Latest Crypto related questions

After a bit of research, I finally understand what's the step by step algorithm of SHA-2 (however, of course, I won't remember it myself). But I don't understand what's the idea behind it. Did the group of the algorithm's developers just randomly pick some constants and functions and apply them to the data and these constants, and then prove that it is strong enough? How else would they come up with suc ...

I'm implementing Pedersen commitment scheme in order to enhance entropy of a pre-image of a hash. I'm using secp256k1 for my curve parameters.

I am following naming conventions from here: What is a Pedersen commitment?

I am performing a commit $C = (m, r)$ and then another commit $C' = (m, r')$

Then I do the blind equality check $C - C' = (r - r')G.$

I got the blind equality check working, but on ...

For a binary-circuit-based MPC, the multiparty will provide its inputs to calculate the result, which indicated the function $f(x_1, x_2, \dots,x_n)$ needs to accept $2$ or more inputs.

• 1. Why do there exist circuits e.g, SHA-$256$, which takes only one input?
• 2. When I check the SHA-256.txt files, it takes $2$ inputs, one input for $512$ bits and the other input for $256$ bits, I assume the first o ...

i would like to know what are the danger can be occur by performing steganography without a key? Please kindly explain to me.

I am a MPC learner for privacy-preserving machine learning. Recently, I am reading this paper: FLASH: Fast and Robust Framework for Privacy-preserving Machine Learning. I am confused about the question that why we need broadcast channel in the 3PC setting. I guess that is because consensus, but I am not sure. Can you help me? Thanks.

I am having a hard time understanding what I have come across using RSA-textbook.

So I have:

• e = 3 as an exponent
• a VERY long public key N of 1991 bits (clearly useless trying to factor)
• a very short cryptogram of 403 bits

By doing C^(1/3) (because we have a short message compared to the public key), I found the message of 135 bits.

However, when I generate a new public key, therefore calculating a ne ...

In lots of cryptoanalytic papers I read, attack complexities are stated in the form of a constant. For example, this related key attack on of AES states:

[...] For AES-256 we show the first key recovery attack that works for all the keys and has $2^{99.5}$ time and data complexity

I have seen this notation of $2^{n}$ time in other papers too. However, it is unclear to me to which elementary opera ...

I have a question about database security. This is a scenario I have.

The data is encrypted using symmetric (i.e., AES) and stored in a database, while the secret key is stored on the client side, so when I need to request any of this data, I send a SQL query with the secret key to get this data and then forget the key:

My question

Key theft can happen while you're doing queries on the database server. ...

I am trying to work with large numbers in homomorphic encryption libraries in python such as TENSEAL that implemented on top of SEAL. However, i face errors in setting the "context parameters" (i.e. "poly_modulus_degree" and "coeff_mod_bit_sizes" in CKKS, or "poly_modulus_degree" and "plain_modulus" in BFV). More presisely, what is the value of context parameters to enable homomorphically evaluate a  ...

Something that's puzzling me for a while is how we could calculate approximately the energy cost of using AES, for a company like Amazon or Google. How likely it is due to the nature of their business model that its an important part of their fixed cost? Considering key generation, encryption and decryption etc of so much data on a daily basis.

I am trying to learn about RSA digital signatures, and have a question about the verification process.

My understanding of the set-up is the following:

The signer chooses two secret primes $p$ and $q$, and a verification exponent $e$ satisfying $\gcd(e,(p-1)(q-1))=1$, then publishes $N=pq$ and $e$.

The signer computes the secret signing exponent $d$ such that $$de\equiv1\pmod{(p-1)(q-1)},$$

signs  ...