# Diffie-Hellman

NSA Backdoor - picoCTF 2022

**vulnerability: non-prime field with m<p**

Rookie Mistake - HTB

**vulnerability: non-prime field with m>p and factorisation of N**

log log log - Angstrom CTF 2022

**vulnerability: smooth field order (allowing Pohligâ€“Hellman algorithm)**

Break the Log - EmbeddedSecurityCTF 2022

**vulnerability: m < p (mod p^2)**

MEWTWO - squeamishossifrage

**vulnerability: isomorphism (mod p^2)**

janken-vs-yoshiking-2 - Cake CTF 2023

**vulnerability: discrete log of two matrices with smooth field order**

Too Many Leaks - GCC CTF 2024

**vulnerability: partial secrets given**

Strong Primes - DDC 2024

**vulnerability: oracle encrypting same message multiple times**