Latest Crypto related questions

Can multiple signatures of the same message with the same private key (different nonces) lead to a private key trace?

How can I transform a complete twisted Edwards curve $ax^2+y^2 = 1+dx^2y^2$ with not square $d$ and square $a$ into an isomorphic Edwards curve $X^2+Y^2 = 1+DX^2Y^2$ with a square $-D$ i.e. $D = -r^2$?

I tried to set $X = \frac{x}{\sqrt{a}}; Y=y$, but $-\frac{d}{a}$ is also a non square (at least for Edwards25519). This answer is not working as well (i.e. $-1/d$ is not a square), because $-1$ is squ ...

1. Let $L$ be an $[n,k]$ code. A $k\times n$ matrix $G$ whose rows form a basis for $L$ is called a generator matrix for $L$.

2. A linear $[n,k,d]$ code with largest possible minimum distance is called maximum distance $d$ separable or MDS code.

I want to find a generator matrix for MDS code using SageMath or in another way, is there any SageMath code to check a matrix is a generator matrix for the MDS ...

Let us consider the following verification protocol based on Feldman. Assume, $c_0,\cdots,c_k$ represent the coefficients of the polynomial $p()$ in $\mathbb{Z}_q$. For verifying share $(i,p(i))$ and public parameters group $G$ of prime order $p, q|p-1$ and generator $g$, the share generator provides $(g,d_0,\cdots,d_k)$ where $d_j=g^{c_j}, j \in\{0,1,\cdots,k\}$. The receiver of the share $s$,checks wh ...

IBM CEO Arvind made a talk in HBO's Axios program. It seems that there are misconceptions/misleading/flaws in reasoning etc.

What are those!

Some of the details of the speech is given as;

IBM says its new Eagle processor can handle 127 qubits, a measure of quantum computing power. In topping 100 qubits, IBM says it has reached a milestone that allows quantum to surpass the power of a traditional comp ...

In the paper of "Reaction Attacks against Several Public-Key Cryptosystems" CiteSeerX link, reaction attack is defined informally as "Obtaining information about the private key or plaintext by watching the reaction of someone decrypting a given ciphertext with the private key."

Is reaction attack explicitly defined in literature? What is the difference between fault attack and reaction attack -as defin ...

Can someone throw light on the differences between tokens and secret keys? I understand that "tokens" are crypto artefacts "introduced" into a system by an external party in order to authenticate whereas keys can be either generated on the device (for. eg a key pair in case of asymmetric cryptography & corresponding public key can be used externally to authenticate) or a secret symmetric key can be ...

I am working on a project that is using a bit-commitment concept to authenticate information.

I need to select a combination of objects securely from a secure hash, then distribute that hash later. Then a client knows that only the authenticated server selected that combination of objects before distribution of the hash the combination derived from. In other words, I need to select a combination  ...

Lets say I have a message that needs to be signed by two keys that were generated using ECDSA

Is it possible to make a signature that accounts for both keys, meaning I can verify with both and see they are valid?

An example, if we need a cryptocurrency example:

Address 1 has 10 coins Address 2 has 10 coins

Both inputs are in the transaction, and now need to be signed. Is it possible to make it so only one ...

Two dimensional patters are omnipresent in information transactions. QR codes, images are most common. I want to know if there is a concept analogous to the well known concept of Linear Complexity of periodic sequences, for two dimensional patterns?

The standardization document for Ed25519, RFC 8032, says the following method should be used for verifying Ed25519 signatures:

3. Check the group equation $[8][S]B = [8]R + [8][k]A'$. It's sufficient, but not required, to instead check $[S]B = R + [k]A'$.

Does that mean that code doing verification should point-multiply both sides by $8 = 2^c$ for cofactor $c$ or should they not? The document and

Suppose I have a k-dimensional secret $\langle x_1,\cdots,x_k \rangle$ which I share using a packed Shamir's secret share $(t,k,n)$ where $t$ is the threshold and $n$ is the number of shares as follows: Construct a polynomial $f$ of degree $t+k-1$ such that $f(-1)=x_1, \cdots, f(-k)=x_k, f(-k-1)=r_1, \cdots, f(-k-t)=r_t$ where $r_1,\cdots,r_k$ are randomly sampled from the field. Now the n shares are gene ...

To encrypt a group element $P$ with public key $K$ and randomness $r$ using ElGamal on elliptic curves with base point $G$ we do the following $(c_1, c_2) = (r\cdot G; P+r\cdot K)$.

When we want to encrypt a free-form message $m$, we have to convert it to a group element $P$ first. For that, we can either use scalar multiplication $P=m\cdot G$ (additively homomorphic) or map the message $P = map(m) ...