Latest Crypto related questions

I am reading about Diffie Hellman key exchange from Real World Cryptography book and came across this

For this reason, best practice nowadays is to use RFC 7919, which defines several groups of different sizes and security. For example, ffdhe2048 is the group defined by the 2,048-bit prime modulus.

I want to use the recommended group in nodejs and i am not sure what the modp number should be.

Looking at ...

I searched for the algorithm of the SHA1PRNG, which is implemented in Java's SecureRandom Class. Does anyone know how this algorithm works exactly? I have not found a source where the algorithm is described in detail.

My goal is to use it in JavaScript, but I didn't found any implementation, such that I has to do it on my own (educational purpose only and no production use). If someone implement ...

Suppose that we have a Bayesian game, where $t_i\in T_i$ denotes the type of player $i$. Say that we have a communication game (communication equilibrium). The players do send each other an encrypted message about their type. If $L_i$ is an isomorphic space of $T_i$ and $\phi_i:T_i\to L_i$ is an permutation (injection + surjection= bijection), then every player $i$ instead of sending their type to ...

I'm recently studying cryptography, and I have a task for collecting the s-boxes for AES, and then implementing that s-boxes for encrypting & decrypting, but most of the S-boxes I found are not including the inverse of it.

I know that most of it gives the calculation on how to construct the s-box and the inverse, but I don't think I can make it in time if I do that.

So, I wonder is any method of ...

Fujisaki & Suzuki's Traceable Ring Signature paper, which allows for a signature by one private key out of a ring of public keys to sign, and for anyone to verify that one member of the ring signed, without disclosing which member of the ring signed, unless the same member of the ring signs two different messages under the same tag ('double spends'), in which case it is possible to identify the d ...

Let's suppose I took a high resolution photo full of entropy and I want to convert in a key with 2048-bits of security.

Practically all the known hash algorithms have maximum 512-bits of security.

Is there a mode/scheme to generate a 2048-bit key with a hash function with its internal state/security of 512-bits (or 256-bits maybe)?

A problem in game theory is that of communication. Taking into account the classic approach of Myerson and Forges, the agents communicate each other, however indirectly, through a communication mechanism that receives messages from them and replies to them a recommendation according to a rule. Say that $m$ denotes the profile of messages and $q(\cdot|m)$ is the rule of the mechanism such that the reco ...

While reading A course of Mathematical Cryptography by Baumslag et al., I have trouble understanding parts of the proof of Theorem 2.3.3, namely the necessary condition :

Let $n\in\mathbb{N}$ with $n=2^m,m\geq1$ and let $a,b\in\mathbb{Z}$ such that $f:\mathbb{Z}_n\to\mathbb{Z}_n, x\to\overline{a}x+\overline{b}$ is a linear congruence generator. Further let $s\in\{0,1,\dots,n-1\}$ be given and $x_0= ...

This paper says that, each quasigroup of order 4 can be represented in matrix form using the following equation, \begin{equation} x \ast y \equiv m^T +Ax^T +By^T +CA\cdot x^T \circ CB\cdot y^T \end{equation} where, $A = \begin{bmatrix} a_{11} & a_{12}\\ a_{21} & a_{22} \end{bmatrix}, \begin{bmatrix} b_{11} & b_{12}\\ b_{21} & b_{22} \end{bmatrix}$ are non-singluar Boolean matrices  ...

I am trying to figure out if there is a known construction of a post quantum secure EUF-CMA secure signature scheme for which the signature procedure is deterministic.

It seems that it is possible to "determinize" a randomized signature scheme which uses a bounded amount of randomness by means of a post quantum PRF: sample a key k for the PRF and attach it to the private key of the signature sche ...

Let's assume we have a ton of users, and each user has a list of fruits they like - Those will be keywords. I want my users to be able to encode any data they store (Let's say, the location of their favorite fruit trees), as well as decode it: Therefore, I want to be able to generate a public/private key pair based on their specific keyword list.

This also implies that any user with the same keyw ...

The context is iterated ciphers.

Regarding Differential and Linear Cryptanalysis, the methods seem to make a cryptanalyst able to do an educated guess on a partial subkey (e.g. bits from the last round key). What I am struggling to grasp is how practically break a cipher with that knowledge. Is perhaps that one could obtain the key "cracking" the key schedule or one should break all internal roun ...

My intention is not to make spam here, but I came across this project in Github: https://github.com/andrewhodel/nexor

It's an algorithm called Nexor, it promises encryption with unlimited key sizes.

The only problem is that it lacks pseudo-random permutation (PRP).

Can some advanced user or cryptanalyst tell me if it's safe?

LCGs have a property that when plotted in 2 or more dimensions, lines or hyperplanes will form, on which all possible outputs can be found.[2] The spectral test compares the distance between these planes; the further apart they are, the worse the generator is:

https://en.wikipedia.org/wiki/Spectral_test

We have papers which have tested and found such multipliers that they have good spectral properti ...

Let $W$ be a random $200$ bit number. How much work would it take to find a semiprime $n=p_1\cdot p_2$ such that $p_1,p_2 > 2^{50} $ and $|W-n|<2^{12}$?

More generally, let $W_b$ be a random integer with $b$ bits. How much work would it take to find a semiprime $n=p_1\cdot p_2$ such that $p_1,p_2 > \sqrt[4]{W_b} $ and $|W_b-n|<\sqrt[8]{W_b}$?