S03 · The Black Hat · L-11

AEAD Timing-Leak Debug

Difficulty
hard
Type
debugging
Session
Standard
Stack
Rust rust1.75
Domain
Cryptography
Est. solve
~30 min

01 · The task

A secure-envelope library sometimes accepts messages it must reject: its tag verification mishandles certain attacker-shaped inputs and leaks information through timing. Locate the offending compare among the crate's crypto plumbing and make verification strict and constant-time. The cipher, MAC derivation, and framing are provided.

02 · Constraints

  • Constant-time

    Execution time must not depend on secret data.

  • Primitives provided

    Crypto primitives are supplied; the defect is in how they're used.

03 · Skills exercised

constant-timeCode whose timing does not depend on secret data, to avoid leaking it.side-channelsInformation leaked through timing, size, or behavior rather than output.aeadAuthenticated encryption: ciphertext plus an integrity tag that must verify before decryption is trusted.

How to playDaemon

The whole level runs through the local promptly daemon — it pulls the workspace, captures your token usage, tests locally, and submits the ranked run.

  1. Pair this machine

    One-time — approve the code under your devices.

    promptly pair
  2. Pull the workspace

    Downloads the starter kit into the current folder and starts the solve clock.

    promptly init stage-3-11-aead-timing-leak-debug
  3. Start the captured session

    Then drive your AI tool — the daemon meters every prompt and token live.

    promptly start stage-3-11-aead-timing-leak-debug
  4. Submit for ranked grading

    Runs the full hidden suite and ends the attempt.

    promptly submit

Or combine steps 02–03 into one commandShortcut

promptly play pulls the workspace, launches the daemon, and starts the captured session in a single step — the same as running init then start.

promptly play stage-3-11-aead-timing-leak-debug