Latest Crypto related questions

Score: 1
akaoru avatar
How does Syndrome-Trellis Code (STC) work?
mx flag

Syndrome-trellis code was introduced to minimize embedding distortion in steganography. See this paper: Minimizing Embedding Impact in Steganography using Trellis-Coded Quantization.

Background information

The following paragraph can be found on this website:

Syndrome-trellis codes are essentially binary linear convolutional codes represented by parity-check matrix. This representation allows to us ...

Score: 3
user2357 avatar
What does it mean: Hardware vs software implementation of a cryptosystem
us flag

While reading some cryptography papers, I passed by some new terms like the hardware and software implementation of encryption systems.

The question: what are the hardware and the software implementations of encryption systems? And what is the difference between them?

Score: 3
thzoid avatar
Proof that a message is signed by a member of a group
ng flag

I'm a newbie at cryptography. Here is my question:

  1. Alice makes a list of people: Bob, Carol and Dan;
  2. Alice gives a unique secret key to every member on the list, so they can uniquely sign messages;
  3. Each member has no right to sign more than 1 message;
  4. Grace, an observer, needs to be able to check whether a certain message was signed by a member of Alice's list, but she must not know who signed it.
  5.  ...
Score: 0
Gregory Magarshak avatar
Generating public/private key pair without a trusted dealer
in flag

I want to make an Ethereum wallet where I can prove no one has the private keys in one place.

Basically, I was wondering whether the ECDSA signatures could be generated by multiparty computation like BLS signatures would be.

Failing that, at least can I use Shamir Secret Sharing and use M of N to do some kind of multisig shnorr signature? It needs to be something that Ethereum’s solidity will acce ...

Score: 0
Donald C. Spencer avatar
Which is best: RC5, RC6, CAST-128, LOKI97, or MARS?
cn flag

Considering speed and security, which is best: RC5, RC6, CAST-128, LOKI97, or MARS?

What does the scoreboard look like?

(I'm asking about the abstract math concept, not related to any code implementation. However, hearing about code implementations would be interesting.)

Score: 0
IrAM avatar
Checking Signature File is a Valid one
in flag

We are using a signature file which is in .pkcs7 format and has certificates encoded in it in DER format. In the process of verification of the signature we extract certificates and do final verify.

Is there anyway before we go for extraction of certificates and other crls, to check the signature file is valid(In case a .txt or other is renamed as .pkcs7 etc). Of course the extraction or verific ...

Score: 2
Zoey avatar
q-ary lattices - proof of dual upto scale
cn flag

Two lattices are defined as following: \begin{align} \Lambda_q^{\bot}{(A)} & = \{\mathbf{x} \in \mathbb{Z}^m: A\mathbf{x} = \mathbf{0}\text{ mod }q\} \\ \Lambda_q{(A)} & = \{\mathbf{x} \in \mathbb{Z}^m: \mathbf{x} = A^T\mathbf{s} \text{ mod }q \text{ for some } \mathbf{s} \in \mathbb{Z}^n_q\}. \end{align} T.S.T.

  1. $\Lambda_q{(A)} = q \cdot \Lambda_q^{\bot}{(A)}^*$, where $\Lambda_q^{\bot}{(A ...
Score: 0
AES and the Feistel Structure Used Together?
bq flag

In Dual Watermarking in Tele-radiology using DWT for Data Authentication and Security, the authors wrote:

The encryption process uses the Feistel structure consisting multiple rounds for processing the plaintext to obtain the cipher text and each round consisting of a “substitution” followed by a permutation step. In this paper dual watermarking algorithm for patient detail encryption is use ...

Score: 0
js wang avatar
Why is a fixed permutation not oneway?
cn flag

This may not be a good question, but I am just start to learn cryptography. I would like to ask why a fix permutation is not one way.

An adversary is given y=f(x) and try to invert y, x and y are n bits

In my opinion, an efficient adversary could only make polynomials query to the permutation. And it could only succeed if it made a query of x to f().

So the probability of the adversary to success is on ...

Score: 1
J.Doe avatar
A SHA verifier in the CNF format
br flag

Can someone help tell how to generate a 3-CNF verifier for SHA-256 that:

  1. outputs 1 if message/input's calculated SHA-256 value matches the pre-provided hash
  2. Otherwise outputs 0.

