Latest Crypto related questions

I know that if only one character is encrypted using a shift cipher, then the shift cipher is perfectly secure. But what if the space of keys is greater than the space of messages? Would it still be perfectly secure? I think it would still be a yes, but I don't know how to deal with unused keys.

The theorem 2.10 (Introduction to Modern Cryptography, Second Edition) states that a perfectly secret encryp ...

I read in this paper that keeping the S-boxes secret in AES raise its security from 128-256-bits to 1812-1940-bits.

Let's suppose I use one different S-Boxes set per single round.

/\ Does this increases security even more than using only the same S-boxes set in entire cipher?

The curve I am using is secp256r1. Its formulae is

$y^2 == x^3 + a\cdot x + b$

$a$ = 0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc (115792089210356248762697446949407573530086143415290314195533631308867097853948)

$b$ = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b (41058363725152142129326129780047268409114441015993725554835256314039467401291)

And I am check ...

This weekend I participated in a CTF, but came across a task that I wasn't able to solve. I can't find any write-ups so I hope you can help me.

Given: $$ n = pq\\ c_1\cong m_1^{\hspace{.3em}p} \mod n\\ c_2\cong m_2^{\hspace{.3em}q} \mod n $$ Knowing the values of $c_1,c_2,n$ and that $p$ is 1024 bit and $q$ is 1000 bit, with $p,q$ being prime. Is there an efficient way to recover $m_1,m_2$?

I know that  ...

I intend to design a model to comply with RFC4880. According to RFC6637, ECC in OpenPGP +ECDSA to sign message +ECDH + KeyWrap for session key encryption

-MAC: is used for key confirmation (with C(1e, 1s) Scheme at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf)

-MDC: is Modification Detection Code RFC6637 mentioned at https://datatracker.ietf.org/doc/html/rfc6637#sectio ...

Consider a variable one-time pad, that is, $\mathcal{M}:=\{0,1\}^{\leq \ell}$ is the set of plain text. Now, this scheme is not perfectly secret, since you can take two plain text of different size, say $|m_1| = 1, |m_2| = 2$ and considering a cipher text $c$ of length 1, the next happens: $$Pr(E(k, m_1) = c) = \frac{1}{2},\ Pr(E(k, m_2) = c) = 0.$$

Thus, how can I make a construction of this variab ...

I want to start off by being very clear: I'm not designing a system around this, this is 100% a hypothetical I was toying with.

Is there any harm in using the cryptographic hash of a plaintext as the key? For instance, if my message was Hello, world!, that produces the SHA256 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3. Is there any weakness in using this as a key?

If my syst ...

I'm part of a team of students from the Vienna University of Economics, which have the task to find application fields for a new technology. The technology itself is provided by an external partner, so I do not possess a lot of technical knowledge about it. As far as I understand, it is an encryption method that is able to transfer data in a manner that is (mathematically) unbreakable - as it combines o ...

The paper on the "SNEIKEN and SNEIKHA" AE and HASH sponge-based algorithms, respectively, presents a 512-bit permutation function "SNEIK512" that, unlike other permutations (ie: Keccak-f1600, gimli, etc.) takes a domain parameter. Their AE and HASH algorithms use this parameter to establish domain separation.

All other AE and HASH algorithms that I have seen that are sponge-based perform domain separ ...

There is an efficient variant of the RSA using the CRT:

\begin{align*} d_p &= d \pmod{p-1}\\ d_q &= d \pmod{p-1} \\ q_{\operatorname{inv}} &= q^{-1} \pmod{p} \end{align*}

where the decryption is done as follows:

\begin{align*} c_p &= c \pmod{p} \\ c_q &= c \pmod{q} \\ m_p &= c_p^{d_p} \pmod{p} \\ m_q &= c_q^{d_q} \pmod{q} \\ h &= q_{\operatorname{inv}}(m_p - m_q) \p ...

I was reading this paper.

And on Page 2 the following claim was made: Consider a public-key encryption scheme with a deterministic encryption algorithm, and suppose that the set of valid public-keys is in coNP. Then if retrieving the plaintext from the (ciphertext, public-key) pair is NP-Hard then NP = coNP.

I guess what I don't completely understand is what it means for a set of public-keys to be in c ...

I'm getting mixed reports on this one. I have a web host and multiple SSL scanning tools (including the one run by Qualsys SSL Labs), saying that the cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is NOT vulnerable to Zombie POODLE/GOLDENDOODLE, and at the same time I have a PCI compliance firm indicating that it is vulnerable. Unfortunately still, neither are willing to budge on the matter or  ...