Latest Crypto related questions

I'm reading Pairings for beginners by Craig Costello.

I'm trying to understand this example of (what I think) is the Pohlig–Hellman algorithim (on page 31 of the book).

Consider $E/\mathbb{F}_{1021}\,:\,y^2=x^3+905x+100$ with group order $\#E(\mathbb{F}_q)=966=2\cdot3\cdot7\cdot23$ and generator $P = (1006,416)$. We are given $Q = (612,827)$ and we seek to find $k$ such that $[k]P = Q$. Rather than see ...

Here is my understanding of the concept of security games. I bolded some parts that I am not sure about.

A cryptographic object is formally defined by its algorithms and what security notions it achieves. Such notions capture an adversary’s power and show how the adversary may "break the cryptosystem". "Breaking a cryptosystem" means winning a GAME associated with the cryptosystem’s security. ...

Two people want to come up with a random number. They don't trust each other nor any third party. What are the known solutions to this problem?

I am a quantum cryptography student and am currently working quantum random number generation. Any solutions, either classical or quantum are welcome.

EDIT

Ok so here's what I understood by reading through some papers. Assume two mistrusting parties want to com ...

I've seen that OFB is considered as a block cipher mode. But could we consider it also as a family of stream cipher?

To carry out Elliptic Curve Cryptography between parties, are all elliptic curve equations considered to be in the form $\bmod p$?

For example, the $secp256k1$ Bitcoin curve of the equation $y^2=x^3+7$ uses $\bmod p$, where $p=2^{256}-2^{32}-977$.

Section 4.1.6 of https://www.secg.org/sec1-v2.pdf describes a technique for recovering public keys from ECDSA signatures.

I guess Ethereum uses this. Like if you want to validate a particular transaction I guess you recover the public key and then verify that it matches the "address".

My question is... are there any other protocols that make use of this technique?

I'm finding the algebra behind cyclic codes somewhat tricky. The starting point is easy enough: $C\subseteq \mathbb F_q^n$ is cyclic if any cyclic shift of a codeword $c\in \mathbb F_q^n$ is still in $C$. Then I got hit with this: cyclic codes correspond to the ideals of $$\mathbb F_q[x]/(x^n-1). $$ Now, I have some background in abstract algebra, mostly from group theory. I can recognize a ring and ...

This question is linked with this question (stackoverflow) where I asked about a specific implementation detail of Python's random number generator (Mersenne Twister). Here, I have a slightly different focus. Feel free to close, but I could not find a similar question which exactly answered my question

• In a PRNG what would be the benefit of hashing a particular seed (user provided)?
• Would there b ...

Could someone please tell me where I can find the source code of the Coppersmith method univariate written in C with the GMP library?

to be fair I will explain how I will use it for factoring

reference https://www.academia.edu/48848013/Lepore_Factorization_nr_88

Let's take the example N=1763 of Factorization nr 88 Part I

$P=27*b+1$ ; $p=65-8*b$

$Q=25*a+11$ ; $q=67-8*a$

$p^2=(65-8*b)^2=64*b^2-1040*b+42 ...

Consider a service $S$ that receives hashes of documents from a number of providers. If two hashes match, it notifies the providers. We do not want anyone at the service to be able to identify the documents. However, the document space is actually quite small (~billions) so a dictionary attack is possible.

One solution would be the creation and provision of an HMAC key out of band between the data pr ...

Suppose $G_1, G_2$ are the base points on curve25519 and spec256k1, respectively. Point multiplication means to compute $kG_1$ and $kG_2$.

Then which curve is faster?

I'm reading "On the implementation of pairing-based cryptosystems".

It states that $E(\mathbb{F}_{k^q})[r]$ is isomorphic to the product of $\mathbb{Z}_r$ with itself. $E(\mathbb{F}_{k^q})[r]$ is the set of $r$-torsion points, which means all points, $P$ where $rP = O$ (I think).

Ok. Let's test this with $r = 2$. We know, the 4 solutions are: $\{O, (a_0, 0), (a_1, 0), (a_2, 0)\}$ where $a_n$ is t ...

To answer my question, imagine a device that has some sort of secret(s) (stored on a crypto coprocessor), that is encrypted with some sort of symmetric encryption (like AES).

If to make this device secure, I would keep the key separate, in a smart card for example.

Then when the smart card is inserted into the device, I would input the PIN of the smart card to allow the device to read the key on the ...

Masking is the process of replacing operations (internally to some cryptographic algorithm) on intermediate values with operations on secret shared values. Then, even if some number of these secret-shared values leak (say due to various side-channel attacks), one can maintain security (due to the information-theoretic security of the secret-sharing scheme).

I'm interested in the possibility of mask ...

Assume the following scenario:

1. Alice has access to 32 bytes of true randomness $s$.
2. Alice hashes $s$ with SHA-512, and uses the resulting hash as the secret $d_{A}$ for Ed25519. Assume number-clamping and so on are correctly implemented.
3. Alice hashes $s$ with a different hash function, say BLAKE-2, or hashes $s$ two times with SHA-512, and uses the result as the secret key $d_{A'}$ for Ed25519.
 ...