Given that the message can be arbitrarily long we can assume it to have a finite length (say 2 MB) to make our task simpler.

Score: 0
Titanlord avatar
Linking attacks on anonymized data
tl flag

I'm working on a anonymization project and I got interested in linking attacks. For simplicity I only look at data in table format, such as xlxx or csv data. To anonymise such data the most common technique is generalization. There are others like synthetic data, changing data, deleting data, etc.. To evaluate the results one can use definitions like k-anonymity, l-diversity or t-closeness.

So fa ...

Score: 1
JamDiveBuddy avatar
How to determine whether a point is greater than n/2?
cn flag

How can we determine if a private key associated with a point, on an EC, is less than or greater than 1/2 $n$, where $n$ is the order?

Score: 6
JamDiveBuddy avatar
How to determine if a point is just a point or a valid public key?
cn flag

In ECC, specifically over finite fields, in my mind there must be other points that exist that still yield $y^2 \bmod p=x^3 + ax + b \bmod p$ to be true but are never used because the Generator Point (or base point) never "lands" on that point before reaching the order and effectively starting over. How can we calculate if a point is actually part of the order (not sure if thats the correct term)  ...

Score: 1
Can I store a public key used to verify a Schnorr signature in PEM format?
ke flag

I want to ask if there is any way to store a Schnorr signature key in PEM format, or any other standardized format.

And, if possible, I would like to know if that's possible to be done in C language; here's my code so far:

EC_KEY *key = EC_KEY_new();
EC_KEY_set_group(*key, group);
EC_KEY_set_private_key(*key, *a);
EC_KEY_set_public_key(*key, *Q);
FILE* fout2 = fopen("pub.key", "wb");
PEM_write_EC_ ...
Score: 6
PixelPower avatar
Difficulty of computing RSA keypair with given bits preset
us flag

Given a 2048-bit RSA public key physically burned into hardware, is it feasible to find a keypair where the public key could be "overlaid"? To detail, each bit in the hardware key is write-once; zeroes can be set to ones, but the write is permanent. The existing RSA public key is 2048-bit and its corresponding private key is unknown; my hunch is that this would take around 21024 guesses since on averag ...

Score: 1
user2357 avatar
How can I do cryptanalysis on a chaos-based cipher?
us flag

I have been reading about chaos-based cryptosystems. Every designer claims that his design is a secure system without much cryptographic analysis; however, it turns out that this is a false claim in many cases. I do not know if all these systems are weak or inefficient. I do not have the time to perform cryptanalysis on them all.

For the examples of the chaos-based cipher, almost every designer h ...

Score: 3
Script Kitty avatar
What properties do elliptic curves possess that make them useful?
cn flag

I tried to learn the algorithmic process behind ECDSA and it's pretty challenging. I'm wondering what motivation or thought process might have led to the discovery in the first place. What properties do elliptic curves possess that make them resilient to attack?

Predecessor RSA seems somewhat more intuitive and reasonable to discover.

Score: 0
Curious avatar
Does SHA384 make sense with HMAC-SHA256?
cn flag

In the sense of security level (as defined, for example, by Ferguson and Schneier in the book Practical Cryptography), does it make sense to use SHA384 with HMAC-SHA256 in the general settings. By birthday paradox, HMAC-SHA256 will give a security level of 128 bits, and SHA384 will give 192 bits. To my understanding, the overall security level will be limited to 128 bits and SHA384 is just faking around ...

Score: 1
user2357 avatar
Is chaos-based encryption legitimate?
us flag

Is chaos-based encryption a rigorous discipline? And why there are objections to it within the cryptography community? And why are many of its cryptosystems weak? And does it has a promising future? And is there any example of secure cryptographic systems based on chaos?

Also, some people differentiate between the legitimacy of analog vs digital chaos-based cryptography, is this right?

The most impo ...

Score: 2
Maarten Bodewes avatar
What's the use of storing R^2 with a public key?
in flag

I think I have successfully reverse engineered a Samsung RSA public key here. However, the public key mainly seems to consist of the modulus, but it also contains a 32 bit integer -1 / n[0] mod 2^32, i.e. the inverse of the first 32-bit word of the modulus as well as R^2 (possibly mod n?).

Can anybody explain why these values are included with the RSA public key? What could these values do? I first thoug ...

