Latest Crypto related questions

What's the difference between the definitions of virtual black-box (VBB) obfuscation and indistinguishability obfuscation (iO)? Is there any presentation describing both? Furthermore, why is the notion of iO interesting (and sufficient in practical sense) given that it is a weaker notion than VBB?

Take for example SHA256. Is it possible for the hash of a 64 character hex string S to be S? i.e: $$H(S)=S$$

This is from the paper of Yevgeniy Dodis, Shai Halevi, and Tal Rabin

Could anyone provide some help about understanding how the following protocol is executed? The game is played based on the sequel assumptions: ``the players are (1) computationally bounded and (2) can communicate prior to playing the original game, which the authors believe are quite natural and minimalistic assumptions"

Could an ...

To use the Laplace mechanism, we have to get the global sensitivity of a query function. What do we do in the case where there is one huge outlier(or multiple outliers) in the dataset such that the global sensitivity gets too large and noise added results in query outputs that do not make sense anymore. In which case can we use the local sensitivity. Any ideas, papers, references will be appreciated.

A proposed secret sharing scheme: Suppose that $p:S\times Y\to X$, with $|Y|\geq|S|$ is a cipher where, $y\in Y$ is the key and $x\in X$ the code, $p$ is bijective, namely $(x,y)$ is associated with only one $s$. Hence the decrypted message $s=x\oplus y$ and it is easy to proove it.

$\textbf{Proof:}$ Suppose that we have a mechanism of communication $\mathcal{M}=(p,d)$ such that $\mathcal{M}$ is def ...

Given the OWF function $f: \{0,1\}^{2\lambda} \rightarrow \{0,1\}^{2\lambda}$ and the PRG $G: \{0,1\}^{\lambda} \rightarrow \{0,1\}^{2\lambda}$, is the following function $f^*$ a OWF?

\begin{align} f^*: \{0,1\}^{\lambda} &\to \{0,1\}^{2\lambda}\\ x &\to f^*(x) = f(G(x)\oplus(0^{\lambda}||x)) \end{align}

My idea is that it is secure, mainly because the function $f$ is a OWF itself, but I h ...

The scheme that I refer to is from this paper.

A secret $s\in D$ is obtained by splitting s into a random sum. We have (actually linear) for any $k$ this $k$-out-of-$k$ secret-sharing scheme: Select $k−1$ shares, say $s_1,s_2,⋯,s_{K−1}$ from $D$ and let $s_k=s−\sum_{i=1}^{k−1}s_i$ where $s_i$ denotes the $i$-th share.

$\textbf{Lemma:}$ The above scheme is a $k$-out-of-$k$ secret-sharing  ...

Say Alice owns two keypairs: ($Pub_1$, $Priv_1$) and ($Pub_2$, $Priv_2$).

The pair ($Pub_1$, $Priv_1$) is pretty mundane.

$Priv_2$ was intentionally created by Alice by concatenating $Priv_1$ and the word "banana" (and then she derived $Pub_2$ out of $Priv_2$ the usual way).

Bob knows the public keys.

In any asymmetric key algorithm, is it possible for Alice to prove that $Priv_2$ = $Priv_1$ + "banana"?  ...

Suppose that we have a multi-secret sharing scheme and let $I$ be the a set of agents. Say that $S$ is the space of the (uniform) random variables $s=(s_1,s_2,\cdots,s_I)\in S$ such that the share $s_1$ is known to $P_1$, $s_2$ is known to $P_2$ and so on.

According to Shamir's secret sharing, suppose that $\mathbb{F}$ is a finite field. This scheme makes use of the following general fact about pol ...

What are the requirements of a nonce? <- Typically it is only required that a nonce is unique, however, in certain cases harsher requirements (such as randomness and unpredictability) are put.

The OAuth 1.0a specification states that:

A nonce is a random string, uniquely generated by the client to allow the server to verify that a request has never been made before and helps prevent replay atta ...

The public key is defined by (N, e) where N is the product of two large primes and e is chosen such that e.d = 1 (mod phi(N)) where phi(N) is Euler's totient function. e is the encryption exponent and d is the decryption exponent.

Suppose x is the symmetric key which is encrypted as c = x^e mod(N). How is tampering with this ciphertext c prevented?

In Alexander May's Paper "How to Meet Ternary LWE Keys", Alexander May writes the following about combining representation techniques with Odlyzko's locality sensitive hash function (Page 12):

Intuitively, in a subset sum-type approach of the representation technique as in [HJ10], one would try to construct two lists $L_1$, $L_2$ with entries $(s_1, \ell(As_1)), (s_2, \ell(b − As_2))$ recursively su ...

For an exam I'm studying for, I'm wondering what block cipher modes are best to use in certain situations.

We learned about these block cipher modes: ECB, CBC, CFB (+ s-bit), OFB (+ s-bit) and CTR.
From what I understand: some can be parallized, some can't. Some can be turned into a stream cipher (s-bit), some can't. Some have worse error propagation. They each have their (dis)advantages.

My question is,  ...

I am wondering which of these two solutions is better for security on the long run. The problem is:

Alice and Bob exchange a secret key/private key. Then they go far away from each other and never have the opportunity to exchange a private key again. They will use the private key to exchange messages intensively (let's say 1 per 20 minutes for years).

Which option is the best secured?

• Just let th ...

Suppose that we have a multi-secret sharing scheme as it is described in the literature

Let there be $I$ agents and say that $S$ is the space of the (uniform) random variables $s=(s_1,s_2,\cdots,s_I)\in S$ such that the share $s_1$ is known to $P_1$, $s_2$ is known to $P_2$ and so on. Could someone propose an appropriate multi secret sharing scheme? Every agent $i$ wants to share $s_i$ in such a wa ...