Latest Crypto related questions

rfc5869 has the following to say about the use or lack thereof of salts with HKDF:

HKDF is defined to operate with and without random salt. This is done to accommodate applications where a salt value is not available. We stress, however, that the use of salt adds significantly to the strength of HKDF, ensuring independence between different uses of the hash function, supporting "source-independent" extr ...

I have a problem..

I cannot generate a private / public key pair (Elgamal - p256) in SWIFT.

Do you have an example or a link to guide me please ?

I continue my research..

In an algebraic number field, an ideal $I$ in the ring of integers $\mathcal{O}_K$ has dual $I^\vee = \{x\in\mathcal{O}_K\text{ : }T_{K/\mathbb{Q}}(xy)\in\mathbb{Z}\text{ for all }y\in I\}$, where $T_{K/\mathbb{Q}}(\cdot)$ is the field trace. A lattice $\mathcal{L}$ in $\mathbb{R}^n$ has dual $\mathcal{L}^\ast = \{x\in\mathbb{R}^n\text{ : }\langle x,y\rangle\in\mathbb{Z}\text{ for all }y\in\mathcal ...

Given $g$, a generator of a multiplicative group (over some finite field or elliptic curve), and the group elements $\left( g^x, g^a, g^b, g^c, g^{x(a+b)}, g^{x(b+c)} \right)$, is possible to efficiently find the value of $g^{x(a+b+c)}$ (without knowledge of the values $x, a, b, c$)?

I believe the problem at hand is closely related to the CDH problem (given $\left (g, g^a, g^b \right)$, find $g^{a ...

Just to start, this is mainly a curiosity question that's been nagging me for a while. I did a fair bit of googling to see if someone has already performed a righteous expose of this silly idea, but couldn't find anything.

A friend and I were working together on a small project to learn the basics of practically implementing encryption. The details aren't particularly important, all we wanted it  ...

I came in contact with an algorithm that deals with SPN in an example, first I'd like to give a definition of what it is:

Let $l, m, $ and $N$ be positive integers, let $\pi_s: \{0,1\}^l \to \{0,1\}^l$ be a permutation, and let $\pi_p:\{1,...,lm\} \to \{1,...,lm\}$ be a permutation. Let $P = C = \{0,1\}^{lm}$ and $K \subseteq (\{0,1\}^{lm})^{N+1}$ consist of all possible key schedules that could b ...

A proposed California law contains the following definition:

(i) “Electronic signature” means an electronic sound, symbol, or process attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the electronic record.

Suppose a person chooses to use an RSA signature to electronically sign a document. Which of the following does the above ...

Assume an operating system uses digital signatures to ensure executable files can be authenticated and can't be modified; where the digital signatures are constructed by creating a hash of the executable file (e.g. SHA256), encrypting the hash with a private key (e.g. RSA), then attaching the encrypted hash and public key (the signature) to the executable file.

Assume there's 1000 pieces of softw ...

In Elgamal signature scheme $\text{sig}_{k_{pr}}(x,k_E)=(r,s)$, $s=0$ is not allowed. How does this lead to finding the private key $d$?

Diffie-Hellman can be used for key exchange, and can be used as part of an integrated encryption scheme ("DLIES"). Schnorr signatures are possible by relying only on the discrete-log problem, and without resorting to using RSA.

Since RSA implementations are more complicated because of the need for padding schemes, why were signing and encryption schemes based only on the discrete-log problem not  ...

Suppose that I want to use a "poor man" password management working as follows:

1. I choose and remember one single master password (for example "78HK+jm?329");

2a. for any bank, site, etc. that I need to access I build a password by encrypting with AES ECB the name of the bank, site, etc. (for example "bankmyne") using the same master password as key, then I translate the encrypted text to Base64 (or ASC ...

Suppose that $m$ is a message that someone player $i$ wants to send to a network of other players $j\neq -i$. The player to prevent his message from cheating by others uses an encyrpstion scheme. Say $$g:M\times Y \to X$$ denotes a cipher where $Y$ is the key and $X$ a code that makes the message to look random. The standard assumptions to be made are that $|Y|\geq |M|$ and $g(\cdot,y)$ is a bijection nam ...

Linear Congruential Generators, that class of pseudo random generators with recursive rule

$x_{n+1}\equiv a\cdot x_n +b\ \ (\mod m)$, $a,b,x_n\in Z/mZ$, $m,n\in N$

are considered inapt for use in cryptography, as the constants $a$, $b$ may by deduced from a small set of outputs $x_n$. Now, when you choose $m=p-1$ for some odd prime $p$, the sequence $(x_n)_{n\in N}$ may live as exponents of some generato ...

Just started learning about RSA cryptography so forgive me if I made any mistakes or misunderstandings.

M = 20 be the message that i want to encrypt

N = 5*7 , p = 5 and q = 7

φ(N) = (5-1)(7-1) = 24

Let e = 5 as it is a coprime of 24

To encrypt the message, E = M^e mod(N)

This works out to E = 20^5mod35 , which equates to 20 as well

I have tried other values of e but the ciphertext is always 20.  ...

Is there a key derivation/hashing function (that has any real value) that fulfills both of these criteria:

• Slow to compute the hash
• Fast to verify the hash based on the input string (not given a second, existing copy of said hash)

I know in general key-derivation is used to prevent brute-forcing of passwords, but that's typically to protect passwords against internal users.

I'm looking to set up an a ...