At 38C3, a few of us played together with the FluxFingers team. This write-up is about spiky_elf, a crypto challenge:

So I recently¹ did some power analysis stuff² and found this RSA private key, except I think I got a few bits wrong?

¹not actually recent
²not actually power analysis

For this challenge, we are given an RSA public key, the flag encrypted with the RSA key, and the RSA private key – however, the private key contains 16 bit flips.

The challenge was as follows:

Robert McEliece, our lord and savior of the gym, reveals his flag only after you lift some weights. Given the public-key and ciphertext, can you find a correct error vector?

nc mceliece.flu.xxx 5555

Now, while we know efficient such codes, decoding for a random G is NP-hard. McEliece uses this to produce a public-key encryption scheme: For the private key, we generate an efficient generator and code pair (G,C). For the public key, we however transform the generator G to a random looking generator G'.