Latest Crypto related questions

I'm building a project on Arduino Mega microcontroller and I need some nonce generator for challenge-response exchange. But I failed to find some alphanumerical string generators. Then I came up with an idea to make one using the random() function that generates random int in limit you give and hash that integer with HMAC using another secret key (one that could be auto-generated on startup since it  ...

In the SEC#1 elliptic curve cryptography standard, the encoding of the public key involve a leading octet:

• 00h: The public key is the point at infinity.
• 02h, 03h: The public key is the compressed point.
• 04h: The public key contain both x and y coordinates.

What is (or was) the value 01h for? Had there been other values defined for ECC?

I'm interested in learning about cryptography and making something practical out of it - make own cryptocurrency sometime im future.

I think I have good knowlegde of c++, I learned from learncpp.com and from Bjarne's books. So first what I need is book about basics of cryptography. After that I would do some practical things so I need something to cover cryptocurrencies in c++.

Any suggestions? Than ...

Given only $p,$ $g,$ $A = g^a\pmod{p}$ and $B = g^b\pmod{p},$ the possible values for the shared secret are all the unique values of $A^b\pmod{p}$, where b is some integer. The shared secret is also equal to $B^a\pmod{p}$, where a is some integer.

So, we can check each one of these possible values for the shared secret. My question is, how do we check if a number is the correct shared secret?

My guess i ...

I am working on an E2E encrypted app. I am using OpenPGP.js and storing public and private keys on the server. The private key is encrypted with a BIP39 passphrase which is stored in browser LocalStorage so it's never sent to a server. But I also need some credentials for users to login.

My idea is to make SHA256 from BIP39 passphrase and split it to two strings. First can be used for "username"  ...

I am not good at cryptography so please :)

After reading this discussion it is now clear to me that xxHash is not resistant to collision attacks and is not secure for MAC usage. But after reading it, I still don't understand how resistant XXH3 (one of xxHash family) is to preimage attacks.

Yes, XXH3 output is $64$/$128$ bits which means that the probability to find image is $2^{64}$/$2^{128}$ correspondi ...

In Rabin and Ben-Or, their basic assumption is that each participant can broadcast a message to all other participants and that each pair of participants can communicate secretly. Hence, they design a protocol of communication that is called verifiable secret sharing protocol (VSSP), and show that any multiparty protocol, or game with incomplete information, can be achieved if a majority of the play ...

I am wondering if one can apply Grover algorithm on a key encapsulation mechanism in order to crack the shared key.

For example, FrodoKEM is a key generation protocol that, for some parameters, shares 128 key bits.

Can we break it using Grover? i.e. reduce it to $2^{64}$ operations?

Reference for FrodoKEM: https://frodokem.org/files/FrodoKEM-specification-20171130.pdf

I've been reading about perfect secrecy in crypto systems and I've ran across two definitions which turn out to be equivalent.

The first is Shannon secrecy:

A crypto system $(\cal K, \cal M$, $\text{Gen, Enc, Dec})$ is said to have Shannon secrecy if for all distributions $\cal D$ over $\cal M$ and for all $m\in\cal M, c\in \cal C$ $Pr_K[M=m| C=c]=Pr_K[M=m]$

where $K,M,C$ are random variables whose dist ...

I try to use a sequence of games to prove a scheme is CCA secure. In the final two games, the ciphertexts are $(c_1^*, Hash(x)\oplus m_b, Hash(x,a))$ and $(c_1^*, random, Hash(x,a))$ respectively, where $c_1 ^*$ and $a$ can be viewed as given numbers, $x$ is a variable and $m_b$ is the challenge message.

The advantage of the adversary in the latter game obviously is 1/2, so if the two games are indis ...

I was wondering why ecdsa generates a signature in form of a pair (r and s) and why it can't be only one value.

When I want to use encryption only for challenge-response exchange and not for hiding the contents of an encrypted message, is it still a threat to me not changing IV for new encryption?

For easier understanding why I ask this here is my situation:

I'm using two Arduinos with LoRa transceivers to communicate with each other. One is a bridge connected to the internet and the other is connected to servos ...

Call a prime $p$ devious if $(p-1)/2$ is a Carmichael number. They are called devious since they superficially look like safe primes but are not. In particular, Diffie-Hellman using such a prime could be vulnerable to the Pohlig Hellman algorithm.

Devious primes exist. A small example is $4931$. A more interesting example is

$$1947475860046218323 = 2(973737930023109161) + 1 = 2(220361)(1542521)(286 ...

Is there a strict proof for secure multiparty protocols? What do they serve? I mean some have shown the existence for such protocols, but can I use them in order to substitute a mediator in game theory who sends messages to the players? How can I model a process of $3$ or $4$ players who can play a game wihtout the central mediator and they exchange infroamtion with each other?

From what I've read so far, nonces are random one-time values, which are sent in plaintext in addition to the ciphertext to verify identity of sender/receiver. Theoretically, if the nonce is random, an attacker E can intercept Alice's message which was designated to Bob, and impersonate as Bob by generating a random nonce, without ever communicating with Bob.

So if the request-response protocol i ...