Latest Crypto related questions

I feel like I some understanding of cryptocurrencies, but what never made sense to me are NFTs. This is my current understanding of NFT's

• NFT's are a type of smart contract
• Smart contracts aren't necessarily open source, but you do have access to the bytecode
• The actual NFT isn't stored on the blockchain, but rather on a file hosting server

So if I have access to the smart contract's bytecode and t ...

Problem: You see Michael and Nikita agree on a secret key using the Diffie-Hellman key exchange. Michael and Nikita choose $p = 97$ and $g = 5$. Nikita chooses a random number n and tells Michael that $g^n \equiv 3\pmod{97}$, and Michael chooses a random number $m$ and tells Nikita that $g^m ≡ 7 \pmod{97}$. Brute force crack their code: What is the secret key that Nikita and Michael agree upon? What i ...

For the blind signature that can sign on a commitment, I mean finally, the user can get a signed commitment, rather than a signed message inside the commitment. It means the verification also takes a commitment as input. Is there such a blind signature?

According to the HMAC specification in RFC2104, an HMAC is computed in the following way:

HMAC(K, text) = H(K XOR opad, H(K XOR ipad, text))

where H is the underlying hash function, , is concatenation and K has the length of one block.

Now I wonder, what is the benefit of applying the hash function twice here, that is, why wouldn't it be defined like this:

HMAC'(K, text) = H(K XOR ipad, text)

Are ther ...

Based on this paper a protocol is secure if and only if it satisfies secrecy and resiliency. Most of the papers in ecnomic and computer since deal with the following problem. They consider the case where $n$ parties with private information $s1,...,s_n$ wish to compute any function $f(s_1,...,s_n) = (y_1,...,y_n)$ in such a way that no party $i=1,2,...,n$ learns more than their input $s_1$ and output

I have files in my computer that are being uploaded to a cloud storage provider (Sync) that specifies that files are encrypted on the client's side, then uploaded to their servers, and that only has the key to decrypt the files. So files can only be decrypted on my computer.

Now my question is:

Do encryption hide file name and hash?
Can such cloud providers identify the files by their names or hash if the ...

Let $X = [0, 1]\cap \mathbb{Q}$, and let $f:X \rightarrow X$ be a chaotic map (i.e. the logistic map with rational parameter). My question is as follows, and is purely theoretical in nature. Pick some value $x_0$ from $X$ (note that $X$ is infinite here, so pick a value using the axiom of choice), and then consider sequences of bits generated by iterating $f$ over $x_0$, returning a $0$ if $f^n ...

Suppose RSA is considered a "secure" method for encryption. RSA is meant to encode a sequence of integers base $27$. If we use an $n=pq$ that is hard to factor, Is it still secure if we encode every integer (letter) separately rather than the whole phrase once?

Edit: I didn't expect to get such great answers. Thanks everyone!

Why is it hard to compute $$(g^x\bmod p, g^y\bmod p) \longmapsto g^{xy}\bmod p $$ when can we quickly compute $$x \longmapsto g^x\bmod p$$ ?

is there an encryption algorithm that allows to:

• generate a set of different private keys
• sign data with those private keys
• allow to publicly verify that such a signature has been created by ONE of keys in the set without revealing which one it was
• give the person that did create the signature a way to create a proof that the signature was created by him specifically

If so, which one has these prope ...

Here is the game:

How can I make an $\mathcal{O}(k^2)$-time adversary making only one query to its Fn oracle and achieving advantage $= 1 - 1/(p-1)$

Here is my idea so far: query $2^{-1}$, which when it goes through the Encryption algorithm, will return 1. So,

Adversary A:
C <- Fn(2^{-1})
if C == 1 return 1
else return 0

When we query 2^{-1}: \begin{align} Y_1 &= (2^{-1})^e &\bmod p \\  ...

Which of the following are easy, if any? Which are hard? and why.

Case 1) Given $x^3 \bmod N$, where $N$ is a composite number and we don't know any of the factors of $N$, find $x$.

Case 2) Given $x^3 \bmod p$, where $p$ is prime, find $x$.

Here is what I think but I don't fully understand it.

For case 1, this is assumed to be hard? In the RSA assumption, where $e = 3$, imagine $N$ being a large  ...

Let K_rsa be a RSA genertor with associated security parameter k >= 1024. Let game OW-CCA_Krsa be as follows:

How can I build a O(k^3)-time adversary A making at most 2 queries to Invert and achieving advantage = 1.

Here is the idea that I have: if we query Invert(ya^e) then multiply that with a^{-1}, then in the end we get x:

$$\text{Adversary A:}\\z \leftarrow ya^e\\C \leftarrow Invert(z)\\return (a ...

Here is the Scheme:

Here is the HIDE game:

Here is my idea but I am not quite sure. I would appreciate some input.

We want to bring advantage = 0 for all adversaries. We can show that advantage = 0 if we can prove that all of the C values are uniformly random and independent of the Message we give. If we prove that then we can argue that the adversary won't be able to tell which game its in.

So L is ...

Currently, I'm using a static IV value for all encryption and decryption but I would like it to be dynamic for each encyption/decryption request so I started using new byte[16] and it works. The problem is how to detect and decrypt old data. Below is my code to decrypt and I'm passing static IV stored on a secret in keyvault.

private static byte[] DecryptFromBytes_Aes(byte[] dataBytes, byte[] key,  ...