# Latest Crypto related questions

Score: 1
Hashing function: Generate unique 3 letters Identifier

I need to create an id generation function that takes 4-digit number and returns a unique 3-letter identifier.

I already have a function that generates a 2-letter id from 3-digit number with some limitations (between 100 and 775), but I'm not sure how to change it to meet the new requirement.

if order_id < 775:
alphabet = list('ABCDEFGHIJKLMNOPQRSTUVWXYZ')
alpha_index = ''
_i_1 = 0
_i_2 = 0 ...
Score: 0
Homomorphic Encryption Library Supporting Addition, Multiplication & Logical Shift

Does anyone know of a C++ homomorphic encryption library that supports addition, multiplication and logical right shift over integers? Some set of instructions that allows the implementation of logical shifts would work as well. The range should be at least sufficient to support signed 32-bit integers and the scheme should support arbitrary depth. I tried using Palisade, but found no way of implementing ...

Score: 0
Number of Involuntory Keys in Permutation Cipher

I've came with the following problem from the Theory and Practice book by Stinson-Paterson. It states the following:

2.17

(a) Prove that a permutation $$\pi$$ in the Permutation Cipher is an involuntory kei iff (if and only if) $$\pi(i) = j$$ implies $$\pi(j) = > i$$, for all $$i,j \in \{1,...,m \}$$.

(b) Determine the number of involutory keys in the Permutation Cipher for $$m = 2,3,4,5,$$ and 6.

I've prove ...

Score: 0
Pretty much confused about pretty good privacy-:
1. Authentication-:

I understand that authentication is basically digital signature. But what I don't understand is how it has been explained here specially the RSA key part. It is leading me to huge confusions.

In RSA encrpytion, we use public key(of whose sender or receiver?) for encrpytion and private key(of whom?) for decryption.

They say hash is encrypted using RSA. But why are we using PRIVAT ...

Score: 1
computation time of pairing operations and their securities

Suppose G1 is an elliptic group and G2 be a multiplicative group and they are of same prime order p and e is a bilinear pairing, e: G1 X G1 -> G2. The operations e(p,q)r and e(pr,q) gives equal result where p, q $$\in$$ G1 and r $$\in$$ Z*p.

The computation time of different cryptographic operations are given below source:

...
Operation Computation time (in ms)
Scalar multiplication in G1 0.24
Score: 0
Reverse SHA256 Hashed Value from Multiple Instances where Part of Hashed Value is known

I apologize in advance if this question has been answered already. However, I have not been able to find an existing answer - despite the case being pretty simple and common I imagine. Perhaps there is some terminology that I do not know making me miss the obvious.

So here goes:

Assume we repeatedly SHA256-hash a "secret" value concatenated with different numbers and let an adversary know the hashed ...

Score: 1
Can attacker steal data from AES encrypted table without knowing the key?

I think of a situation that attacker can steal data from AES encrypted table without knowing the key. I tried to search on internet but found nothing about this(may be I were not using the correct keyword), really appreciate if any one can shed some light on it.

Assuming that the table is encrypted with same key but different IV:

1. Attacker signs up for a new account in an application normally.
2. Application ...
Score: 1
Examples of oblivious transfer protocols secure under stronger security assumptions than semi-honest model?

The question is basically stated on the title. I have done some introductory reading on Oblivious Transfer and most of them are secure in the semi-honest model. Are there any protocols that are secure under stronger security assumptions (e.g. malicious adversaries) ?

Score: 0
How to prove that paillier encryption is positive (zero-knowledge)?

Is it possible that the plaintext encrypted in a ciphertext using paillier encryption is positive without using a zero knowledge range proof?

Score: 0
How to securely store data with an untrustworthy party?

Alice wants to store key:value pairs with Bob. The goal of the exercise is for Alice to be able to use Bob as a reliable data storage service, even if Bob were untrustworthy. A (correctly implemented) MAC/AEAD/Signature means Bob cannot tamper with records. But basic authentication is not sufficient to ensure that Bob returns the correct record, because it does not stop Bob from replaying old records ...

