Latest Crypto related questions

It is known that you must not reuse k in ECDSA; doing so will leak your private key. That's one of the reasons RFC6979 deterministic signatures were invented.

Now, RFC6979 sec 3.6 specifies a possibility of using additional data k' which would feed entropy to the deterministic scheme.

It suffices that the additional data k' is non-repeating (e.g., a signature counter or a monotonic clock) to ensure " ...

It's easy to see if two vectors of size 2 or 3 are linearly independent or not. what if the size of the vectors is large like 32 or 64?

I think from what I studied that I had the correct reasoning, but I would like a double check. Here is the thing:

Given two matrix: A and B

I calculate the hashFunction(A, B) = C

Now I calcultate the eigenvalues of B: µ and the associate vector x

Now is the following equation correct:

C * x = hashFunction(A, µ) * x = hashFunction(A, µ*x)

Is it true given any hashfunction? Specifically given sha256,  ...

I am self-studying by using "Introduction to Modern Cryptography: Principles and Protocols" (2nd edition).

I am looking at the following problem.

Prove that, by redefining the key space, we may assume that $Enc$ is deterministic without changing $Pr[C = c | M = m]$ for any $m$, $c$.

The question seems to be asking "Prove that if we change a non-deterministic encryption algorithm to a deterministic one ...

$y^2=x^3+9x+17$ over $\mathbb{F}_{23}$, what is the discrete logarithm $k$ of $Q=(4,5)$ to the base $P=(16,5)$?

One (naï­ve) way to find k is to compute multiples of $P$ until $Q$ is found. The first few multiples of $P$ are:

$P=(16,5)$, $2P=(20,20)$, $3P=(14,14)$, $4P=(19,20)$, $5P=(13,10)$, $6P=(7,3)$, $7P=(8,7)$, $8P=(12,17)$, $9P=(4,5)$

Since $9P=(4,5)=Q$, the discrete logarithm of $Q$ to the ...

From Stinson's book, during the demonstration of the following Theorem which says:

$H(X,Y) \leq H(X) + H(Y)$, with equality if and only if $X$ and $Y$ are independent random variables.

The author says to assume $X$ to take the values $x_i$, $i$ in the interval from 1 to m, and $Y$ to take the values $y_j$, $j$ in the interval from 1 to n, he denotes $p_i = \Pr[X=x_i]$, $i$ from 1 to m, and $q_j =  ...

This may be nit-picking, I’m not sure so feel free to say so.

In RSA-KEM as described e.g. in Wikipedia or this answer, we choose a secret $x : 0 \leq x < n$, and send $x^e \bmod n$ for public exponent $e$.

But isn’t this “textbook RSA”? For example, if $x^e \bmod n < n$ then it won’t wrap, and $x$ can be obtained directly.

Now of course for any normal $n$, the chances of choosing ...

As I studied, Salsa20/Chacha20 is basically a hash function that accepts a 64-byte input and returns a output of the same size of input.

128-bits of the input are filled with four "Nothing-up-my-sleeve numbers", 64-bits with the nonce and the other 64-bits field with counter. The rest, 256-bits, are filled with the key.

My question is:

Being Salsa20/Chacha20 basically a hash function, can its security  ...

I am working on a project that uses ElGamal cryptography using multiplicative notation. The project is an internet voting implementation that uses the cryptosystem to encrypt the received ballots, re-encrypt and shuffle them, and then finally decrypt them. I am basing the project on this paper (https://www.usenix.org/conference/evt-06/simple-verifiable-elections).

I know how to provide proof of correc ...

I am currently writing a math paper regarding the importance of prime numbers in RSA encryption. I understand that generating q x p = N (where p and q are prime numbers) is simple for a computer however factoring N into its two primes is improbable within a reasonable amount of time.

As mentioned before I am addressing the importance of prime numbers. What I think the reason for their importance i ...

I keep searching online and asking in different cryptographic communities whether there is a similar threshold signature schema (or a close one) to what Gennaro and Goldfeder proposed for ECDSA?

Requirements for this Ed25519 threshold signature schema am looking for is:

• Each party generates a key share secretly and independently
• Parties never reveal their key share
• Schema support m-of-t signers

I found something strange while checking the inside of the envelope data.

I had plain text "plaintextplant" - length is $15$ (include lf(0x0A))`. I made a .ber file that is encrypted by AES256 and encoded DER via:

openssl cms -encrypt -in plain -aes256 -recip certificate.pem -outform DER -out enveloped-data.ber

Then, I checked the encrypted data through berReader. I thought that the encrypted dat ...

I'm trying to solve problem 2.4 in "Introduction to Modern Cryptography" (2nd edition) for self-study.

The problem asks to prove that perfect secrecy $$ Pr[M = m | C = c] = Pr[M = m] $$

implies

$$ Pr[Enc_k(m) = c] = Pr[Enc_k(m') = c] $$

The solution goes as follows:

Fix two messages $m, m'$ and a ciphertext $c$ that occurs with nonzero probability, and consider the uniform distribution over $\{m, m'\}$

Pairing notation seems to suggest that bilinear pairings could be related to Clifford Algebra (ie: Geometric Algebra); and we only have an odd choice of notation that hides this fact. For example, if EC groups $G_1$ and $G_2$ are akin to vectors, then the target group seems akin to $G_1 G_2 = G_{12} = -G_{21}$. Searches on Clifford Algebra and Elliptic Curves indicates that it might be the case; but the ...