Latest Crypto related questions

Classic disclaimer: there may be a better place to ask this question, if so comment and I will be happy to move it.

An example I'm looking for is related to recent scrutiny over energy consumption of bitcoin, such as here although there is no math in this example.

An example similar in nature is the math behind the question, "how long would it take to crack 128 AES"? -- Example 1 -- Example 2- from this  ...

Here is an idea for a designated verifier signature scheme. Suppose Alice and Bob know each other’s public keys and Alice wants to send a message to Bob, such that only he will be convinced of its authenticity.

Alice will do Diffie–Hellman between their keys and then MAC the message using the derived secret. To verify, Bob will derive the secret doing his side of Diffie–Hellman and verify the M ...

I would like to build secure notes via javascript and webcrypto.

I have found the possibilities to generate strong key via PBKDF2 and encrypt data via AES.

Here is a sample how to generate key via PBKDF2 in webcrypto, where is required salt:

function getKey(keyMaterial, salt) {
    return window.crypto.subtle.deriveKey(
      {
        "name": "PBKDF2",
        salt: salt, 
        "iterations": 10 ...

We are developing an open-source peer-to-peer app, Mapeo, designed for users with low technical experience (and no email or phone) to collect data in offline environments. We are generating their identity on the device for each project as a public-private keypair using libsodium crypto_sign_keypair.

To support identity recovery in the case of device loss or switching to a new device, we want to use  ...

The scenario

Using AES 256 with CBC mode. (Authentication is done separately. Ignored here.)

The goal (explained more later)

To avoid sending an unencrypted IV.

But since this is being done using .NET whose function forces us to use an IV, we can't just prepend 16 random bytes and then toss away the first 16 bytes after decryption.

The plan

Prepend 16 random bytes ("IV1"), and besides that use 16 b ...

Say that 1 cipher and another are known to hold some form of correlation. Would it be possible to teach an AI one language through the training of a model and allow it to make make predictions on another?

If so, how? Has this been done before?

Is it possible to convert secp256k1 private key to valid sr25519 key?

I am searching for a key exchange protocol that makes use of certificates. I already came across protocols like Authenticated Diffie-Hellman key exchange, but this protocol use public/private key pairs that are discussed beforehand. To solve this they have a CA with can sign the authenticity of the public key.

However, the protocol I am looking for would only be able to send a signed certificate  ...

qTesla is a signature scheme and a submission to the NIST post-quantum standardization process, which made it to the second round. It is based on the hardness of RLWE. The NIST round 2 status report says that it didn't make it to round 3 because:

the performance of the remaining parameter sets of qTESLA is not strong enough to remain competitive. In particular, the public key sizes of q-TESLA-p-I  ...

I'm reading through Indistinguishability Obfuscation from Well-Founded Assumptions and in Definition 3.1 describing sPRG, it mentions "samples a function index I." Can someone explain what a function index is in this context?

Let $\mathbb{G}$ be a group of prime order $p$ with generator $g$. Suppose that I randomly pick $r_1,z_1 \leftarrow \mathbb{Z}_p$ and $r_2, z_2 \leftarrow \mathbb{Z}_p$ and $c \leftarrow \mathbb{G}$. Let $\alpha = g^{r_1z_1}g^{c}$ and $\beta = g^{r_2z_2}g^c$. By the semantic security of El-Gamal encryption, both $\alpha$ and $\beta$ are indistinguishable from random numbers ... Suppose that $\alpha$

I encrypted my entire volume with Veracrypt which prompts on start up and asks for a password, great.

Now after every startup is finished or everytime I leave the computer unattended (after a quick Windows key+L) there is only the Windows password to protect my computer so is it safe to use the same password for both vera and windows considering how full of glitches and backdoors windows is?

Thanks

In Section 2 dP and dQ are defined thusly:

      dP             p's CRT exponent, a positive integer such that

                       e * dP == 1 (mod (p-1))

      dQ             q's CRT exponent, a positive integer such that

                       e * dQ == 1 (mod (q-1))

In Appendix A.1.2 we have this:

   o  exponent1 is d mod (p - 1).

   o  exponent2 is d mod (q - 1).

I believe exponent1 = dP a ...

The zero-knowledge property of the Groth16 (https://eprint.iacr.org/2016/260, page 8) non-interactive zero-knowledge argument is based on the existence of a simulator $\text{Sim}$ generating "fake" proofs for valid statements $(\phi, w) \in R$ without knowledge of the witness $w$ for statement $\phi$.

My question is whether for Groth16 there also exists a simulator $\text{Sim}'$ to generate "fake" ...