Latest Crypto related questions

Let $g\in G$ and $h\in H$ be two group generators. Given a list L of m group elements, where $L=(L_1,...,L_m)$, a prover wants to convince a public verifier (namely, a verifier who only has public input) that one element $L_i$ in the list $L$ (without revealing i) can be produced from a public element $ u =u_i$ (where i should not be revealed) and some secret $s_i$, e.g., prove that there is some

There are similar questions about secret S-box(es), but none of them about secret Blowfish (or any other canonical Feistel cipher) S-Boxes, only about secret AES S-Box.

Let's suppose that instead of using Pi hexadecimal number in Blowfish S-Boxes, I use my own S-Box taken from /dev/random and keep it secret.

Blowfish modifies all the 32-bits halves of plaintext 16 times, each half gets 8 inputs 32-b ...

Let's suppose I want to generate a 2048-bit key from a hash function with security up to 512-bits (such as Blake2b).

I take 4 high-resolution photos, hash them with a hash output length of 512-bits and concatenate all the hashes generating a 256-byte (2048-bits) key.

Will this scheme safely generate a key with real security of 2048-bits?

I need to parameterize some PRNG, let's assume I need 32-bit numbers. But when numbers doesn't look very random it gives bad results. The creators of SplitMix had similar problem (note that from what I understand they didn't solve it right):

https://www.pcg-random.org/posts/bugs-in-splitmix.html

So I need a function which will transform let's say number 1 into something like 10011110001101110111100 ...

Recently, I've had an exchange with Lorenz Panny about Xifrat. He says, that the quasigroup that I use can be linearized and then attacked, and he provided a script that linearized the quasigroup. His result is as follow:

f:
2 0 4 3 5 7 1 6
1 5 3 4 0 6 2 7
7 4 0 5 3 2 6 1
0 2 7 6 1 4 5 3
3 6 1 2 7 5 4 0
6 3 5 0 4 1 7 2
4 7 2 1 6 0 3 5
5 1 6 7 2 3 0 4

g:
2 5 0 6 7 1 3 4
5 2 1 4 3 0 7 6
0 1 2 3 4 5 6 ...

I am confused on the definition of GAP SVP. The problem states that for a fixed $\gamma \geq 1$, given a basis $B$ of a lattice and a $d>0$, GAPSVP asks to determine if $\lambda\leq d$ or $\lambda > \gamma d$. My confusion is that what if $d<\lambda\leq \gamma d$? What would be the answer of GAP SVP then? I read from Micciancio's Fall 2021 CSE206A notes that any answer is acceptable in that case ...

Are the methodologies (hard problems being used to secure the encryption) in post-quantum algorithms inherently slower than what we have right now? If not, why weren't they used initially?

Help me please.

Consider specific primes $p = x^{d} + 1$ and $q = x^{e} + 1$ for some $x, d, e \in \mathbb{N}$. Can their product $n = pq$ be factorized faster than the product of general primes ? In other words, is there a factorization algorithm that is more suitable for such $p$, $q$ than the state-of-the-art algorithms for primes of general form ?

Thank you in advance for your response.

If the LUKS header is removed from the LUKS partition, will this make the brute-force attack much more difficult? Can software tell which type of partition is it?

I am trying to understand the basic ingredients needed to conduct various types of cryptanalytical attacks.

For instance, I understand that for Ciphertext-Only Attacks (COA) an attacker only has access to ciphertext.

With Known Plaintext Attacks (KPA), attackers have some ciphertext and possess or deduce with reasonable certainty some portion of plaintext.

Chosen Plaintext Attacks (CPA) involve being a ...

imagine several parties that own data, and some of them need to use data of other parties, but have only limited access rights to it. An example:

Party #1 (pharmacy store) needs confirmation from Party #2 (doctor) that Party #3 (patient) was prescribed a medicine, but Party #1 (pharmacy store) shouldn't know the name of Party #3 (patient). Party #4 (drug manufacturer) needs to know when Party #1 ( ...

I'm solving a kernel ridge regression through a federated learning way. Equation to solve the kernel ridge regerssion is dot((K+lambdaI)^-1,y). So the aggregator of the problem knows the matrix A=(K+lambdaI)^-1.

But it cannot know the value of the labels y. So my idea was to encrypt the vector of labels y and apply inner product encrypton between the rows of the matrix and the encrypted vector. ht ...