Latest Crypto related questions

I'd like to derive two independent 256 bit keys for symmetric encryption from a user password. I'm using Argon2id as the password-based key derivation function. I'm planning to do the following:

1. Generate a 256 bit random salt.
2. Generate a 512 bit tag with Argon2id using the user's password and the salt.
3. Take the first 256 bits of the 512 bit tag for the first key and the second 256 bits for the second k ...

I am looking to see if using a digital signature is a secure and reasonable way to generate a key for AES encryption.

To flow would be as follows:

A user signs a message m with their private key. They actually sign the hash of m but this is taken care of as part of the digital signature creation function. This returns the digital signature s.

Provided s remains secret, is s a secure digest to use  ...

Is there any existing approach to construct perfect hash function that map [0, M) to [0, M)? It should be one to one mapping and one-way.

f(value, salt) -> hashed_value

relic, the library used by the majority of BLS implementations, is rather difficult to build cross-platform.

Because of this, I've been looking for other pure BLS implementations that don't rely on C - and I've found one in Go and another in Rust.

However, the nomenclature seems to be different between each library.

I see a mix and match of the words "Affine", "Scalar", "FR", "FRRepr", "G1", "G2", "P ...

I'm looking for / working on an algorithm that must be very small and simple, with no extra libraries and stuff that looks suspicious to a user using the code. You can see what I mean by reading the below. The user just keeps the dead simple code that he can even understand, and remembers his passcode, and the files are (reversibly) encrypted, and essentially uncrackable.

Here's my method, but is ...

I am having an idea to create a cryptographic hashing algorithm. I found a mathematical function $f: x \rightarrow y$ . By using Merkle-Damgård construction wide pipe, I designed a hashing function. Now I have some problems to solve before writing a research paper.

1. How to find if my hash is strong or not?
2. How to find The complexity to break my hashing algorithm(find collisions)?
3. How can I prove my mathe ...

Depending on $\alpha,N,x$ the sequence $x\mapsto x^\alpha \mod N$ can have a different length. If the first element $x_0$ is initialized with $x_0 = x_r^\alpha$ for a random $x_r$ the sequence will almost always have the same constant size.
We will focus here only at the most common sequences with max size $N_L$ (for given $\alpha,N$).

Depending on chosen $x_0$ it can lead to different, disjoint sequence ...

In substitution–permutation network block ciphers like AES, when encrypting a plaintext into a ciphertext, will each bit of the ciphertext be associated to each bit of the S-boxes set in the cipher?

I have seen the Kuznyechik reference implementation and I have doubts if each bit of the ciphertext will be associated with each bit of the S-boxes set:

#define LS(x1,x2,t1,t2) { \
        t1 = T[0][(byte)( ...

Given $n$-bit block cipher $E$ (and its inverse $E^{-1}$), define block cipher $E^\prime_k(m) = E_k(E_{f(k)}^{-1}(m))$ where $k,f(k) \in \{0,1\}^n$ and $\forall k:f(k) \ne k$. Under the ideal block cipher model, there exists no function $f$ which would give an attacker an advantage against $E^\prime$. Are there any real block ciphers for which any $E^\prime$ would be weaker than $E$ (excluding those with ...

Given a EC with cardinality $C=P^3+c$ with $P$ a prime $P \approx \sqrt[3]{C}$ and $c>0$. Out of a given generator $G$ we generate two additional generator $F,H$ with $$F = P \cdot G$$ $$H = P^2 \cdot G$$

(all would still generate a sequence of length $P^3+c$)
Given now a random member $M_1$ of that EC we can generate a $P\times P \times P$ cube of different members with $$ M_1 +i\cdot G+j\cdot ...