Latest Crypto related questions

I am currently reading through Secure Distributed Key Generation For Discrete-Log Based Cryptosystems, which describes a secure variant of the Joint-Feldman protocol. In this paper, in section 2 (Preliminaries), it's stated that the communication model assumes the participants have access to a "dedicated broadcast channel". However, the definition for this is never given anywhere in the paper.

Does ...

Let $C(X)$ denote the cardinality of the set $X$. For example, $C(\{0\}) = 1, C(\{0, 2\}) = 2$ etc.

Let $S$ denote a (potentially infinite) sequence of random bits. Split $S$ into $k$-bit words $w_1, w_2, w_3, \ldots$ For example, if $k = 4$ and $S = 0001111010100100\ldots$, then $w_1 = 0001, w_2 = 1110, w_3 = 1010, \ldots$

At each step $i$ (here $i \geq 1$), do the following sub-steps:

1. Extract

If you have to generate a sufficiently long keystream, why would the keystream eventually repeat?

If the keystream repeats does it pose the threat of being decrypted by a hacker? How could one use it to that advantage?

I require an encryption algorithm that requires two parties with two different keys to be able to decrypt it. I could double AES encrypt, but I am instead considering AES encryption followed by a OTP since 1) I would like to hedge against the unlikely possibility of an AES exploit and 2) as the information being encrypted is critical, I like the perfect encryption of a OTP.

Since the data encryp ...

I recently studied the multivariate Coppersmith algorithm. Let $f(x)$ be $n$-variate polynomial over $\mathbb{Z}_p$ for some prime $p$. Informally, the multivariate Coppersmith's theorem stated that if the assumption ($*$) holds, then one can solve the multivariate Coppersmith's algorithm in polynomial time in some parameter.

($*$): There exist $n$ algebraic independent polynomials obtained from the LLL  ...

As far as I know it is possible to extract the key or key parts using side channel power analysis attack on AES, but we need some strong attacker model in order to do that. The first attack I know about is attacking the first AES round, comparing the first SBOX outcome, where we need to know the plaintext of our traces to perform this attack. The second attack doesnt require the knowledge of plaintext b ...

Say I have a pair of public and private keys associated with some resource (e.g. a TLS certificate for a website mycoolsite.com). I am free to take those keys and reuse them for a different resource (e.g. for anotherneatsite.net). My question is: is there an efficient way to "tag" the original keys with the data "this key is for mycoolsite.com" such that removing the tag would invalidate the keys?

I'm trying to understand Mitsuru Matsui's "Linear Cryptanalysis Method for DES Cipher", specifically the attack he describes at the end of section 5, on 5-round DES. I followed the attack on 3 rounds, and here's the math for it:

For 5 rounds of DES, I distilled things so that there's only 4 types of variables:

1. Plaintext bits (PL, PH for low, high).
2. Ciphertext bits (CL, CH).
3. Key bits ($K_i$).
4. High bits ...

The following is from BGV paper (https://eprint.iacr.org/2011/277.pdf) p. 12.

$\text{FHE.Add}(pk,\textbf{c}_1,\textbf{c}_2)$: Takes two ciphertexts encrypted under the same $\textbf{s}_j$ (If they are not initially, use $\text{FHE.Refresh}$ (below) to make it so.) Set $\textbf{c}_3\leftarrow \textbf{c}_1+\textbf{c}_2 \mod q_j$. Interpret $\textbf{c}_3$ as a ciphertext under $\textbf{s}_j'$ ($\te ...

Let's say I have a text file, and I modify it slightly 20 times, and I encrypt each modification using gpg -c (with the same 20 chars secure password). If the attacker has access to the 20 encrypted versions, is the decryption time lower? In this exact scenario, is the encryption breakable?