Latest Crypto related questions

Are there any cryptographic methods $f,g,h$ which can be applied in any order to an input $x$ while still resulting in the same result $r$: $$f(g(h(x)))=h(g(f(x)))=ghf(x)=fhg(x)=hfg(x)=gfh(x) = r$$

Same for their inverse function: $$f^{-1}(g^{-1}(h^{-1}(r)))=h^{-1}(g^{-1}(f^{-1}(r)))=g^{-1}(h^{-1}(f^{-1}(r))) =...= x$$

If now $f,g,h,$ is applied $i,j,k$-times to an input $x$ finding/computing $x$

About birthday attack, book Cryptography Engineering says:

In general, if an element can take on N different values, then you can expect the first collision after choosing about $\sqrt{N}$ random elements. We're leaving out the exact details here, but $\sqrt{N}$ is fairly close. For the birthday paradox, we have N = 365 and $\sqrt{N} \approx 19$. The number of people required before the chance  ...

Has the following method of hiding data been proposed or studied? What is the efficiency or security of this method? What applications could use this method?

Data is to be hidden in a number that is the product of two prime numbers. One prime number contains the hidden data, and a bigger prime number indicates the length of the data, constructed using concatenation as follows.

$p = p_0 \ || \ data \ ...

In the process of studying discrete logarithms and approaches that could be taken, I saw the Pohlig-Hellman algorithm.

Later when I was working with $h = g^x \mod p$ where $p-1$ is smooth, using Pohlig-Hellman did not give the expected result, and returned something much larger than expected. I assume this is because Pohlig-Hellman skips over the smallest answer occasionally.

Questions:

1. How can I recover ...

Does the following checksum function make sense?

I am attempting to show that for all even numbers there exists at least two summands that, when normalized to $\frac{1}{2}$, asymptotically sum to 1:

$\lim \limits_{n \to \infty}\frac{n-1}{2[a+ \varphi(a)]}+\frac{n-1}{2[b+\varphi(b)]}\sim \frac{n}{n}=1$

where $n$ are even numbers $\geq 4$, $(a,b)$ are natural numbers where $a+b=n$ and $2 \leq a\leq  ...

I am trying to identify how the SP Network is constructed. I am looking for plausible solutions that help to connect these layers together and what are the ways that exist in literature other than Kam and Davida and The wide trail strategy of AES that can help in creation of a secure SP network.

Looking at the example of the null input (512 bits), it takes as input:

input (Hex): 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Since it's exactly 512 bits, there is no splitting and no padding. But from online calculators or golang code, I would obtain the sha-256 hash of the null input to be:

online calculator outpu ...

I'm replicating an invalid point attack on ECC using Short Weierstrass curves. For this I have written a "dumb" implementation that does not validate points are on the curve before going into the scalar multiplication. For the outline of the attack, I'm heavily borrowing from Samuel Neves' excellent descrption which he gave here: Understanding Twist Security with respect to short Weierstrass curves ...

My knowledge of cryptography is beyond shallow, and I have a problem I cannot solve.

Trezor wallets have two message signing formats: "Trezor" and "Electrum".

I have a method in my code, that is retrieving the public key from messages signed using BTC wallets (i am using bitcoinj library):

public VerificationStatus verifyMessage(String walletAddress, String phrase, String signature) {
    Address sign ...

No matter AES with CBC or EBC etc, the inputs for AES i.e, plaintext, key, IV, are always provided by one party. In other words, there is no need for AES in a 2PC scenario since one party can already calculate and get the result.

When I check e.g. the AES-no-expanded.txt files, party one has 128 bits input and party two has also 128 bits input. The output is 128 bits. I assume the first 128 bits a ...