Latest Crypto related questions

I'm trying to prove that the following two definitions are equivalent:

$\forall m\in M $ and $c\in C$ $\Pr[C=c \mid M=m]=\Pr[C=c]$

$\forall m_1,m_2 \in M $, $E_k(m_1)=E_k(m_2)$, where $E_k(m_i)$ stands for the distribution over $k$ of the encrypted message $m_i$.

First - just to make sure, I am indeed supposed to show two directions, right? (i.e. first $\Rightarrow$ second and second $\Rightarro ...

A limitation digital signatures is that for a given signature σ of a message m corresponding to a public key pk, an adversary could generate a pk', sk' that produces a signature σ' for m, such that σ' = σ. How can we create a signing function and verification function that is resistant to this attack?

I am building a cryptographic El Gamal implementation on the Cardano Blockchain for a poker game. Each hand the players generate a DH 64 bit keys and shuffle the cards together via homomorphic encryption and some non interactive zero knowledge proof. Now due to the limits of the size of a transaction the safe primes for the modulus is limited to 64 bits.

Now my question is, how secure is this enc ...

ciphertext1 = hmac-sha256(key, counter1) ⊕ (plaintext1 with plaintext1 sha1 hash)
ciphertext2 = hmac-sha256(key, counter2) ⊕ (plaintext2 with plaintext2 sha1 hash)
ciphertext3 = hmac-sha256(key ,counter3) ⊕ (plaintext3 with plaintext3 sha1 hash)
.
.
.

Note: counterN is increasing while (plaintextN with plaintextN sha1 hash) is longer than hmac-sha256(key, counterN). So it is a while function  ...

Hopefully this question is not duplicative, nor its answer too elementary.

Suppose I have a file. I encrypt it, using a password. The password presumably stipulates a pattern or relationship between the file in its pre-encryption (A1) and post-encryption (B1) forms. But that pattern or relationship is indeterminate. Depending upon the complexity of the password, there could be a vast number of po ...

Consider a prime order cyclic group $\Bbb G$ of order $q$ with generator $g$. Then consider the function$$f:\Bbb Z^n_q\to\Bbb G\\(\alpha_1,\alpha_2,...,\alpha_n)\mapsto g^{\alpha_1\cdot\alpha_2...\cdot\alpha_n}$$

Is this function collision resistant with any of CDH/DDH/DLog assumptions in $\Bbb G$?

I think $f$ is not collision-resistant as it is easy to find two inputs that map to the same output. Namel ...

I heard there is a possibility to perform a brute force attack of an password, I know there is an option to use graphic cards on AWS, but is there a solution for Azure too? Which costs would it take to perform such an attack? I know it depends on the performance, time etc., is there some pricing list on how Azure solves this? I cannot find it on google, I only found solutions for AWS.

I am a bit unsure about CMAC and GMAC and maybe someone can help me. As far as I know, CMAC does not use an IV [SP 800-38B ch. 6.2]. Is it then secure if I use the same key for different messages? ...and why do I need an IV for GMAC? What happens here if I reuse the IV and the same key?

In my case I don't encrypt any messages, I just create a MAC which I attach to the message (plaintext). Is this vulne ...

I learned that in Substitution–permutation block ciphers, the maximum size of S-Box set to receive an entry from a data is the max numeric count of the data, for example, if the entry is 8-bits the S-Box set to be used is 256-bytes as 2^8=256.

Would 16-bits entries in a S-Box set of 65536-bytes (2^16) deliver the same speed/performance (cycles per byte) to the cipher as well as if was used 8-bits  ...

Many types of encryption can be generalized as using a message $m$ and a key $k$ as input of an encryption function $f$ with a cipher $c$ as output. $$f(m,k)=c$$ As a node graph this could look like this:

Given node $m$ it has one edge of progression. If an inverse function $f{^{-1}}$ exists we could use it as a 2nd edge at $m$. With this node $m$ would have 2 edges of progression. At node $c$ we can ...

Has anyone integrated OpenSSL with the ETSI QKD key request protocol? I want to make my most critical SSH sessions quantum-safe by integrating with a QKD system and it appears the QKD vendors use the following API specification for the two side (Alice and Bob) to request keys: https://www.etsi.org/deliver/etsi_gs/QKD/001_099/014/01.01.01_60/gs_qkd014v010101p.pdf

I don't see anything publicly available b ...