Latest Crypto related questions

I see there are a lot of questions relating to handling of a salt value but nothing I have seen so far has cleared the following question.

When using a KDF such a scrypt, I believe the value of the salt should be random and change each time even on a per user basis (same user generating two different keys at different points in time). Due to this is it safe to store the randomly generated salt in ...

What is the likelihood of getting the same result from /dev/random?

Sorry if question is really dumb, I am new to crypto :(

If the client provides the solution for the PoW Challenge-Response, in my understanding, the solution of that challenge should be verified. So I don't understand, if the verification process is involved in Challenge-Response, what's the difference between them?

If it's possible, can someone send implementation of Challenge Response variant. I'v ...

Most cryptographers know the scytale. It is that cipher where you roll a leather strip around a rod and then write text on it. For encryption you roll it off the stick and for decryption you roll it back on the stick. It can be visualized like that (from Wikipedia):

   |   |   |   |   |   |  |
   | I | a | m | h | u |  |
 __| r | t | v | e | r |__|
|  | y | b | a | d | l |
|  | y | h | e | l | p |
|  |   ...

Blowfish splits a 32-bit word into 4 sets of 8-bits (1 byte) and use them as entries in its S-Boxes.

Kuznyechick splits two 64-bits words in many nibbles (4-bits chunks), use them as entries in its S-Boxes and XOR each modified nibble with the next nibble in their sequence.

Kalyna does the same as Kuznyechik but it uses entire bytes instead of nibbles.

My question is:

Can entire words (32 or 64-bits ...

I have the need to take a string and return a color. One requirement is that the same name always returns the same color. Another is that similar names should not return similar colors.

I understand that a property of cryptographic hash functions is that small changes to the input result in large changes to the output (diffusion). This seems like the property I need. However, I don't require the  ...

In Ring Learning with Errors problem, the size of the ciphertext quotient $q$ decides the size of the polynomial degree $n$ or vice versa. In other words, rlwe problem is hard only when the polynomial degree is set in comparison to the quotient. However, I am not sure what is the relationship between the values of the two parameters?

Can someone explain to me or point me to some resource?

I'm reading up on elliptic curves and their history and it seems that people don't trust P256 seed which is defined in FIPS 186-3 on page 89 to be

SEED = c49d3608 86e70493 6a6678e1 139d26b7 819f7e90

Which people suspect may have been generated maliciously.

I'm wondering what happens if the seed is picked in a way that is computationally very hard to to not be random e.g. from a decade of Bitcoin blo ...

Is there any protocol for remote secret key storage without disclosure the key value for remote server administrator?

Let $R$ be the ring of integers of a cyclotomic field $\mathbb{Q}(\zeta_n)$, where $n$ is a power of two, and $\boldsymbol{a} \in R_{q}^{m}$, for $m\in\mathbb{Z}^+$, $q\in\mathbb{Z}_{\geq2}$ prime. Define the following $R$-modules, where $I$ is an ideal of $R_{q} = R/qR$: $$ \begin{gathered} \boldsymbol{a}^{\perp}(I):=\left\{\left(t_{1}, \ldots, t_{m}\right) \in R^{m}: \forall i,\left(t_{i} \bmod q\r ...

Assume that the verifier is given three commitments $C_i=g^{m_i}h^{r_i}, i=1,2,3$. Now a prover knowing $m_i, r_i, i=1,2,3$ wants to prove $m_3\neq m_1\wedge m_3\neq m_2$. Specifically, the relation is follows: $\{(m_i,r_i), i=1,2,3|C_i=g^{m_i}h^{r_i}\wedge m_3\neq m_1\wedge m_3\neq m_2)\}$. A general relation can be written as follows: $\{(m_i,r_i), i=1,2,..,n|C_i=g^{m_i}h^{r_i}, i=1,2,...,n\wedge m ...

Here is a possible way to perform iterative cryptographic hashing twice as fast as in the ordinary way.

Given a compression function $f: \{0,1\}^{a+b} \rightarrow \{0,1\}^b$. Assume the message is of length $4a$ bits after padding. Normally the four message blocks are injected one after another into a data block $x_i \in \{0,1\}^b$:

$$ m = m_0 \| m_1 \| m_2 \| m_3; \; |m_i| = a $$ $$ x_{i+1} = f( ...