Latest Crypto related questions

Can we make EC ElGamal have multiplicative homomorphic property?

Reading Why Zk-SNARKs are Argument of Knowledge if a Knowledge Extractor exists? I feel confused by OP first statement:

From what I know, proving the existance of a Knowledge Extractor implies perfect soundness.

Answer focuses on soundness not necessarily being perfect, but it seems implicitly confirming the soundness implication by the extractor.

First of all let me state that when I read "sou ...

If I want to prove that an encryption algorithm is CPA secure (or that it isn't), then how much am I allowed to assume the attacker to know about the internal workings of the algorithm? Do I need to assume that the encryption algorithm is just a "black box" from the point of view of the attacker i.e. they can only query it for encryptions of different plaintexts but don't know anything about how it work ...

I am here so if I asked something wrong or in the wrong way please let me know.

How to hash compression large data into the fixed size of the string.

Edit:

How Davies–Meyer does work? Take the example of input as: "Hello this is a demo"

Why is the discrete logarithm problem assumed to be hard?

Someone else asked the same question but the answers only explain that exponentiation is in $O(\log(n))$ while the fastest known algorithms to compute discrete logarithms is in $O(n)$. (I'm glossing over details like the runtime of index calculus here.)

Somewhere else I read: "We assume discrete logarithms to be hard because for over 40 years v ...

From the NIST SP 800-90B, we can use these cryptographic algorithms (HMAC, AES, Hash function) as a post-processing technique for TRNG. Besides that, can we apply the Pseudo Random Number (PRNG) as a post-processing method for True Random Number (TRNG)? It will become the Hybrid random number generator (Combination of PRNG and TRNG)

I am trying to understand this article. Can someone explain to me how the ECDSA adaptor signing is work?

From the article:

1. ECDSA adaptor signing $$s' = (H(m) + R t p)r^{-1}$$

As I understand this is standard formula where $x = t p$ - is a private key for the signature s'. So public key is $P = t p G$

2. Decryption ECDSA adaptor signature: $$s = s' t^{-1} = (H(m) + R t p)(rt)^{-1}$$

I can't und ...

Semantic Security may be defined using the distinguishability experiment/game, which we recall as follows:

Let $(E,D)$ be an encryption scheme. After the challenger chooses a security parameter $n$ and random key $k$, the (semantic security) adversary choosing two messages $m_0, m_1$ that depend on $n$. The challenger randomly chooses a bit $b \in \{0,1\}$, provides $E_k(m_b)$ to the adversary who then m ...

I have a C# solution that encrypts a bunch of small data chunks using AES.

        //This is how I'm configuring the Aes object
        var aes = Aes.Create();
        aes.Mode = CipherMode.CBC;
        aes.KeySize = 256;
        aes.Padding = PaddingMode.PKCS7;

I then write the raw ciphertext bytes to SQL Server VARBINARY columns.

Querying the length of these VARBINARY ciphertext columns I expected them ...