class="algorithm">
-                <p>\(\operatorname{AES-GCM}(k\in \operatorname{Byte}^{16}, n\in \operatorname{Byte}^{12}, aad\in \operatorname{Byte}^{y}, m\in \operatorname{Byte}^{z})\)</p>
-				<ol class="algorithm-code">
-					<li> \( r = \mathop{\Vert}\limits_{n'=2^{32}n+2}^{2^{32}n+2^{32}-1} \operatorname{AES}(k, n') \)</li>
-					<li> \( c = r \oplus m \) </li>
-					<li> \( h = \operatorname{AES}(k, 0) \) </li>
-					<li> \( s = \operatorname{AES}(k, 2^{32}n + 1) \) </li>
-					<li> \( \operatorname{return} c, \operatorname{GMAC}(h, s, aad, c) \)</li>
-				</ol>
-			</div>
-		</details>
-    <!-- <script id="MathJax-script" async src="/forbidden-salamanders/static/mathjax.js"></script> -->
-	<!-- <script type="text/x-mathjax-config"> -->
-	  <!-- MathJax.Hub.Config({ TeX: { extensions: ["AMSmath.js", "AMSsymbols.js"] }}); -->
-	<!-- </script> -->
-<script>
-MathJax = {
-  tex: {
-		extensions: ["AMSmath.js", "AMSsymbols.js"]
-  }
-};
-</script>
-<script id="MathJax-script" async
-  src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-chtml.js">
-</script>
-  </body>
-</html>