Latest Crypto related questions

I am trying to understand the AES-256 encryption algorithm as it would be implemented on a gated quantum computer (actually, a simulator), and I am having some trouble understanding the theory behind it. The papers I read start with the ring of polynomials given by $F_2[x]/(1 + x + x^3 + x^6 + x^8)$. What is the significance of the polynomial $1 + x + x^3 + x^6 + x^8$? And how does this relate to

Black box generic models prohibit calculation of discrete logarithm in groups of order $q=2p+1$ where $p,q$ are random primes to $\Omega(\sqrt{p})$ steps (refer Discrete Logarithm in the generic group model is hard - Theorem by Shoup).

Do the black box generic models also prohibit MSB of discrete logarithm to $\Omega(\sqrt{p})$ steps or is it possible black box generic algorithms can get MSB of discret ...

I am evaluating ways to reduce the overhead of (H)MACs on small messages. I was primarily wondering if there is a difference between halving the MAC length or keeping the same MAC length but using it to authenticate a message of twice the size.

My initial thought was that the message/MAC ration would be the same though then it occured to me that this is probably not the complete picture as each i ...

Am following the instructions on https://datatracker.ietf.org/doc/html/rfc5649#section-3 ("AES Key Wrap with Padding Algorithm") and I have gotten to a point where I need to generate the LSB(32,A) for the Alternative Initial Value (AIV). Am using NodeJS with buffers to implement the algorithm. My understanding is 32-bits === buffer.length == 4 or in other words, length 4 of buffer is the 32-bits re ...

In a searchable encryption scheme based on the certificateless cryptosystem, the trapdoor generation algorithm only has a hash function that outputs an integer value. Does the scheme satisfy trapdoor indistinguishability? If so, how can we prove it?

I just learnt the definition of hardcore bit, and I have no intuition about this. I want to know what are the possible approaches to this problem.

I read about CTR block cipher mode in Wikipedia: "If the IV/nonce is random, then they can be combined with the counter using any invertible operation (concatenation, addition, or XOR) to produce the actual unique counter block for encryption."

Let's suppose I want to make a enciphering scheme with CTR and AES in which I XOR the counter value with the full IV.

Does it have advantage over combining a ...

Let's suppose I want to convert a Substitution-permutation network block cipher like Kuznyechik to a version with a larger block size.

Should its S-boxes be enlarged too in order to achieve similar security?

About collision-resistant hash functions, in Katz's Introduction to Modern Cryptography,

6.1 Definitions

Hash functions are simply functions that take inputs of some length and compress them into short, fixed-length outputs. The classic use of (non- cryptographic) hash functions is in data structures, where they can be used to build hash tables that enable O(1) lookup time when storing a set of e ...

I've been working on the RSA method for several weeks and I don't understand what this residual class ring is all about.

I understand that if

$ x^e \bmod n$ there must be $x<n$ because of the clarity of the results

However, I don't understand what other advantages it brings.

When I look for manipulation attempts on the Internet, the modulo calculation is always very simple:

$(s^e y)^d \e ...

Consider the group $$ℤ^*_{55}$$

Is exponentiating to the 3rd power a permutation of: $$ℤ^*_{55}$$ And exponentiation to the 5th power?

I'm trying to solve this problem related to groups, but I don't know how to do it. Is there a mechanical way to find it? Something like a formula?

I'm junior software developer and I need to implement a very simple authentication system based on Chaum-Pedersen ZKP Protocol. I know nothing about cryptography and I ask you to help me understand one thing in algorithm. An algorithm looks as follows:

I just can't get what $q$ is. I've read about protocol in Cryptography: An Introduction by Nigel Smart. There's a phrase: 'We assume that $g$ and

Linear feedback shift registers (LFSR's) work by taking a fixed-length bit-string $b\in\{0,1\}^n$, as well as fixed "taps" (bit positions) and applying XOR to the taps, giving one output bit, which is appended at the $b$ after shifting it.

Now XOR is a linear function. A natural non-linear function that can be used on the fixed set of taps is a kind of "majority vote", which works as follows: if  ...