Latest Crypto related questions

Most of the time people forgot that the real aim of the adversary against encryption is accessing the message. For example, in the RSA case, we talk about the factoring of the modulus to reach the private key to reveal the encrypted messages. If proper encryption is not used then instead of factoring one can try the possible message space or the cube-root attack.

In the RSA case, if ever a real s ...

I was looking for an encryption algorithm to use with my 7zip archives and I read that there is a solution called ZipCrypto that was said to be very vulnerable.

Since I'd suppose these type of vulnerabilities aren't of the kind of those found in an Application Security context (heap-based, stack-based...) and given that I don't know a lot about these kind of algorithms, how can a cryptographic so ...

Suppose i already have found that $φ(n) = 240$ for $n = 900$. How can i conclude that my $n = pq$ is of type $2^2\cdot3^2\cdot5^2$? What is $q$ and what is $p$ here?

To be more precise with my question: is it for all $n \in \Bbb N$ with only known $φ(n)$ , can i find the disassembly of $n$ to prime factors?

Edit(The calculation that i have done so far):

$φ(n) = (p - 1)(q - 1)$

$240 = pq - (p + ...

The curve equation for P-256 is:

NIST P-256

y^2 = x^3-3x+41058363725152142129326129780047268409114441015993725554835256314039467401291

Below I am generating key data, including the secret key "d".

Can someone please help me:

1-Convert and plug in the 2 points below into the above equation to ensure the points lie on the curve.

2-Show me, using the curve equation above, how I can determine that x+y wil ...

I've read the definition of perfect secrecy as the following:

A cryptosystem has perfect secrecy if $\Pr(x | y) = \Pr(x)$, for all $x \in P$ and $y \in C$, where $P,C$ are respectively the set of plaintexts and ciphertexts.

Now suppose there are 26 keys in the Shift Cipher (SC) with probability 1/26. Then for any plaintext with probability distribution, SC has perfect secrecy.

The proof starts with:

For legacy reasons one of my systems doesn't have the option of using an AEAD mode, we are restricted to AES in plain CBC or CTR mode plus a MAC.

A typical task is to transfer data from one node to another while guaranteeing integrity and confidentiality. I find myself repeatedly specifying the following composition:

• CSPRNG to generate a bootstrap secret
• KDF to derive keys for encryption and MAC - I use  ...

This is a follow-up to the first comment of this answer.

A message is signed with the private key of $A$, $s_A$. We know $p_B$, the public key of $B$, but not $s_B$, their private key. Is it possible, using neither secret key, to create a ring signature that has $A$ as the signer and $B$ as a non-signer?

I've quickly run through the math behind ring signatures (and understood half of it), and it look ...

So xChaCha20 has a nonce size large enough to safely use a random nonce with the same key. Poly1305 generally uses the first block of the cipher's output to generate its nonce. For xChaCha20 it would be the block zero for poly1305 key/nonce and the rest of the data would be encrypted with block 1 and up. So if one were to send a message you would get something along these lines (order may be different d ...

Lets say you have a order $n$ finite field which you are using to create $k$ shares for a password using Shamir Secret Sharing. Assume that the attacker gets $k-1$ shares.

Is it possible that the attacker can do brute force and find the password given that there is a way to check if a guessed password is correct or not (like using a login on a website multiple times till you get in)?

Does the order

Let's say I have a smart contract located at an address A, and another smart contract that runs tests on A located at A'. A may contain a reference to this test contract and have a function like runTests that runs A' using the bytecode of A.

My question is: is there a way to prove that A passed the test, so that the test need not be run again? I mean, suppose A stores a variable called passedTest

I am new to Elliptic Curve Cryptography and am working on a CTF challenge that uses Elliptic Curves. Currently, I am trying to find the generator, $G$, and am given the public and private keys, $P$ and $k$, s.t. $P = [k]G$, as well as one other random point on the curve. I know the order, $n$, of the group, and I know the two prime numbers, $p$ and $q$, which are the sole factors of $n$.

I read tha ...

I'm looking at the solutions to this problem set for self study.

One of the questions is to calculate the statistical distance for the following scheme:

• The message space is equal to the key space, which is all positive integers $\leq 2^\lambda$
• Encryption/decryption is just addition & subtraction

and statistical distance is defined as:

The solution for calculating the statistical distance  ...

Given SecureRandom class is considered suitable for use in cryptography, I consider new SecureRandom() to be secure (funny term, isn't it?).

If new SecureRandom() already is secure, what would be the benefit of using SecureRandom.getInstanceStrong() instead?

Is this same kind of difference as between /dev/urandom and /dev/random?

I'm debating this in the following scenario, where I'm mostly concerned abo ...

This is a follow-up to this answer. The context & vocabulary used is that of a decentralized identity system.

Let $I$ be the issuer of a credential, $H$ the holder and $V$ the verifier. In this setting, $I$ signs a credential $C$ with their private key, and hands it over to $H$ for storage, who may then present it to $V$ to prove their identity.

One flaw remains in this system: if such were the i ...