Latest Crypto related questions

I'm getting mixed reports on this one. I have a web host and multiple SSL scanning tools (including the one run by Qualsys SSL Labs), saying that the cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is NOT vulnerable to Zombie POODLE/GOLDENDOODLE, and at the same time I have a PCI compliance firm indicating that it is vulnerable. Unfortunately still, neither are willing to budge on the matter or  ...

I would like to know if sub-public keys of PGP keys can be published separately, if I create a pair of master keys and multiple sub keys to be used in multiple emails, and normally use only the sub keys to encrypt, decrypt and sign. But then won't it be discovered by others that these emails are actually one person? I'm new to cryptography and asymmetric encryption, so maybe this question is a bit silly ...

My implementation requires me to generate randomly a valid scalar on the curve. As far as I understand it is not a random number generation but more complicated thing.

I have to generate such scalars on the server and the client side according following scheme:

Client:

X = x × G + w0 × M

where

• x - generated scalar!

• G - curve base point

• w0 - a number represented by 32-byte array

• M - constant point ...

Background

In the paper "Minimizing Embedding Impact in Steganography using Trellis-Coded Quantization" and in this question on this forum, a so called Syndrome Trellis is built from a parity check matrix. The figure below shows the example from the paper, where the trellis on the right is built from matrix $\hat{\mathbb{H}}$.

Question

Why does the edge from trellis column $1$ to $2$ go from state ...

Let's say client side has a secret password $\pi$. The server has a series of indices $0..n-1$ and a salt associated value $s_i$ for all $i \in \{0,n-1\}$ call it set $S=\{s_i | i \in \{0,n-1\}\}$ for each client. Client wishes to compute an OPRF function $f(\pi,s)$ such that he does not learn $s$ and the server does not learn anything. This is basically what OPAQUE does for $f(\pi,s)=H(\pi,H'(\pi)^s) ...

Kaweichel is a port of Blowfish for 64-bit architectures, its key size accepted is 1920-bytes, instead of 16 rounds it has 32 rounds, the double of Blowfish.

ICE is a feistel block cipher that has a variant called ICE-n that accepts any key size being a multiple of 64, for this variant the number of rounds should be multiplied by the number of 64-bits slices in the key material.

/\ These two ciphers l ...

I'm learning the rainbow table and hellman table and I'm curious about the difference between them, so I left a question like this.

Wikipedia describes the following sentence:

The term, "Rainbow Tables," was first used in Oechslin's initial paper. The term refers to the way different reduction functions are used to increase the success rate of the attack. The original method by Hellman uses many  ...

Given (for example) different primes $p,q$ with $2 p+1$, and $4 p+3$ prime as well (same for $q$).
Let $$N = (4 p+3)\cdot (4 q+3)$$ With this the sequence $$s_{i+1} = s_i^4 \mod N$$ will have $p\cdot q$ elements (in most cases) for $s_0 = r^4 \mod N$ for almost all random values $r$.

Depending on chosen $r$ the related $s_0 = r^4 \mod N$ will (almost always) be a member of 1 out of 4 disjoint s ...

The paper Breaking Symmetric Cryptosystems using Quantum Period Finding shows how to break the Even-Mansour Cipher using Simon's algorithm. The Even-Mansour uses two keys $k_1, k_2$ and a random public permutation $P$ to encrypt a message $x$:

$$E_{k_1, k_2}(x) = P(x \oplus k_1) \oplus k_2$$

In a quantum known plaintext scenario we can use quantum period finding (Simon's algorithm), to find the per ...

Assume $g$ is generator of multiplicative group modulo prime $p=2q+1$ where $q$ is prime.

Assume we know $g^{2t}\bmod p$ and $g^{2}\bmod p$ and assume we can have access to a Diffie-Hellman oracle.

Can we find $g^t\bmod p$ in polynomial time?

Note if we can do that we can break discrete log with access to a DH oracle when generator order is even.

The screenshot from a book with Chaum–Pedersen Protocol description is below.

I'm trying to implement it for my own. And I don't get math here.

My assumptions:

1. Discrete Logarythm functions:

2. The dot in the formula below is a usual multiplication: 2 • 2 = 4

Examples: