Latest Crypto related questions

On Wikipedia's Related Key attacks page, there is a section about WEP as an example to related key attacks.

Encryption uses the RC4 algorithm, a stream cipher. It is essential that the same key never be used twice with a stream cipher. To prevent this from happening, WEP includes a 24-bit initialization vector (IV) in each message packet. The RC4 key for that packet is the IV concatenated with the W ...

I am looking for some sort of hash function that is resistant to ASIC so something that works well on a CPU but is not very good with other hardware like a GPU or ASIC

Im triying to understand Zero knowledge proof and its applications, my first instict is a blockchain (I will use Bitcoin-like for simplicity sake)

Im triying to wrap my head around it by describing the logical steps for a public blockchain transaction. Everything I read talks about poving values to others by interchanging messages with another party (interactive zkp), but I found nothing to check ...

According to BIP340:

However, a major drawback of this optimization is that finding collisions in a short hash function is easy. This complicates the implementation of secure signing protocols in scenarios in which a group of mutually distrusting signers work together to produce a single joint signature (see Applications below). In these scenarios, which are not captured by the SUF-CMA model due its assu ...

Say Alice wants to send a PGP encrypted message to Bob.
She generates a symmetric key, encrypts it with Bob's public key, and sends both the message and the encrypted symmetric key to Bob. Then Bob is able to decrypt her message.
But what if a MiTM attacker modifies both the encrypted symmetric key, and the message, and send them to Bob?
Isn't the attacker able to tamper with the original message? Wha ...

I am currently going through past finals' questions as exercises for my exam and there are no solutions provided.

The question I am currently doing is:

Let ∏ = (Enc, Dec, Gen) be a CPA-secure Encryption Scheme. Prove or disprove the following two statements: a) Enc must be a pseudo-random function. b) Dec must be a pseudo-random function.

For a), intuitively I know it must be pseudorandom but I am no ...

In the literature, I can’t find the S-Box component of SHARK block cipher. I appreciate if anyone help to find the elements of the S-Box of this cipher.

I'm working on an internet election system that requires the shuffling of ballots accompanied by an interactive proof of the legitimacy of the shuffle. I am working on this paper and I am stuck at the part outlined below:

By releasing the single value $(r'-r'')\mod(p-1)$, the two ElGamal pairs $(x',y')$ and $(x'',y'')$ can be shown to have the same decryptions without any linkage or association to th ...

Can we encode with the set of $\{0,1\}$ and its Boolean operations any infinite domain that is subset of the real numbers $\mathbb{R}$ or the whole set of real numbers? For example can we encode the domain of a random variable $X$ that is a subset of the real numbers? Suppose that the random variable is normally distributed with mean $\mu_x\in \mathbb{R}$ and variance $\sigma_x^2>0$?

Are there any papers about efficient cheap talk communication, where the players achieve the equilibrium payoffs of a correlated strategy as in Aumann's seminal paper? Or in case no such paper exists, could someone combine specific papers to prove the existence of such an efficient cheap talk communication protocol?

In Niederreiter cryptosystem, we require the message to be a vector of weight $t$ in $F_q^n$ in encryption, assume $t$ is the error-correction ability of the code. But what is the mapping? One possible way is mapping the message of length $k$ to a codeword of a constant weight $t$ linear code, e.g., $[n,k]_q$ code. In this way, the message space is $q^k$. Is there other better way to do that, e.g., th ...

If one looks at Account Settings > End-to-End-Encryption > Add Key and creates a new key then gets the option EC. But you can't choose the bit length nor does one know which curve is used.

Anyone who knows that? Anyone who knows how secure that is?

I'm a beginner. But I understand that the order of a subgroup is a divisor of the group order. The curve $y^2=x^3+7$ over $\mathbb{Z}_7$ has eight points (7 points and the point at infinity). The order of the point (0,0) is 2 (?), but the order of all the other subgroups is 7, not 8. This seems to violate LaGrange's Theorem.

I did the same thing for $y^2=x^3+7$ over $\mathbb{Z}_{11}$, and the subgroup  ...

Assume $(Gen, Enc, Dec)$ is a public-key encryption scheme with message space M that is CPA-secure. Prove that the encryption scheme $(Gen^2, Enc^2, Dec^2)$ is CPA-secure.

$Gen^2=(pk_0, sk_0) \leftarrow Gen, (pk_1, sk_1)\leftarrow Gen$ output: $pk=(pk_0,pk_1)$ and $sk=(sk_0,sk_1)$

$Enc^2(pk, (m_0,m_1))=(Enc(pk_0,m_0),Enc(pk_1,m_1))$

$Dec^2(sk, (c_0,c_1))=(Dec(sk_0,c_0),Dec(sk_1,c_1))$

I've studied Intro ...

I am new to cryptography, I am trying to design a secure pipeline environment for the fast transfer of messages. To reduce the Key size I am planning to encrypt the messages with AES session keys (for a session or an epoch) and within each session, I am planning to encrypt each message with lightweight keys like DES (correct me if I am wrong). But one fundamental issue I am facing is how to make this ch ...