Latest Crypto related questions

A cyclic sequence can be produced with

$$s_{i+1} = s_i^a \mod N$$ with $N = P \cdot Q$ and $P = 2\cdot p+1$ and $Q = 2\cdot q\cdot r+1$ and $r = 2\cdot u \cdot v \cdot w +1$ with $P,Q,p,q,r,u,v,w$ different primes

We can now project a random number $x_R$ into a subspace of size $2(r-1)+4$ with $$s_R = x_R^{\beta} \mod N$$ $$\beta = 2\cdot p \cdot q \cdot n \mod \phi(N)$$ with a factor $n$ of choice.

Shor's algorithm can (efficiently) solve equations of the form:

$$n = pq$$

and

$$n = x^{2} + y^{2}$$

This question is simple: Can Shor's algorithm solve these equations in polynomial time when they are performed with finite arithmetic instead of over integers? i.e.

$$n = pq \bmod k$$

and

$$n = x^{2} + y^{2} \bmod k$$

Sizes of the Terms

At least in the factoring case if $\log_{2}(p) = \log_{2}(q) = \log_{2 ...

Proposition Let π be a protocol that securely computes a functionality f in the presence of malicious adversaries. Then π securely computes f in the presence of augmented semi-honest adversaries.

Proof. Let π be a protocol that securely computes f in the presence of malicious adversaries. Let A be an augmented semi-honest real adversary and let S be the simulator for A that is guaranteed to exist ...

Let's assume such a scenario. Person A will broadcast his public key and person B will broadcast his public key. They can now communicate. But let's say that suddenly another person C will write to person A impersonation person B. How can a person B prove their identity. We can implement a signature system. Person A will genereate a certain signature and gives it to person B, to always join it to t ...

I have a question about $z$ in Classic Mceliece Algorithm specification.

I have no idea about this $z$! In parameter set kem/mceliece348864, Field polynomial $f(z) = z^{12} + z^3 + 1$. is this $z$ in field polynomial same as the $z$ in pic? If this is right, the value of $z$ in the pic for kem/mceliece348864 is $(z^1, z^2, z^3, \dots, z^{11}) = (0, 0, 1, 0, \dots, 0)$?

please help me! Thanks

Im just starting out learning some cryptoanalysis techniques. I came across an idea which analyzes the vigenere cipher. Essentially the video explains that there is a standard english probability density function for each letter of the alphabet. And the letters used in the encryption of the message is called the key. And they have an effect of shifting the probability density function. The probabilities ...

I am reading the original paper of Argon2 authors and I can understand the algorithm except the indexing part. Can anyone explain two things:

1. the indexing process and the mapping $J_{1}$, $J_{2}$ to reference block index.
2. How the $B_{i'j'}$ are fixed in Argon2d, Argon2i and Argon2id.

I tried to simplify things by taking a few lanes and columns but still could not get what is happening in the indexin ...

In Linear Approximations of Additions Modulo $2^n$, Wallén shows how to compute the correlation of the modular addition of two binary bit vectors. A simple recursive procedure was given by Schulte-Geers in On CCZ-equivalence of Addition mod $2^n$. However, these papers both assume that the summands are uniformly distributed random variables over $\mathbb{F}_2^n$.

Suppose one has $f: \mathbb{F}_2^ ...

This is related to this question about solving the following expression:

$$x^{2} + y^{2}$$

This can be factored over the gaussian integers as

$$(x + iy)(x - iy)$$

If one could factor a sum of two squares and take the integer component $x$ one could solve the problem.

Can Shor's algorithm factor a term over gaussian integers? More precisely can it be used to solve the sum of two squares problem?

In LWE, we have

$$<a_1,s> + e + \mu_1\in \mathbb{Z}_q$$

for a secret key $s\in \{0,1\}^n$ and $a_1\in \mathbb{Z}_q^n$

This is an encryption of a number $\mu_1$. If we want to encrypt $n$ different $\mu_i$, we need $n$ different $a_i$. With $n$ values $a_{11}, ..., a_{1n}$ we were able to encrypt one single $\mu_1$.

For RLWE, we have

$$a*s +e + m \in \mathbb{Z}_q[X]^n$$

for $a\in \mathbb{Z}_q[X] ...

I've noticed that keys for authenticated encryption primitives like AES must be unpredictable and uniformly random in order to be secure. IV values and seeds for PRNGs also have to be unpredictable and random.

My question is: How those unpredictable and random values are different from predictable values that contain whole english words, for example (like verysecretkey123456)?

I assume from the persp ...

So I am trying to solve some exercises about pseudorandom permutations.

Assume that keyed-permuation $E_k(x)$ is a pseudorandom permutation, where $|x|=|k|=n$. Using $E_k(x)$, we construct an encryption sheme as follows.
$$ c=m\oplus E_k(0^n)\\ m=c\oplus E_k(0^n) $$ where $k$ is a random key.

The task is to show if this sheme either provides OT-IND-CPA or IND-CPA.

So if I understand pseudorandom perm ...