Latest Crypto related questions

Let $q \geq 2$ be a prime integer. Consider two functions, given by:

$$f(b, x) = Ax + b \cdot u + e~~~(\text{mod}~q),$$ $$g(b, x) = Ax + b \cdot (As + e') + e~~~(\text{mod}~q),$$

where we have: \begin{align} b &\in \{0, 1\}, \\ x &\in \mathbb{Z}_{q}^{n}, \\ s &\in \mathbb{Z}_{q}^{m}, \\ A &\in \mathbb{Z}_{q}^{n \times m}, \\ e' &\in \mathbb{Z}_{q}^{m}, \\ u  ...

I'm trying to find an algorithm to prove that someone knows some short secret message (for example some prediction of the future) before finally revealing it.

For example:

Alice knows what temperature will be outside tomorrow, she wants to prove to Bob that she had it without revealing the number until tomorrow. Bob on the other hand needs Alice to not be able to fake her prediction after the fact. ...

Consider two points P, Q over a pairing friendly elliptic curve $E[F_q]$, e.g., BN254. Let Z = e(P, Q). It is known that $Z \in F_{q^k}$ where $k$ is the embedding degree. The norm map N(Z) is defined as $\prod_{0\leq i\leq k-1} Z^{q^i}$. We observed that for BN254, N(Z) is always the 1 in $F_p$.

Is that the case for all pairing friendly groups?

Sorry if this question is misguided, I'm a software developer and not a cryptographer.

Let's say I have a public key, and 2 signed messages.

Signed message 1:

message_hash_1
signature_1.r
signature_1.s

Signed message 2:

message_hash_2
signature_2.r
signature_2.s

Assumptions:

message_hash_1 == message_hash_2
signature_1.r != signature_2.r
signature_1.s != signature_2.s

I've read in https://www.bert ...

1. Is the $t$ out of $n$, namely $(t,n)$, threshold in the secret sharing scheme related to the entropy of the random variable that is shared according to the scheme?
2. What changes in the secret sharing scheme if $t=n$?

One issue that may arise when attempting to evaluate the security of a round function for a block cipher is that the analysis of the round function does not treat the round key space and the message space as merely sets but as more sophisticated structures. For example, if the message space is $\{0,1\}^{n}$, then the message space has extra mathematical structure since $\{0,1\}^{n}$ is always a Boolea ...

Suppose that there are $5$ players and each of them learns a secret that is a coordinate of the random vector $s=(s_1,s_2,\cdots,s_5)$, such that $s$ is a uniformly distributed over the field $V$. Each of them wants to share their secret by using a multiparty computation scheme with the other players. For example say player $i$ (who is the generic player form the set of the $5$ players) wants to s ...

Suppose there are some constant values which must be set inside the circuit. The naive way is to simply pass the needed constants as inputs to the circuit. But this seems wasteful.

What it the proper way of setting (i.e. hard-coding) constant values in the garbled circuits?

As a sequel of my previous post I am writing a new one with respect to the secret sharing scheme. I will only cite here the answer because I want to make a question on it.

$\textbf{Answer:}$ To be honest, I'm not 100% familiar with the original presentation in RB89, but they introduced several techniques that have been used in multiple subsequent papers, and today there is a sort of simplified ve ...

In ECDHE, the group is a public value. I want to get this value for a session. I inspected the session using Wireshark. Under the ServerHello -> Key share extension -> Key share entry, I found these parameters:

Key Share Entry: Group: x25519, Key Exchange length: 32
Group: x25519 (29)
Key Exchange Length: 32
Key Exchange: 22d9....88e....635... (full length is 64 hex character, 256 bit)

Can you e ...

In the above image, you can see a coordinate grid containing some random green points. Each point has a pseudorandom 1/10 chance of being green. What I'm looking for are clusters of these green points within a radius of ~8 (ignore the inner mask shown). Said another way I am looking for statistically unlikely high density areas of these green points. At the core of this problem is the Java RNG found i ...

I was reading the definition of Fujisaki-Okamoto transform, and I found this:

What does it mean the "randomness space" of the function Enc in the PKE setting?

I recently stumbled upon a YouTube video explaining a casino game. In simple words, they randomly generate a multiplier for your initial investment. This multiplier is supposed to be backed by a hash value. The casino also gives the customer the initial hash value of the first game and the hash value of every subsequent roll of the multiplier. The customer is supposed to validate the randomly generated  ...

Suppose I want to encrypt a message with a password.

Couldn't I just XOR the bytes with bytes from a cryptographically secure pseudorandom number generator (CSPRNG) with seed being the password, or a hash of it? I can't see anything wrong with this.

Or are CSPRNG so slow that more complex encryption schemes are necessary?

Suppose that $y$ is a uniform random variable that is defined over the field (or group or abelian group) $Y$. Let us suppose that there are $N=\{1,2,\cdots,i\cdots,N\}$ agents and only one of them, say $i$, knows the random variable $y$. She wants to share the secret with the other $J=N-\{i\}$ players. Could someone provide a secure scheme for player $i$ to share her secret with players $j\in J$ in the fo ...