QLotto (Quantum Lottery) - HackTheBox

Description

A quantum lottery system called QLotto where players need to predict lottery numbers generated by quantum measurements. The goal is to "rig the jackpot" by exploiting the quantum circuit.

Server Details:

• 2-qubit quantum circuit using Qiskit
• Qubit 0 starts with H gate (superposition)
• Qubit 1 starts in |0>
• Available gates: H, S, T, Z (single qubit), RXX, RYY, RZZ (two-qubit)
• Parameters cannot be 0 (restriction on qubit indices)
• Entropy check: qubit 0 must be ~50/50 (binomial test with p-value >= 0.01)
• 36 measurements taken, grouped into 6 numbers (6 bits each)
• Testing numbers come from qubit 1, lotto numbers from qubit 0
• Condition: testing != lotto (exact equality rejected)
• Win condition: guess lotto numbers exactly

Analysis

Vulnerability 1: Negative Index Bypass

The server validates that qubit indices cannot be 0, but Python's negative indexing allows -2 to map to qubit 0 in a 2-element array:

qubits = [qubit_0, qubit_1]
qubits[-2]  # Returns qubit_0, bypassing the "no 0" check

Vulnerability 2: Bell State Exploitation

The challenge requires:

1. Qubit 0 maintains ~50/50 entropy (passes binomial test)
2. Testing numbers (qubit 1) != Lotto numbers (qubit 0)
3. But we need to predict lotto from testing

Solution: Create an anti-correlated Bell state |Psi+> = (|01> + |10>)/sqrt(2)

In this state:

• When qubit 0 measures |0>, qubit 1 measures |1>
• When qubit 0 measures |1>, qubit 1 measures |0>
• Both qubits maintain 50/50 probability individually
• But they are perfectly anti-correlated!

Quantum Circuit Analysis

Initial state after H on qubit 0:

|psi> = (|00> + |10>)/sqrt(2)

Target state (anti-correlated Bell state):

|Psi+> = (|01> + |10>)/sqrt(2)

...