This repository contains tools and analysis for the Bounty3 Cryptographic Challenge from the PVAC HFHE C++ library.
The bounty3 challenge is a cryptographic puzzle that involves decrypting a ciphertext file (seed.ct) encrypted using LPN-based homomorphic encryption (HFHE). The encrypted data contains:
- A 12-word mnemonic phrase for an OCTRA wallet holding 30,000 OCT tokens
- A numeric value to be sent in the "message" field of a transaction on the OCTRA network
- Primary Wallet: oct7rAAiRhdRvKChDQrTJEAUqM9M9sfTBGQsacqME18xe1V (30,000 OCT)
- Final Reward: 0xa0b038b20b4633ffF5cDE2bDEfB63d6E1FD8C2e2 (4,444.4444 USDT on Ethereum)
To claim the final reward, you must send a transaction with the recovered secret number to octHLvpfkP3NKSZ3tfAMYV1jzbGR7KtnVReish6sSXdGfst.
.
βββ bounty3_data/ # Challenge data files
β βββ README.md # Original challenge description
β βββ params.json # Cryptographic parameters
β βββ pk.bin # Public key (17MB)
β βββ seed.ct # Encrypted ciphertext (285KB)
βββ tests/
β βββ bounty3_test.cpp # Original encryption test
β βββ decode_ct.cpp # Decryption tool (requires secret key)
β βββ analyze_bounty.cpp # Detailed analysis tool
βββ include/pvac/ # PVAC library headers (C++17)
βββ build/ # Compiled binaries
βββ Makefile # Build automation
βββ README.md # This file
The challenge uses a Learning Parity with Noise (LPN) based cryptographic scheme with the following parameters:
| Parameter | Value | Description |
|---|---|---|
m_bits |
8192 | Message/matrix dimension |
B |
337 | Modulus value |
lpn_t |
16384 | LPN parameter t |
lpn_n |
4096 | LPN parameter n |
lpn_tau |
1/8 (0.125) | Noise rate |
noise_entropy_bits |
120 | Entropy specification |
edge_budget |
1200000 | Computational resource limit |
- Expected noise: ~2048 bits
- LPN hardness: Based on t=16384, n=4096, tau=0.125
- Security level: Estimated at 120 bits of entropy
The encrypted data consists of 9 ciphertexts:
- CT[0]: Encodes the length of the message (2 layers, 39 edges)
- CT[1-8]: Encode ~15 bytes each of the actual message (1 layer each, 21-36 edges)
Total: 10 layers, 277 edges across all ciphertexts.
- C++17 compatible compiler (g++, clang++)
- Linux/Unix environment (tested on Linux)
# Build all tools
make all
# Or build individually
g++ -std=c++17 -O2 -march=native -I./include -o build/decode_ct tests/decode_ct.cpp
g++ -std=c++17 -O2 -march=native -I./include -o build/analyze_bounty tests/analyze_bounty.cpp./build/analyze_bounty bounty3_dataThis tool provides:
- Detailed cryptographic parameter analysis
- Public key structure and metadata
- Ciphertext composition and statistics
- Security estimation
./build/decode_ct bounty3_dataNote: This tool can only decrypt the ciphertext if you have the secret key (sk.bin), which is NOT provided as part of the challenge. The challenge is to either:
- Recover the secret key
- Break the LPN problem
- Find vulnerabilities in the implementation
All files have been verified with SHA256 checksums:
692ea043daf5d8910a216a0cff80131fa6a06fe0133ac0f0b91a0f0570378877 params.json
a3cb3b153211f1086fde20309106f979477985f679288cbfb60cf553bdc6bca0 pk.bin
304c5c9160fc374ecb42fba7641e21500cb729d031f9cbfb33c35a000229e474 seed.ct
Verify with:
cd bounty3_data
sha256sum -c <<EOF
692ea043daf5d8910a216a0cff80131fa6a06fe0133ac0f0b91a0f0570378877 params.json
a3cb3b153211f1086fde20309106f979477985f679288cbfb60cf553bdc6bca0 pk.bin
304c5c9160fc374ecb42fba7641e21500cb729d031f9cbfb33c35a000229e474 seed.ct
EOF- Canon tag:
0x43b87053cc892ec0 - H_digest:
7aeef8bbfd6cb6c8... - H matrix: 16,384 vectors Γ 8,192 bits (~16 MB)
- Permutation size: 8,192 elements
To solve this challenge, researchers might explore:
-
LPN Solving Algorithms
- BKW (Blum-Kalai-Wasserman) algorithm
- Statistical attacks on noise distribution
- Linear algebra approaches
-
Implementation Vulnerabilities
- Side-channel analysis
- Timing attacks
- Memory access patterns
-
Cryptanalysis
- Structure analysis of the cipher layers
- Edge weight patterns
- PRF key recovery
- Original repository: octra-labs/pvac_hfhe_cpp
- PVAC library documentation: See
PVAC_README.md - LPN problem: Wikipedia - Learning Parity with Noise
From bounty3_test.cpp, the encryption workflow:
- Key Generation:
keygen(prm, pk, sk)generates parameters, public key, and secret key - Text Encryption:
enc_text(pk, sk, seed)encrypts the plaintext string - Serialization: Keys and ciphertexts are saved to binary files
- Decryption:
dec_text(pk, sk, cts)recovers the plaintext
Magic Numbers:
- Ciphertext:
0x66699666 - Secret Key:
0x66666999 - Public Key:
0x06660666 - Version:
1
Binary Layout:
[Magic:4] [Version:4] [Count:8] [Data...]
Each cipher contains:
- Layers (BASE or PROD rule types)
- Edges (layer_id, index, weight, selector bits)
If you're working on solving this challenge:
- Document your approach thoroughly
- Test your methods against the provided tools
- When successful, create an issue in the original repository explaining your methodology
- Avoid "low-effort slop reports" - only submit after successfully recovering the seed phrase
This repository is for educational and research purposes only. The cryptographic challenge is designed to test cryptanalysis skills and understanding of modern encryption schemes.
Contact: For questions or technical issues, contact:
- Email: dev@octra.org
- Telegram: @lambda0xE
This analysis repository follows the GPL-3.0 license of the original PVAC library.
Status: Challenge active as of December 2025 Difficulty: Advanced cryptanalysis required Estimated time: Varies based on approach and resources
Good luck with your analysis! π²