Aron(unintended)

*********************************************************************************
| hey! I have developed an efficient pseudorandom function, PRF, but it needs   |
| deep tests for security points!! Try hard to break this PRF and get the flag! |
| In each step I will compute the f_a(n), f_a(n + 1), f_a(n + 2), f_a(n+3), and |
| f_a(n + 4) for secret verctor a, and for your given positive number 0 < n < p |
*********************************************************************************
| for n = 28263878878495216476934212429573877467, and with these PRF parameters:
| (p, g) = (0xc2ee925bebe76d157e982b61d4de1fcb, 0x4801a1c59d396321ed359e9773f33faa)
| the five consecutive random numbers generated by our secure PRF are:
| f_a(n + 0) = 171299656158256438070356161225092239773
| f_a(n + 1) = 151540109405892052005223571068469542509
| f_a(n + 2) = 142426843534236061578507279799807510323
| f_a(n + 3) = 105102553997975750166225720659782451264
| f_a(n + 4) = 97247915425750207624219823209998753612
| Options:
|    [G]uess next number!
|    [P]RF function
|    [N]ew numbers
|    [Q]uit

f_a is basically some deterministic function, and we need to predict the next output, so we simply input n - 1 as the new n and submit f_a(n + 4)

$ N
Do you want to provide desired integer as `n'? [Y]es [N]o
$ y
enter your integer n:
$ 28263878878495216476934212429573877466
| the five consecutive random numbers generated by our secure PRF are:
| f_a(n + 0) = 97247915425750207624219823209998753612
| f_a(n + 1) = 171299656158256438070356161225092239773
| f_a(n + 2) = 151540109405892052005223571068469542509
| f_a(n + 3) = 142426843534236061578507279799807510323
| f_a(n + 4) = 105102553997975750166225720659782451264
| Options:
|    [G]uess next number!
|    [P]RF function
|    [N]ew numbers
|    [Q]uit
$ G
please guess and enter the next number:
$ 97247915425750207624219823209998753612
Congratz! :) You got the flag: CCTF{___Naor-Reingold___p5euD0r4ndOM_fuNc710N__PRF__}

Aron (unintended)

Interface