Latest Crypto related questions

I know that generally it's infeasible to find the private for any given public key. But I also came across the question "Find ECDSA PrivKey to PubKey = 0", in which it was explained that the private key for a public key 0x0000...0000 can be easily derived.

From the answer to that question it appears that public key 0x0000...0000 is the only public key for which this is the case, but haven't understoo ...

One way of interpreting matrices in RLWE is that they are a subset of standard integer matrices that have special structure. For example, rather than using a random matrix $A\in\mathbb{Z}_q^{n\times n}$ (as we might in LWE-based constructions), we can replace this a matrix with a matrix where the first column (or row) is random, and the rest have a cyclic rotation structure:

$$\begin{pmatrix} a_1 & ...

Say I have two values $x$ and $y$ of slightly different lengths. They can be passwords or keys or any other critical value, and I want to deterministically map them to two values of the same length.

Would using a secure hash function to achieve that purpose introduce any weakness into the system? We can assume the the output length of the hash function is not too small compared to the original inputs (e. ...

I understand that PRNG are Random Number Generators that uses a deterministic algorithm based off of a seed.

I also understand that CSRNG are PRNG that are cryptographic-ally safe to use for generating random numbers.

And by cryptographic-ally safe, I believe this means that even if an attacker knows the deterministic algorithm and the seed, they would not be able to predict the next random number.  ...

I have a question regarding the internal wiring of the rotors of the Enigma machine.

I'm trying to understand some details about the original Enigma machine. To the best of my understanding, each rotor is nothing but a monoalphabetic substitution cipher - except that the rotors can rotate. Yeah. But the rotation is just an additional offset. The actual substitution table is encoded by the internal wiring ...

I get stuck in the proof of decryption correctness in RLWE based Cryptosystem. To state where I am , let me show the full scheme first. The image is from chapter 3.2 of this paper.

And the decryption correctness proof of the scheme follows

In this proof , I can get the second last equation in decryption procedure , i.e. $$\mathbf{m} + (t/q)(\mathbf{v}-\epsilon \cdot \mathbf{m}) + t\cdot \mathbf{r} $$ ...

Each mobile SIM card has a four-digit number ($b_1$,$b_2$,$b_3$,$b_4$) called PIN code. Each digit $0 \le b_i \le 9$ (for i = 1, 2, 3, 4) is generated using a random 16-bit sequence as follows: $b_i=(r_{4i-3} + r_{4i-2} .2 + r_{4i-1}.2^2 + r_{4i}.2^3)\pmod {10} $. How we can calculate the antropy of PIN code? I know the entropy relation but I have no view.

I do not quite understand the UC framework. Given a protocol to be proven, now I just know firstly we should write down the ideal functionality, and then the concrete protocol, then proving the protocol security realizes the ideal functionality by constructing several simulators. May I ask if it is true that we can tell if a protocol is UC-secure just from its ideal functionality?

Besides, in pag ...

Can I know just from a Bitcoin public key if the private key is odd or even?

[moderator note] That is, can we find parity of the private key from a secp256k1 public key?
For the original dump of digits, see here.

So I guess https://github.com/google/wycheproof "tests crypto libraries against known attacks". It appears to mainly be intended for Java crypto providers but can it easily be adapted to be used for other languages?

For non timing attacks you could probably just loop through the *.json files in the testvectors directory but it's not clear to me what some of the data in there means.

Consider ecdh_sec ...

Alice encrypts file using her public key and upload it to decentralised file store (some service). Bob buys access to the file. Is it possible to share decrypted file with Bob without having Alice's key? Decentralised file store doesn't store any private keys, but it knows that Bob has access to the file (e. g. from smart contract).

I have a collection of images to transform in NFTs. For that purpose I have selected to work with solana blockchain, since it is fast and cheap.

I have used the following software resources:

• solana-cli
• node.js
• metaplex
• candy-machine-mint

In order to publish a collection, I needed to order the tokens from 0.png to Nth-1.png, and I have done some tests on solana devnet. In fact, I have the project almost ...

One way of verifying Shamir's secret shares is to use the technique by Feldman where $c_0,\cdots,c_k$ represent the coefficients of the polynomial $p()$ in $\mathbb{Z}_q$. For verifying share $(i,p(i))$ and public parameters group $G$ of prime order $p, q|p-1$ and generator $g$, the share generator provides $(g,d_0,\cdots,d_k)$ where $d_j=g^{c_j}, j \in\{0,1,\cdots,k\}$. The receiver of the share

I have the following question and don't really understand it. I thought OTP offers perfect secrecy, why do we need modulus? Can somebody please help me answer the question?

$Z_n$ denotes the ring of integers $\pmod n$. Alice and Bob share a random key $k \leftarrow Z_n$. Alice wants to send a bit $b \in \{0, 1\}$ securely to Bob (so that Eve cannot learn any information about $b$). She computes $b ...

In an MPC protocol, does anyone know a better way to multiply a var p by epsilon in {-1,1} than using a beaver triple ?

(I am thinking about doing it in a SPDZ like protocol such as Overdrive)