*Disclaimer: This page has the original puzzles, and additionally the full solution including the reasoning behind the puzzles for Crypto & Privacy Village at BSidesSF 2020. If you would like to work on this, please close this page after copying down the puzzles!*

## Puzzles

You can either look at the puzzles here or the original PDF.

**Message 0:**

GOVMYWO DY MBIZDY KXN ZBSFKMI FSVVKQO KD DRO DOXDR LCSNOC SX CKX PBKXMSCMY

**Message 1:**

YCEMXIEMY XJIDKY UCZGXJMEYMFVMY CWX LZCE BMZBFMTIDK CWZYMFVMY XJMD MVMZSJIDK PMOCEMY VIVINFS OFMQZ LZCE PQYIOY

**Z:**

IOERTNTHGWERTGTEAHSUIOIASISRSNARSLEEFWTEELSEAHMPGNIETINCSNXCIEEK

**LA TABLE:**

QNDPNNLSMAANIJRPASNDPKQWDKSSJNMQSRQNCDTXOBVJBKQFOMDVHHAU

**ENCORE:**

CBACRQRTMXHVGXTNLLYXDSKHIACFRN

*Friendly reminder that if you would like to work on these puzzles without any hints or the solutions, please avoid scrolling past this. Message 0, Message 1, Z, La Table, and Encore are the five puzzles.*

## Puzzle Overview

For a smaller two day conference I wanted to make puzzles that were approachable and with each puzzle teach folks, whether entirely new to classical ciphers or have solved plenty before, something new. The intent of the puzzles was to teach folks to do things in a methodical way to eventually introduce then graduate them to modern day cryptographic concepts.

Consequently, this revealed some very convenient tools many of us challenge makers have and use in our challenges to buy time (or just use to spin up challenges quickly). This was intentional as I’d personally like to see new challenges where challenge makers push themselves outside of their comfort zones, myself included!

The first two puzzles, *Message 0* and *Message 1*, both use the same classical cipher with *Message 1* being a variant of the one initially in *Message 0*. The puzzle *Z* was a standalone classical cipher wise to break things up. The final two, *La Table* and *Encore*, both shared the same classical cipher with *Encore* additionally being a different classical cipher. All of the puzzles, outside of *La Table*, shared an Easter egg relating to it being the 10 year anniversary of BSidesSF.

### Message 0: Caesar Cipher

GOVMYWO DY MBIZDY KXN ZBSFKMI FSVVKQO KD DRO DOXDR LCSNOC SX CKX PBKXMSCMY

A classical cipher challenge that begins with the beloved **Caesar cipher**. It’s a fun introductory cipher that lends itself nicely in teaching other ciphers. What mattered here then was incorporating the number 10 in for the BSidesSF 10 year anniversary, alongside having participants learn how to crack classical ciphers by hand (or learn it conceptually then program it) by solving it methodically. To initially help start folks off at the tables that were new to the **Caesar cipher**, as an example I first wrote down the plaintext alphabet (aka what we’re reading now!):

```
ABCDEFGHIJKLMNOPQRSTUVWXYZ | "HI" | Plaintext
```

And to consider the word “hi” there (conveniently in the English alphabet “h” and “i” are right next to each other). How could we say “hi” in another way, but, differently? We could do the following:

```
ABCDEFG HI JKLMNOPQRSTUVWXYZ | "HI" | Plaintext
BCDEFGH IJ KLMNOPQRSTUVWXYZA | "IJ" | Ciphertext (1 shift)
```