Score: 2
Short Nonces in ECDSA signature generation

Recently I noticed that my device generates short-sized Nonces.

Approximately $$2 ^ {243} - 2^{244}$$.

Could it turn out that there will be a small leak of information about the first 3 bits of Nonces?

Accordingly, if Nonces is short, then it must contain null at the beginning. That is, the first 3 bits of Nonces contain null at the beginning.

Hence, for the sake of safety:

When creating an ECDSA signatur ...

Score: 2
What does counter mean in Counter (CTR) Mode? Is it the same as nonce?

As asked above, what does "counter" mean exactly? Is it the same as nonce?

Also, the book Network Security Essentials (6ed.) from William Stallings states, "Typically the counter is initialized to some value and then incremented by 1 for each subsequent block (modulo $$2^b$$, where $$b$$ is the block size)". What does this statement mean exactly?

Score: 0
Breaking vigenere cypher using the one-time pad flaw when used for a second time

I got an idea which may be wrong because I may have missed some important factor but for the moment I don't know if I really did. Let BM be the method used to break a reused one-time pad cipher (which is explained here : Taking advantage of one-time pad key reuse? ). I was wondering if we can use the same BM on a vigenere cipher text after determining the key lenght (N for example), and that would be by  ...

Score: 0
What's the best Noise Protocol authentification pattern with minimal overhead for IOT?

I want to use NoiseSocket protocol to connect embedded IoT devices to the server. On the device's side code runs on a small 32bit MCU. For cipher function and hash will use ChaChaPoly and BLAKE2s for best performance on embedded MCU. But I don't choose an authentification pattern that meets my task. The protocol should solve the following tasks:

1. Devices must authenticate the server.
2. Server check devic ...
Score: 0
Don't know how to approach this problem, or where to start. Finding an adversary to a hiding and binding game

I have this problem:

I also have the python version of this problem here:

import json
import sys, os, itertools

sys.path.append(os.path.abspath(os.path.join('..')))
from playcrypt.tools import *
from playcrypt.new_tools import *
from playcrypt.primitives import *

from playcrypt.games.game_bind import GameBIND
from playcrypt.simulator.bind_sim import BINDSim

from playcrypt.games.game_hide impor ...
Score: 5
Can a series of triangle reflections be used for cryptography?

(I guess no but why is this the case? Any way to make it possible?)

Out of a given equilateral triangle T1 (with his 3 vertices A,B,C lying in a finite Field $$\mathbb F_N^D$$) another equilateral triangle T2 can get constructed by mirroring one of the 3 vertices at the edge in between the two other vertices. This will be repeated multiple times.

Given just two random triangle T1 and T2 (and $$\mathbb F_N^ ...$$

Score: 0
I am confused on how to solve this question about one way hashing

I know that I have to use decryption, but I am confused about how it breaks one-way (preimage resistance)

Score: 2
What is the link between anonymous credentials and transactional pseudonyms?

Anonymous credentials are used to prove certain properties of a specific user without revealing any other information, and transactional pseudonyms are used to authenticate a user as the rightful owner of a specific transaction without revealing any other information. Are transactional pseudonyms a form of anonymous credential, does anonymous credentials use transactional pseudonyms or are they distinct ...

Score: 0
mutual authentication in STS protocol

STS Protocol is like this:

1. $$A \rightarrow B:~ g^x$$
2. $$A \leftarrow B:~ g^y, E_K(S_B(g^y, g^x))$$
3. $$A \rightarrow B:~ E_K(S_A(g^x, g^y))$$

My question is why do we say in STS we have mutual authentication? For example:

1. $$A \rightarrow C: g^x$$
2. $$C \rightarrow B: g^x$$
3. $$C \leftarrow B: g^y, E_K(S_B(g^y, g^x))$$
4. $$A \leftarrow C: g^y, E_K(S_B(g^y, g^x))$$

so A will authenticate C instead of B!

Score: 2
Solve DLOG using a probabilistic algorithm for DLOG lsb

Following the question Can I know from a Bitcoin public key if the private key is odd or even?

