Altcha Proof-of-Work Obfuscation Mode Cryptanalytic Break Vulnerability

A cryptanalytic vulnerability has been identified in Altcha's Proof-of-Work obfuscation mode, affecting version 0.8.0 and later. This vulnerability allows remote users to recover the Proof-of-Work nonce in constant time through mathematical deduction. The issue arises from the improper use of symmetric encryption, which exposes secret information in a non-confidential manner, creating a total break in the obfuscation scheme.

Impact

Exploitation of this vulnerability allows for the constant-time decryption of obfuscated data, including the recovery of the nonce and the original plaintext, such as email addresses or other personal information.

Reproduction

The vulnerability can be reproduced by using the official Altcha obfuscation script to encrypt data, such as an email address. The encrypted data can then be decrypted using a custom script that exploits the cryptographic flaw, recovering the original information in constant time.