“IJ” is another way of saying “HI” by writing the alphabet starting with “B” to “Z”, then adding the “A” back at the end. In other words, “HI” is “IJ” in the alphabet of “B” to “A”. We can repeat this for the entirety of the alphabet from A to Z!

```
ABCDEFGHIJKLMNOPQRSTUVWXYZ | "HI" | Plaintext
BCDEFGHIJKLMNOPQRSTUVWXYZA | "IJ" | Ciphertext (1 shift)
CDEFGHIJKLMNOPQRSTUVWXYZAB | "JK" | Ciphertext (2 shifts)
DEFGHIJKLMNOPQRSTUVWXYZABC | "KL" | Ciphertext (3 shifts)
EFGHIJKLMNOPQRSTUVWXYZABCD | "LM" | Ciphertext (4 shifts)
...
XYZABCDEFGHIJKLMNOPQRSTUVW | "EF" | Ciphertext (23 shifts)
YZABCDEFGHIJKLMNOPQRSTUVWX | "FG" | Ciphertext (24 shifts)
ZABCDEFGHIJKLMNOPQRSTUVWXY | "GH" | Ciphertext (25 shifts)
```

With the full table (which is conveniently the **Vigenère** table/square) in hand and switching back to the puzzle I encouraged folks to write down the first word:

```
GOVMYWO
```

Then try some shifts!

…aka all of them to get in some practice in doing this methodically (and also more accurately because I adore doing it this way) alongside some good habits such as methodically keeping track of shifts by numbering them:

```
0 | GOVMYWO | The puzzle itself
1 | HPWNZXP
2 | IQXOAYQ
3 | JRYPBZR
4 | KSZQCAS
5 | LTARDBT
6 | MUBSECU
7 | NVCTFDV
8 | OWDUGEW
9 | PXEVHFX
10 | QYFWIGY
11 | RZGXJHZ
12 | SAHYKIA
13 | TBIZLJB
14 | UCJAMKC
15 | VDKBNLD
16 | WELCOME | and (hopefully) the plaintext!
17 | XFMDPNF
18 | YGNEQOG
19 | ZHOFRPH
20 | AIPGSQI
21 | BJQHTRJ
22 | CKRIUSK
23 | DLSJVTL
24 | EMTKWUM
25 | FNULXVN
```

Eventually a word appears! I encouraged folks to finish the rest however they desired to, whether using the **Vigenère** table/square they wrote earlier or via coding.

##### Note

I wrote [all] the challenges in reverse (by hand in my graph paper journal with pen) from the original plaintext messages to the ciphertexts. If one moves forward in the alphabet (i.e. A -> B, B -> C, C -> D, ...) the shift from "GOVMYWO" to "WELCOME" is +16. However, if we move backwards (i.e. A -> Z, Z -> Y, Y -> X, ... ) the shift is -10. When I wrote them, I did this thinking a shift of +10 (or -16) in my mind.

### Message 1: Atbash

YCEMXIEMY XJIDKY UCZGXJMEYMFVMY CWX LZCE BMZBFMTIDK CWZYMFVMY XJMD MVMZSJIDK PMOCEMY VIVINFS OFMQZ LZCE PQYIOY

As noted in the overview, *Message 0* and *Message 1* use the same classical cipher with *Message 1* using a variantion of the cipher in *Message 0*, i.e. the **Caesar cipher**. The naming scheme of *Message 0* and *Message 1* was intended to convey they’re related; I helpfully encouraged new folks in particular to additionally look at the visual similarities in the formatting of the puzzles for future challenges they may encounter, thus learning how to potentially identify ciphers visually.

As I encouraged participants to solve the challenges methodically, many participants tried the same methodology as above with the first word. This puzzle was intended to show participants: puzzle solving isn’t about guessing the correct cipher so much as it’s about narrowing down what methods don’t work, thus don’t rule out [ciphers] until after fully proving that specific [ciphers] reproducible methods don’t work and move on; there’s always more than one way of solving, looking at, or doing something; to try and look at problems in another way! The hint I gave out for this puzzle was: “This is the same thing [as _Message 0], exact same methodology, just different.”

