This solution is possibly unintended and based on logic vuln (i saw just pohlig-hellman attack in the author's writeup - https://github.com/maple3142/My-CTF-Challenges/blob/master/AIS3%20Pre-exam%202022/pekobot/solve.sage )
def encrypt(P, m):
key = point_to_bytes(P)
return bytes([x ^ y for x, y in zip(m.ljust(64, b"\0"), key)])
encrypt - just xor point x,y with plaintext And we see two options: