Is there any indistinguishability proof (e.g., IND-CPA, IND-CCA, IND-CCA1, IND-CCA2, IND-CKA) based on games that involve breaking the AES security? Usually the proof involve breaking hard problems like DL, CDH, DDH, BDH.

I came up with a rather simple FHE scheme that shouldn't work, but I can't figure out how it breaks. Any help with this is appreciated!

Part one

First, note that if we had an abelian field where computing the multiplicative inverse was difficult, then we could construct a homomorphic scheme for addition and multiplication trivially. Let’s say the message we want to encrypt is $m$. Then we sample som ...

I've been doing some reading on hash based signature schemes, specifically XMSS and thus the underlying Winternitz scheme (WOTS+ to be precise).

As their names suggests, WOTS and WOTS+ are one time schemes, so signing multiple messages with the same key should leak some info. I have however not been able to come up with a way to abuse this and was hoping someone can point me in the right directio ...

Assume AES in XEX mode, so we encrypt a plaintext $x$ as $E_K[x \oplus k_1] \oplus k_2$ where $E_K$ is the usual AES Block cipher (assume $x$ is of block size).

Assume the implementation of AES is vulnerable to cache-side channel attacks. Have any attacks against this XEX mode of AES been demonstrated? It seems to me quite difficult, because the attacker neither knows the input nor the output to

I have recently started learning differential privacy for my BTech project. I understand that it adds noise to the input stream based on a privacy level (say $\epsilon$) and a query function (say $f$), to provide privacy to the input dataset. The distribution parameters for the noisy signals are computed based on these things only.

Now suppose, we have a randomized algorithm that adds noise to the input  ...

Hey i do have a question about cryptography: I know that Elliptic curve is cryptography algorithm and Diffie–Hellman is mechanism which is provide the two parties who wish to encrypt some data with a identical key (symmetric key) and elliptic curve algorithm is used in conjunction with DH to provide authentication. I almost forgot to mention that I know that "ephemeral" in this context means that ever ...

As far as I know, JPG is a lossy image compression format

Meanwhile, BMP is a generally uncompressed image format, whose file structure consists of bitmapFileHeader (14 bytes) and bitmapInfoHeader (40 bytes), the rest of which is pixel data.

So I just need to pass the first 54 bytes and store it as a HEADER variable, and store the rest in the PIXELDATA variable.

In this state I can freely encrypt and d ...

I have the following Diffie-Hellman ciphers on one of my servers

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256     
TLS_DHE_DSS_WITH_AES_256_CBC_SHA        
TLS_DHE_DSS_WITH_AES_128_CBC_SHA      
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

I have been asked to disable any and al Diffie-Hellman moduli of less than 2048 bits

I've managed to find out that found the out that:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
TLS_DHE_RSA_ ...

RFC 8446 limits the maximum data carried withing single TLSv1.3 message to $2^{14}$ bytes, specifically in section 5.1:

The record layer fragments information blocks into TLSPlaintext records carrying data in chunks of 2^14 bytes or less.

The length field in the TLS header is represented by 16 bits so the maximum length could be in theory be bigger. I wonder what is the reason for this.

I'm trying to solve a CTF problem relating to RSA encryption.

I can run a challenge binary that will read a flag from a file, the flag will match the following RegEx:

AB1234C\{[0-9a-f]{32}\}\n

So in total the flag is 42 bytes including the newline

The flag is then padded with random padding to a total of 128 bytes.

I can choose the public exponent e, as long as e>1. The binary will generate a random 20 ...

here is the scenario. I want to use the concept of shamir secret sharing (or other multi-party computation methods) to store my private key in the public-key encryption. For example, I use RSA to generater a key pair and divide the private key into 3 pieces. These 3 pieces will work together under shamir secret sharing / multi-party computation to decrypt the data that is encrypted using this private ke ...

as the title says, for example, A uses B's public key to encrypt a message and sent it to B. In later stages, a new member C joins and B would like to let C be able to see this encrypted message (i.e., give the decryption ability to C). How to achieve this without letting A encrypt the message again using C's public key?

One way I can think of now is that B decrypts the message first and uses C's ...

I know that if only one character is encrypted using a shift cipher, then the shift cipher is perfectly secure. But what if the space of keys is greater than the space of messages? Would it still be perfectly secure? I think it would still be a yes, but I don't know how to deal with unused keys.

The theorem 2.10 (Introduction to Modern Cryptography, Second Edition) states that a perfectly secret encryp ...