With solving the first puzzle, folks walked away from it with a **Vigenère** table/square in the alphabet of A-to-Z for the ciphertext, with the plaintext found in the same column in the same table. In *Message 1*, a **Vigenère** table/square was used but from Z-to-A for the ciphertext, with the row for the plaintext this time not in the table. As an example:

```
ABCDEFGHIJKLMNOPQRSTUVWXYZ | "HI" | Plaintext
ZYXWVUTSRQPONMLKJIHGFEDCBA | "SR" | Ciphertext
```

This is otherwise known as the **Atbash cipher**, where the alphabet is flipped around (Z-to-A) and matched to the original alphabet (A-to-Z). Hopefully this sounds familiar, but lets repeat this pattern a few more times for the full **Atbash** table, aka the **Vigenère** table/square reversed horizontally, to finish out the previous example:

```
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z | "HI" | Plaintext
Z Y X W V U T S R Q P O N M L K J I H G F E D C B A | "SR" | Ciphertext/Atbash
Y X W V U T S R Q P O N M L K J I H G F E D C B A Z | "RQ" | 1 shift
X W V U T S R Q P O N M L K J I H G F E D C B A Z Y | "QP" | 2 shifts
W V U T S R Q P O N M L K J I H G F E D C B A Z Y X | "PO" | 3 shifts
V U T S R Q P O N M L K J I H G F E D C B A Z Y X W | "ON" | 4 shifts
U T S R Q P O N M L K J I H G F E D C B A Z Y X W V | "NM" | 5 shifts
T S R Q P O N M L K J I H G F E D C B A Z Y X W V U | "ML" | 6 shifts
S R Q P O N M L K J I H G F E D C B A Z Y X W V U T | "LK" | 7 shifts
R Q P O N M L K J I H G F E D C B A Z Y X W V U T S | "KJ" | 8 shifts
Q P O N M L K J I H G F E D C B A Z Y X W V U T S R | "JI" | 9 shifts
P O N M L K J I H G F E D C B A Z Y X W V U T S R Q | "IH" | 10 shifts
O N M L K J I H G F E D C B A Z Y X W V U T S R Q P | "HG" | 11 shifts
N M L K J I H G F E D C B A Z Y X W V U T S R Q P O | "GF" | 12 shifts
M L K J I H G F E D C B A Z Y X W V U T S R Q P O N | "FE" | 13 shifts
L K J I H G F E D C B A Z Y X W V U T S R Q P O N M | "ED" | 14 shifts
K J I H G F E D C B A Z Y X W V U T S R Q P O N M L | "DC" | 15 shifts
J I H G F E D C B A Z Y X W V U T S R Q P O N M L K | "CB" | 16 shifts
I H G F E D C B A Z Y X W V U T S R Q P O N M L K J | "BA" | 17 shifts
H G F E D C B A Z Y X W V U T S R Q P O N M L K J I | "AZ" | 18 shifts
G F E D C B A Z Y X W V U T S R Q P O N M L K J I H | "ZY" | 19 shifts
F E D C B A Z Y X W V U T S R Q P O N M L K J I H G | "YX" | 20 shifts
E D C B A Z Y X W V U T S R Q P O N M L K J I H G F | "XW" | 21 shifts
D C B A Z Y X W V U T S R Q P O N M L K J I H G F E | "WV" | 22 shifts
C B A Z Y X W V U T S R Q P O N M L K J I H G F E D | "VU" | 23 shifts
B A Z Y X W V U T S R Q P O N M L K J I H G F E D C | "UT" | 24 shifts
A Z Y X W V U T S R Q P O N M L K J I H G F E D C B | "TS" | 25 shifts
```

To demonstrate how this was used in *Message 1* we’ll use the following [shortest] word from *Message 1*:

```
CWX
```

And accordingly shift it using the above table:

```
| CWX | The puzzle itself
0 | XDC
1 | WCB
2 | VBA
3 | UAZ
4 | TZY
5 | SYX
6 | RXW
7 | QWV
8 | PVU
9 | OUT | and (hopefully) the plaintext!
10 | NTS
11 | MSR
12 | LRQ
13 | KQP
14 | JPO
15 | ION
16 | HNM
17 | GML
18 | FLK
19 | EKJ
20 | DJI
21 | CIH
22 | BHG
23 | AGF
24 | ZFE
25 | YED
```

This did rotate around the traditional plaintext and ciphertext setup of Atbash. That was intentional in showing even with the same cipher you can get different results on the order of operations such as flipping around the plaintext and ciphertext. Hopefully foreshadowing!

