Latest Crypto related questions

In pairings-based cryptography, are there any examples of systems where they use two different bilinear mappings. That is, they make use of both $e_1$ and $e_2$ where $e_1$ is a symmetric bilinear mapping from $G_1 \times G_1 \rightarrow G_T$ and $e_2$ is an asymmetric bilinear mapping from $G_1 \times G_2 \rightarrow G_T$. If not, then what are the possible issues in using two bilinear mappings t ...

I've been implementing an asymmetric key exchange for creating a symmetric key.

My question is more of a philosophical/legal one in terms of key-exchange responsibility, and what happens when let's say, a commonly known key is used.

I'd like to set these base variables:

• The client has the servers public key hardcoded in memory
• The server has its private key hardcoded in memory
• There is a hardcoded  ...

I was studying the theoretical attacks on ChaCha cipher here (See section 3). There is one special attack procedure which require key-IV(Initial Vector) pairs. These key-IV pairs are special in the sense that they produce high bias (minimum difference after one round in the differential attack) so that it is helpful in further attack (Finding the PNBs and all other things).

My question is " In ac ...

I am studying the Salsa20 algorithm and I was wondering if you could help me understanding the expansion function. I don´t understand what the Pos or stream position as I have read in other places does, is it meant to randomize the data, similar to the nonce? Any help would be greatly appreciated!

In the context of ECDSA , given that i have a message and a private key , i can change value of k and i will get different signature , doesn't that mean i can create infinite signatures and all of those will be valid and that means i can forge a signature right as i can assume that random signature that i guessed for a message will also be one of those infinite signatures that can be generated using dif ...

I am learning about symmetric encryption and its security properties. One of the security notion is security against chosen cipher-text attacks (CCA), particularly IND-CCA notion.

Under this notion, adversary has access to both an encryption oracle and a decryption oracle. The IND-CCA game/experiment imposes an important restriction on adversary that he cannot make a query of cipher-text (to the  ...

The only accumulator that I know is the Merkle tree, which has these asymptotic worst:

• Space non-pruned: $O(n)$.
• Time insertion/removal: $O(\log_2 n)$.
• Time verification: $O(\log_2 n)$.

My question is: is there any accumulator that its non-pruned version has an asymptotic worst-space that is cheaper than $O(n)$? E.g. perhaps $O(\log_2 n)$?

I work for an institution where patient data is collected and I am supposed to encrypt it. At the moment I do the following steps (with R):

• Randomly assigning an ID to each patient. The procedure avoids duplicates (using sample(), among others)
• Create a salt for each patient (using salt <- bcrypt::gensalt(log_rounds= 5))
• Create a hashed ID for each patient using the ID and the salt (using id_ha ...

Can someone please explain what exactly is the difference between key exchange protocol and key distribution protocol? I looked on the Internet but it was not clear to me. I would be grateful if somebody could either explain it or direct me to some references.

I am currently reading through Secure Distributed Key Generation For Discrete-Log Based Cryptosystems, which describes a secure variant of the Joint-Feldman protocol. In this paper, in section 2 (Preliminaries), it's stated that the communication model assumes the participants have access to a "dedicated broadcast channel". However, the definition for this is never given anywhere in the paper.

Does ...