Latest Crypto related questions

Similar to this question, but having two seperate inputs for each length preserving one way function $f$ and $g$, i.e. $h: \lbrace 0,1 \rbrace^{2\kappa} \to \lbrace 0,1 \rbrace^{2\kappa}, h(x) = f(x_1)||g(x_2)$ where $x_1$ and $x_2$ are two $\kappa$ bit split halves of x.

I think $h$ will be one way, but am not sure on the appropriate reduction to demonstrate this.

I think I don't need to show that ...

After reading "Can the xor of two RNG outputs ever be less secure than one of them?" I wondered if you can increase security of SHAKE256_XOF by using another instance of the CSRNG. The theoretical security of SHAKE256_XOF is 256 bits. After a theoretical quantum attack it has min(key_length/2, 256) bit security. So using a 512 bit key SHAKE256_XOF should theoretically be able to generate a bit s ...

I heard from some people that create a software licensing. They need to generate a short license number format. So if they use RSA (Asymmetric) they will got long key. Also if they use AES (Symmetric). It have only single key. Which can decrypted by attacker and he use it to generate/create KeyGens tool.

So I heard from one of them he said he use Asymmetric to secure the Symmetric Key.... I know  ...

I want to encrypt a system firmware, and future firmware updates will use the same encryption system. Because this firmware isn't fully from scratch but rather is based on an existing framework, it is highly likely that parts of the original firmware code are known, in other words, that long sequences of the message to encrypt would be known to any attacker (some of which are known to be full 1 and full ...

I was reading this paper on RC6 and formally, the algorithm is defined for an arbitrary word size $w$, even though only $w=32$ was considered for the AES submission. Now the paper explicitly mentions the choice $w=24$, among others. Later on in the paper, it says:

"The base-two logarithm of $w$ will be denoted by $\operatorname{lg}w$."

As part of the encryption routine, the following step is per ...

I would like to encrypt cryptocurrency wallet seeds (12 to 24-word passphrases) for replication and secure preservation. The seeds would be in a .txt or .rtf format before encryption. I would like to be able to send these over the internet with peace of mind. Encryption should hold for at the very least 60 years. What software would you recommend and why?

I am trying to accomplish the following:

• $Alice$ is an authority that can provide a secret $x$ to $Bob$, $x$ will enable $Bob$ to generate a public/private key pair $(p,q)$ which he can then use to sign messages. $Alice$ will not be able to sign messages as $Bob$.

• Anyone can trivially verify that the public key $Bob$ used was authorized by $Alice$.

My initial thought is that one could implement a roug ...

I have been attempting to analyse the classic proof presented by Barak et al. that claims Black-Box Obfuscation is not possible for (what appears to be) most classes of programs.

The proof is presented in such a manner where it is said that if there exists an encrypted program C'(a, b, x) which returns b if and only if a = x, and another encrypted program D'(a, b, f) which returns 1 if an only if

Let's say we choose AES as cryptographic algorithm for IPsec. My question is the following

Is the key produced by Diffie-Hellman algorithm used as INPUT to the AES algorithm so AES does the encryption with it?

SHAKE256_XOF is an extendable output function based on SHA3-512. SHAKE256_XOF can be used to create an infinite length bit string with 256-bits of security. For example:

from Crypto.Hash.SHAKE256 import SHAKE256_XOF

shake = SHAKE256_XOF()
shake.update(b'key' + b'nonce')

for _ in range(10):
    print(shake.read(16).hex())

18068a140f4c0f1f85f17da13b049155
1fc6d25b11833480dae5fba50b8b73db
bf4284c0d9a32b9 ...

Is there any reason why collision resistant variants of ed25519 that use a single-pass aren't used instead? For example:

$n = h(noncekey \| m)$

$h(R \| pub \| n)$ instead of $h(R \| pub \| m)$

or alternatively if we want to not change the EdDSA algorithm itself and instead implement collision resistance on top of it:

Let $n'$ be a 256-bit number randomly generated by the signer:

$sig = n' \| S_{priv}(h(n' ...