Latest Crypto related questions

For generator $g$ of order $n$ the group elements $y=g^x$mod $n$ are uniformly distributed because of the modulo operation.

Suppose however that from the original output space $Y$, we only consider those elements $y$ which have some bits "fixed" in their binary representation. For example, for $y = y_1,y_2...y_m$ (where $y_i$ is a bit of the m-bit representation of $y$), consider the output space

Is there a standard way to generate ID numbers one after the other such that:

• You can guarantee, or almost guarantee, that you avoid collisions. (By "almost guarantee", I mean for example if you generated completely random 24-digit numbers, and you "only" generated 1 million of them, then even with the birthday paradox, the odds of a collision would be small.)
• You want the ID numbers to be short, not ...

A client has requested us to setup SSL certificate public key pinning for an internal desktop application we are developing for them. They have requested us to pin a specific pubkey but we are not aware of what format it is in.

The pubkey provided is WY*Nhx$kk@PTTz7Ykp*t!q#*8taRR84ZnyT7Rjqc%^29!7zx5GdYa!HSmpM^KQ!D. Any hints to what format its in is greatly appriciated.

In Katz's Introduction to Modern Cryptography,

Chapter 7 Practical Constructions of Symmetric-Key Primitives

In previous chapters we have demonstrated how secure encryption schemes and message authentication codes can be constructed from cryptographic primitives such as pseudorandom generators (aka stream ciphers), pseudo-random permutations (aka block ciphers), and hash functions.

I have troubl ...

In Katz's Introduction to Modern Cryptography, there are several hard problems, and for each problem, there is an experiment, where an algorithm generates a problem instance, and another algorithm solves the problem instance. For example, consider the discrete-logarithm problem in 9.3.2:

Let GG be a group generating algorithm which for each n, generates (G,q,p).

Let A be an algorithm for solving  ...

Which impact on security (factorization) has a common prime factor among the prime factors $P$,$Q$ of a number $N$ $$N=P\cdot Q$$ $$P=2\cdot F\cdot p+1$$ $$Q=2\cdot F\cdot q+1$$ with $F,q,p$ different primes and $F$ the biggest prime factor of $P$ and $Q$ with $$F\gg p,q$$

A potential adversary who want to factorize $N$ does know about the internal structure but does not know $F,p,q,P,Q$

For example

I've recently tried to replicate the results of the question Ruggero asked and which Samuel Neves answered here: Understanding Twist Security with respect to short Weierstrass curves

In my attempt to replicate this, I found that the attack does not work for some points. Initially my assumption was that this was because the twist factor $d$ in my case was not $-1 \mod p$. Hence, I asked this question:

Proof of Elapsed Time (PoET) was discovered by Intel in 2016 as a consensus mechanism primarily for permissioned blockchain networks. Importantly, we can only use this concept in permissioned blockchain, not public or private.

I think it is better than all other consensus algorithms as all miners are treated equally here. But why can't we use this concept in cryptocurrencies?

Let $(Enc, Dec)$ be an IND-CPA secure encryption scheme, where $Enc: \mathcal{K} \times \mathcal{M}_1 \rightarrow \mathcal{C}_1$, and $F: \mathcal{K} \times \mathcal{M}_2 \rightarrow \mathcal{C}_2$ be a pseudorandom function.

Consider a simple example where we may want to prove the distribution $(Enc_k(m_1), F_k(m_2))$ (whose randomness comes from the shared key $k \leftarrow \mathcal{K}$) is comput ...