Score: 0
xxxqqq avatar
Equivalence between "Discrete Log Relation" and Discrete Log
in flag

I am trying to understand Bulletproofs and it uses the following assumption (Section 2.1): Discrete Log Relation Assumption Note: $\mathbb{G}$ is of prime order $p$.

My question is about the last sentence in the image -- I cannot prove it. Specifically, I want to prove that $(*)$ if Discrete Log Relation is "broken", then the "plain" Discrete Log is also broken. Intuitively this makes sense, but I must be careful since I am just beg ...

Score: 1
Security proof for TLS 1.x
eg flag

In JKSS12, a proof for the handshake in TLS-DHE 1.2 is given, assuming (among other things) the PRF-ODH hypothesis on the PRF used to derive keys.

It is also stated that, if TLS 1.2 was to be modified to follow more closely the $\Sigma_0$ protocol from Canetti-Krawczyk; this protocol could be provably secure under a (weaker) DDH assumption instead of the PRF-ODH assumption (as it is the case for I ...

Score: 0
RobotVerter avatar
Finding initial key of Fibonacci LFSR knowing only polynomial and output stream-cipher
rs flag

I need to know whether it is possible to find the initial key of a Fibonacci LFSR knowing only length and taps and output stream-cipher bit sequence?

Plaintext is not ASCII, nor some other sort of printable characters. It's also a bit sequence.

LFSR: 15bit $X^{15}+X^{14}+1$

Score: 1
fWd82 avatar
Samsung .Cert File - Digging deeper
cn flag

I don't know if I should ask this question in Android Stackexchange or here, but I am sure I am in a right place to ask.

My question is about following Samsung Certificate file:

File name: I9301I-357537065876500.cert

ImeiSign=75779BA6B9FF5269A6828F2EAB02049B874169ACE705F5B6187EFE5F91B619E4D23EC50D7AED63D3F570766B6E03C9A416FC4B760329F43F3C06 ...
Score: 1
Mittal G avatar
When not to reject a random number generator?
co flag

I have constructed a true random number generator, and I applied the NIST randomness Test Suite to its results. I have generated around 200 files with my TRNG, each being $10^6$ bits in length.

The test reports are as follows: The TRNG failed some of the tests (e.g., Binary Matrix Rank Test) less than $5$ times, i.e., only 5 files out of $200$ failed some of the tests. However, $20$ files failed the Ra ...

Score: 4
Vladimir Gamalyan avatar
Weakness of XORing random bytes with secret key
de flag

Side A generates 16 (high quality) random bytes and performs XOR with a 16-byte secret key, then data transfers to side B, where the same secret key is used to recover the original 16 random bytes.

Is there, by chance, a way to guess the secret key by intercepting the XORed data between sides?

Score: 0
RSA DECRYPTION when N gives only one prime number
nf flag

I am getting only 1 prime factor to some power if i factorize N for RSA decryption. So, in this case what will be the value of P and Q. P will be that one Prime Factor and then there is nothing left for Q.

Kindly help me out

Score: 0
How to generate large integer private key for creating CTF challenges?
ch flag

I am trying to create a RSA CTF challenge, exposing $n$, $e$, $c$, and $d$.

I have set $e=65537$ and $n = p * q$ where $p$ and $q$ are large primes each with 300 digits.

I have determined $c=m^e \mod n$

But I have yet to determine a good way to produce $d=e^{(-1)} \mod [(p-1)*(q-1)]$. I tried computing the right as is via code, but

from decimal import Decimal

print(Decimal(e**(-1)) % phi)

returns so ...

Score: 1
Decryption of an unknown cipher
nf flag

How can I identify the cipher that encrypted the data shown below?

I'm very new to this field, so I am not sure.

For example:

How does one know which cipher is used in the following line? How can one decrypt it?


Score: 2
ytj_banana avatar
Discrepancy $δ$ in the Berlekamp-Massey Algorithm
ar flag

I have a question regarding to the Berlekamp–Massey algorithm. Can someone guide me to understand the idea/intuition of this algorithm?

According to the explanation in Wikepedia, in each iteration, the algorithm is trying to calculate the discrepancy $δ$.

If $δ≠0$, the algorithm will update the error locator polynomial using an update polynomial $B(x)$. However, at this point, I know that the r ...

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.