The answer there gives a simple algorithm for solving the Discrete Logarithm Problem when given an oracle which gives the LSB of the DLOG. The answer hints this may be possible but not so easy with a probabilistic solution. So naturally I want to follow up with the harder question.

I can think of two such  ...

Score: 0
Get bit i when modulo n

Is there a way to recover the bit sequence of a number ( for example 29 = 0b11101 ) by always dividing it by 2 when in mod 143 for example ?

What I mean by that is recover the number bit by bit by multiplying it by the inverse of 2 mod 143 to simulate the /2 division. for example:
$$\begin{array}{} &29\bmod143=&29&\equiv 1 \pmod 2\\ 29\cdot(2^{-1}\bmod143)^1\bmod143=&29\cdot72^1\bmod143= ...$$

Score: 2
Is this a safe zero knowledge proof that two paillier encryptions are equal?

We have encryptions $$c_1$$ and $$c_2$$, the person who knows the plaintext and randomness in both wants to prove that they know it. Let $$r_1$$ and $$r_2$$ be the randomness values in $$c_1$$ and $$c_2$$ respectively. The prover then randomly generates another random number, $$z$$. They then calculate $$a_1 = r_1^n z^n$$, $$a_2 = r_2^n z^n$$. These are the proofs. A verifier would just have to multiply $$a_2$$ with

Score: 0
Zero-knowledge proofs for preventing data abuse

I am looking for a theoretical solution to the following problem: Alice receives a signed statement from her bank with information about her account and credit balance. Alice wants to prove this knowledge of the contents and the bank's valid signature to Bob, but at the same time prevent Carol from determining who signed the proof.

To better illustrate my problem, I took the liberty of making a s ...

Score: 0
What's the difference between permutation and transposition?

I am trying to understand the difference between permutation and transposition. I have seen a similar question in the forum but I would like to ask you for proper definitions and examples of each. I'm trying to understand the DES algorithm and I'd like to understand if the halving of the initial block and eventual swapping of the halves would be permutation or transposition. Thank you in advance.

...
Score: 0
Cryptography (DSA) Get Value of k and private Key

i am on a task in cryptography and need a hint (PLEASE NO SOLUTION).

I can send Messages (Digital Numbers) to a Docker Container. The response are the values p,q,g,z1,s,r and hashvalue(m+z1). So... when i enter the number 1 i get the DSA values used for signing.

Unknown is the value of k, z2 and x (the private key)

Known is that p,q,g,z1,z2 are fixed for every message. So they are the same ev ...

Score: 0
In paillier homomorphism, how is the randomness r changed during addition?

Two add the plaintexts encrypted in a ciphertext, you would just multiply the ciphertext and modulo it. However, how does the randomness value of the new ciphertext change? Assuming you the encryptor knew the randomness values in both ciphertexts, could you calculate the new randomness value?

Score: 0
Are there applications of sanitizable signatures without transparency property?

Are there applications of sanitizable signatures without transparency property ?

Score: 0
Why is this image not pre-image resistant?

The answers to my HW say that a preimage of a single block is easily found. I do not understand how it is easily found. Please help.

Score: 0
Understanding MITM in an example authentication protocol

Imagine that we have a protocol like this:
B -> A: RB
A -> B: {RB,B}K

Goal: authenticate A to B
K: a shared key between A and B
{}K: encrypting by K

After receiving {RB, B}K by B, B is able to authenticate A. But what if we have something like:
A -> C: {RB,B}K
C -> B: {RB,B}K
so in this case B will authenticate C instead of A, isn't it?

Score: -1
How to decrypt a file using RSA and just a public.pem file?

I have an encoded file and a public.pem file. Is it possible to decode the file using the public.pem file or do I have to start looking at private keys?

I tried https://github.com/Ganapati/RsaCtfTool with no luck. The public key (pem) is as below

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHDiqVkO1umD2/Tm20Wt
LpyBXGoIk4Pczeqjwz7/kwYLnQI7VlAzgjC9jD1dX80Z+kLOr5wHIDdfNK55 ...

### The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.