Latest Crypto related questions

Let $(K_{enc},K_{dec})$ be an asymmetric key-pair. It seems to me that a signature scheme can be created by letting the public verification key be $K_{ver}=K_{dec}$ (the asymmetric decryption key) and the secret signing key be $K_{sign}=K_{enc}$ (the asymmetric encryption key). Say with $H$ some hash function and $m$ to be signed: $$ s=\texttt{sign}(m,K_{sign})=\texttt{encrypt}(H(m),K_{enc}) $$  ...

When $x < N$, there cannot be the same encrypted message with different outgoing messages.

But why?

In OFB mode, I understand that a bit flip in $c_i$ for $i > 0$ only causes a bit flip in message block $m_i$. However, how is it possible for a bit flip in $c_0$ (i.e, in IV) will result in all the plaintext blocks being recovered incorrectly.

Why do we limit the number of queries to Encryption or Decryption oracles in the security analysis of various encryption schemes to be polynomial in the security parameter n?

I understand that PUFs (physically unclonable functions) produce unique output based on challenge input because of their sensitivity to manufacturing differences, but not how the actual authentication works. It sounds like one approach is to have a server that keeps a table of known responses to challenges, but wouldn't that table eventually be exhausted?

Can you explain some of the ways that PUF ...

Having this web of trust scheme, I have a question concerning third scenario in which we assign Dharma and Chloe a marginal trust. In case of Dharma the situation is clear, we sign her public key and assign our marginal trust in it. But how physically we can assign a marginal trust in Chloe's public key when we don't sign her key? Am I missing something?

I know about ECDH when you need 2 pairs of public/private keys. But I wonder what is a simplest way to encrypt with just single public key?

• Should I select a second random pair of public/private keys for each "boxing"?

or

• I can have a pre-selected publicly known pair of public/"private" keys?

or

• Is there other simpler way to encrypt data with Elliptic Curve encryption?

For some encryption scheme $(\mathcal{E}, \mathcal{D})$:

In the definition of IND-CCA, the adversary $\mathcal{A}$ can access the decryption oracle $\mathcal{D}$. The deep reason of this setting is to make sure that our scheme is able to "protect the ciphertexts" (e.g. the integrity and authenticity).

So "protecting the ciphertexts" is what an IND-CPA secure scheme can not offer. And that's why IND-CCA  ...

with a block cipher having a 256-bit key and 128-bit block length to MAC a 1024-bit message. How many evaluations of the block cipher will be performed to calculate the tag? [Assume there is no padding]

i am assuming that in order to get the number blocks we need i have to divide 1024 by 128 where i get 8 blocks. so does the answer should be 8 evaluations of blocks? i just want to make sure that  ...

i just a bit confused that is it reasonable to assume that the probability of sending message $m \in M$ is uniformly distributed over the message space $M$? How is this different from assuming that the key $k$ is uniformly selected from the key space $K$?