Latest Crypto related questions

Shamir Secter Sharing in standard version (paper version) works pretty good with Lagrange Interpolation to generate more shares. Problems arise when you generate more pairs (xi, yi) and you try to reconstruct the secret from shares which are kind of distant to each other. Algorithm works but value of secret you get is somehow different, which is unacceptable for production usage. I think it is related t ...

I'm trying to implement the zero-knowledge proof presented in this paper. The proof has a rejection step (page 14), which can be computed as follows:

Where B and Z are in $R^{m \times n}$ for some ring. Although I understand how it works for the ring $R=\mathbb{Z}$, I don't get the point of how could work when $R=\mathbb{Z}[x]/(x^{n}+1)$. If I am not misunderstanding something, the Frobenius produ ...

It's said that quantum computers can break block ciphers with 2^(n/2) queries (being n the key size).

I read this paper: https://eprint.iacr.org/2016/197

It says that CTR and OFB modes are safe against quantum adversaries.

That left me doubts.

Can a quantum adversary break a block cipher in CTR/OFB mode with 2^(n/2) queries? Or the queries will be like classic computing ( 2^(n/2) )?

I have another q ...

I've got working first part of SSS scheme so I can use some secret number as an input and generate some random polynomial function and create simple shares as pairs (xi, yi).

The task is how to get secret reconstructed from shares? We all know that we must do some clever math guessing to find coeffs. What are options or algorithms / approches to find coefs? What are the pros and cons of each? How ...

Generally, when we want to generate a signature for message M we use hash function H, and sign the result of H(M) with the private key. What if instead of hash function H we would use a CMAC with key K, and then sign the result of CMAC(M, K) with private key? Is such operation cryptographically secure? If so, does the key K need to be keep secret?

I have got a device with hardware accelerator for ...

My idea was to balance password entropy and memorability.

Is there some tool I can use to benchmark generated passwords?

Would a state of the art password cracking tool measuring the time to crack a given password be a good idea?

The question in mainly stated on the title. I am currently studying various cryptographic schemes and most of them use either game based or simulation based methodologies for their proof. I was wondering if there are other (probably less common) proof tools used in the bibliography apart from them. What where the methodologies that were used to prove the security of cryptographic schemes before those we ...

There is a sentence in Oded Regev'lecture note that "$0$ is part of any lattice and hence the closest vector to $0$ is $0$ itself!". I'm having trouble understanding it. Can someone help me understand it?

In my application, the user logs in when connected to the central database, and their login credentials are authenticated against that data and cached (encrypted). Then, when the user is offline, their credentials are authenticated against that cache. So far so good.

But sometimes, the user MUST use the application when offline AND the data cache is corrupted, so they can't get log in. There is n ...

I have a question about the security proof. Suppose that I proved the following relations. That is, I proved that $Adv_A \le Adv_A^{O} \le Adv_B$, where A,B are some cryptographic schemes and O is an oracle. I also suppose that the oracle O has a very strong property. For example, the O can solve DLP in polynomial time.

On the other hand, there is an attacker $\mathcal{A}$ which can break the scheme A. T ...

Alice wants to share a secret $S$ with Bob so she encrypts it with Bob's private key.

Bob is not online at the moment so Victor will keep it safe for him in the meantime.

Victor the verifier would like to verify it is indeed the secret $S$ without actually knowing the secret $S$ himself. Victor can reliably know the hash of the secret $S$ (details of how he can rely on the hash are not relevant here). Vic ...

[GPV] and [MP] (references below) give constructions of the trapdoor function defined by $$ f_{\mathbf A} (\mathbf x) = \mathbf A \mathbf x, $$ where $\mathbf A \in \mathbb Z_q^{n \times m}$ is uniformly random, and the domain is $\{ \mathbf x \in \mathbb Z^m \mid \lVert x \rVert \le \beta\}$. Given any $\mathbf y \in \mathbb Z_q^n$, the secret trapdoor allows for computing a preimage $\mathbf x$

Maybe I got this wrong, but if the Zeta function is efficient to compute and reverse, and if Riemann's assumption is true (which it seems like), can't we use the Zeta function to efficiently find prime factors of large numbers and find private keys of public RSA keys?

Let's say I'm designing a communications protocol that will be used by many pairs of devices to communicate amongst each other (between the pairs only).

Assuming the devices in the pair can communicate with each other in a cryptographically secure way using, for example, digital signatures, and at least one is occasionally connected to the internet, how would you:

• issue new keys (either between the devi ...

As i know, generally nowadays hybrid protocols are more widely used than either symmetric or public key cryptosystems separately. I read that public key system is used to exchange and share secret via insecure channel so that the key is then used in symmetric cipher.

Also, there is otp, which is unbreakable as its information-theoretic security system. This is such a strong notion of security. Ho ...