### Z: Rail Fence

IOERTNTHGWERTGTEAHSUIOIASISRSNARSLEEFWTEELSEAHMPGNIETINCSNXCIEEK

As hinted by the title, *Z* is a **rail fence cipher**. While I set it to 10 rails (for the BSidesSF 10 year anniversary Easter egg), this was not a standard **rail fence** as I started the positioning elsewhere. This is a puzzle that, once folks demonstrated and clearly understood they knew how the cipher worked and variations (e.g. different starting positions), I encouraged them to write a tool to complete (or find an existing one) simply because of time. I did secretly hope, and some folks did pick up on this and did solve *Z* quickly this way, that people would also think how nicely 10 divides into 2, how awfully nicely pretty it looked to be near symmetrical, and maybe think about the puzzle like this:

```
0 | (TRADITIONAL START LOCATION)
1 |
2 |
3 |
4 | START OR END
5 | START OR END
6 |
7 |
8 |
9 | (TRADITIONAL START LOCATION)
```

While not technically necessary, the key for *La Table* was in this puzzle’s deciphered message.

### La Table: Vigenère variant (Beaufort)

QNDPNNLSMAANIJRPASNDPKQWDKSSJNMQSRQNCDTXOBVJBKQFOMDVHHAU

While explaining the puzzle sheet to folks, I informed participants that this was the only puzzle that did not use the Easter egg hint (10) in the other puzzles. The key for this puzzle was in *Z* but not immediately clear to folks who did solve *Z*, outside of a vague hint that everything they needed for this puzzle was already on their sheets (if they had solved *Z* and wrote down their **Vigenère** tables/square) but not technically necessary to solve *La Table*. The title *La Table*, or “the table” in French, was also chosen to serve as a hint to the puzzle being **Vigenère**, especially for participants who heard me lovingly keep referring to their tables they wrote down in *Message 0* and *Message 1* as a **Vigenère** table and *just coincidentally how useful they are for other puzzles and ciphers that build up on basics like this*.

I intentionally wrote a message that did not require filler characters and broke down evenly with the intended block to be 8x6 characters:

```
0 | QNDPNNLS
1 | MAANIJRP
2 | ASNDPKQW
3 | DKSSJNMQ
4 | SRQNCDTX
5 | OBVJBKQF
6 | OMDVHHAU
```

Some folks tried out the key from *Z* but moved on when it didn’t work. When I broke down the **Vigenère** cipher to folks, I let folks know that there were three distinct outcomes depending on the order of operations:

```
TOP | MID | LEFT
----------------------
1: Plain -> Cipher -> Key
2: Plain -> Key <- Cipher
3: Cipher -> Plain -> Key
```

Or in a more visual form:

### Encore: Autokey with Vigenère variant (Beaufort)

CBACRQRTMXHVGXTNLLYXDSKHIACFRN

## Puzzle Answers

**Message 0:**

WELCOME TO CRYPTO AND PRIVACY VILLAGE AT THE TENTH BSIDES IN SAN FRANCISCO

**Message 1:**

SOMETIMES THINGS WORK THEMSELVES OUT FROM PERPLEXING OURSELVES THEN EVERYTHING BECOMES VIVIDLY CLEAR FROM BASICS

**Z:**

SITTING ON FENCES I AWAIT TO HEAR THE NEXT MESSAGE WHILE PICKING LES SERRURES

**LA TABLE:**

CROCHETAGE REMINDS ME OF HOW PUZZLES CAN BE SOLVED WITH ONES OWN KEY

**ENCORE:**

A KEY TO HACK THE WORLD TO A BETTER ONE