Latest Crypto related questions

Is it possible to have a homomorphic mapping from $F_{p^n}$ to ${\mathbb Z}_{p^n}$ that preserves both the add and multiplication operators?

Or if we relax requirement, can we have a homomorphic mapping from the multiplicative group $F_{p^n}^*$ to ${\mathbb Z}_{p^n}^*$ which preserves multiplication?

let $(\mathbb{G},q,p)$ be a group $\mathbb{G}$ with prime order $q$ and generator $g$. Assume that CDH is hard relative to this setup (Namely, given $(g,g^a,g^b)$, it is hard to find $g^{ab}$).

Now consider the following: for a probabilistic-polynomial time adversary $\mathcal{A}$, and given $(\mathbb{G},q,p)$, choose random $a,b,c\in \mathbb{Z}_q$ and run $\mathcal{A}(g,g^a,g^b,g^c)$. $\mathcal{A ...

I've exported the root CA cert (ISRG Root X1) used by StackOverflow's digital certificate, as a DER encoded binary X.509 (.cer) file and used openssl in cmd to find out the modulus/exponent:

openssl.exe x509 -in C:\Cert.cer -inform der -text

I then did the same thing for the next certificate in the chain which is called R3, to get the signature:

Signature for R3:

I've copied these into C# as byte arra ...

I'm referencing RFC-6090 for a hobbyist implementation of elliptic-curve cryptography.

I've opted for an exception-free (the answer pointed me to this paper) formula for point addition and thought - I only use point doubling with generator points and validated public keys, I can do with an efficient but not-very-versatile point doubling formula.

As someone not familiar with advanced mathematics,  ...

Let's suppose I take a cipher with key size equal to the block size (Threefish).

I XOR a random block in the ciphertext, encrypt with a key, XOR another random block, encrypt again with another key and XOR a third random block. It would be XOR->Encrypt->XOR->Encrypt->XOR.

/\ Is this scheme vulnerable to Meet-in-the-middle attacks or another kind of attack?

I received an answer in anot ...

dm-crypt in Linux uses 512-byte blocks (disk sectors) having sub-blocks of encrypted plaintext for block cipher modes that are non-parallelizable:

"With the usual modes in cryptsetup (CBC, ESSIV, XTS), you can get a completely changed 512 byte block for a bit error. A corrupt block causes a lot more havoc than the occasionally flipped single bit and can result in various obscure errors."

/\ Source:  ...

I'm building a small library for Schnorr Signatures and the Oracle DLC, the key passage is:

s_i G = R - h(i, R)V

• R = k G; G generator, k a nonce
• h(i, R) is the hash of the message i (i is one of the outputs that will be signed by the Oracle)
• V is the public key of the Oracle (= v G)

The "add" and "multiply" operations use the Jacobi representation for speed, therefore I'd need the negation as well. Ne ...

I can see what I think should be the public key in the Details tab for StackOverflow's certificate (see screenshot below). However, it is 2160 (num of chars (540) multiplied by 4 = 2160) bits long, not 2048 as it specifies.

When I view the certificate details using openssl in cmd, I can see a smaller version of the public key which is 514 nibbles * 4 = 2056 bits, which is one byte off 2048.

I not ...

I'm writing an application where both encryption/decryption and signing/verification are needed, and I choose X25519 as a key agreement algorithm which will produce a key for encryption, and ECDSA to sign messages.

Key generation: I generate a curve25519 private key from a mnemonic (so I have kind of a random 32 bytes private key).

Now I have 32 bytes array, I want to use this array byte array for b ...

I read it once on a page (I don't remember the link and I coundn't find it) that said about a cascade of AES with two 256-bits keys and that it provides 384-bits of security. Maybe not 512-bits of strength because of AES-256 block size of 128-bits.

This left me doubts.

Let's suppose I encrypt something two times using CBC mode and two different keys.

An adversary cannot determine a block encrypted with ...

Is the following problem a known cryptographic problem?

Find algorithms for functions $f$ and $g$, such that

$$ f(x, \alpha_{enc}) \rightarrow \beta_{enc}\\ g(x, \alpha_{dec}) \rightarrow \beta_{dec} $$

where $x$ is some data of $n$ bits, and $(\alpha_{enc}, \alpha_{dec})$ and $(\beta_{enc}, \beta_{dec})$ are (public, private) key pairs.

The problem probably depends on the type of asymmetric encryption  ...

I wonder about the CRS of NIZK argument.

I think [A]$_1$, [B]$_2$, [C]$_1$ is calculated using CRS. Instead of calculating A, B, C first and then calculating [A]$_1$, [C]$_1$, [B]$_2$.

1. May I know if this is correct?

If it is correct, in order to calculate [C]$_1$, I think [B]$_1$ is also needed.

2. Is it correct that we need to calculate both [B]$_1$ and [B]$_2$?

And I marked curious parts with  ...

I read the Argon2 specification.

It says in 3.1 (Page #5):

Secret value K (serves as key if necessary, but we do not assume any key use by default) may have any length from $0$ to $2^{32}\text{-}1$ bytes.

Let's suppose I want to convert Argon2 into a block encipherment, I provide an 8192-bit key (1024 bytes) and provide a counter to each block generated and so, XOR the hashed blocks in the ciphertext. ...