Latest Crypto related questions

Can an authenticated encryption scheme (like AES-GCM) detect if a wrong key is used for decryption? If not, what is the standard way to check whether the entered key is indeed correct. I presume KCVs can be used for this but does this somehow leak any information about the key?

I'm going to be teaching an audience about algorithms. I'd like to give them one to create unique personal passwords for websites.

1. They could start with the domain name of the site and their own secret "word".
2. The algorithm would be simple enough to memorize. Failing that, they could sketch out my flowchart on the back of a business card or something else that fits in a wallet.

There are similar q ...

I would like to know about encryption schemes that are based in Fractal theory, while they have decent security and are pretty fast.

While talking about symmetric encryption schemes like AES we always have a goal of achieving confusion and diffusion. But when it comes to asymmetric encryption schemes like RSA, DH etc. we never talk about diffusion and confusion.

Is it known that modular arithmetic and prime arithmetic ensure confusion and diffusion?

Is there any literature that dives into the information theoretic analysis, in te ...

I am studying finalist algorithms of NIST Post-Quantum Cryptography Standardization. I noticed that almost all third party cryptanalysis papers consist of side-channel attacks. Why are classical cryptanalysis methods -algebraic, mathematical attacks etc.- more effective on classical algorithms than post-quantum algorithms?

In addition, I know that mathematical problems behind post-quantum algorit ...

In Key Policy Attribute-based encryption if we need a targeted broadcast where the set of attributes are the same for a group of users. It means they all share the same secret key right? Or is it that every user needs to have at least 1 attribute value different from all other users.

Example: If I need to encrypt a message to everyone who is a researcher in CS then attribute= researcher dept=CS.  ...

In the bounded storage model, it assumes the storage of the adversary is bounded or limited, and thus it is possible that we can achieve a kind of cryptography without relying on hardness assumption. But what does it mean by "bounded storage"? Should it assume the length of the message is always too long for any computer on the earth to store? So can I conclude that the cryptographic scheme that replies ...

For a long time I've used the uuid npm package for my v4 uuid needs. It seems in recent versions of node they have introduced a built-in crypto module with the method randomUUID.

Some benchmarks have been done to show crypto.randomUUID is much faster than uuid.v4 (roughly 3x +).

However I can't find any information about how the implementations differ (if at all) in terms of how they choose random num ...

Assuming that $x$ is a sequence of $l$ bits and $0 \le n < l$, let $R(x, n)$ denote the result of the left bitwise rotation of $x$ by $n$ bits. For example, if $x = 0100110001110000$, then $$\begin{array}{l} R(x,0) = {\rm{0100110001110000}},\\ R(x,1) = {\rm{1001100011100000}},\\ R(x,2) = {\rm{0011000111000001}},\\ \ldots \\ R(x,15) = {\rm{0010011000111000}}. \end{array}$$

Let $A \oplus B$ denote th ...

I'm currently studying AES encryption and I'm quite confused on how do we use a 256-bit key in AES?

Becuase in my understanding, AES no matter what the key size is, it still operates and encrypt a 128-bit block of message only in the whole cycle/rounds until it reaches the end.

well for AES-128 we use a 128-bit key that is total of 16 byte char, and that can be represented by a 4x4 matrix, and most  ...

What makes IBE (Identity-based Encryption) unsuitable for Access Based mechanisms? What are the attempts made for using IBE for access control?

How does the concept of ABE (Attribute-Based Encryption) sort out the issue?

I am trying to make an RSA module in VHDL, which in turn will be deployed to an FPGA. I am trying to implement a full Montgomery algorithm which means that I am working with the Montgomery Exponetiation algorithm, and the Montgomery Multiplication algorithm. Mostly my tests consists of generating random numbers (keys, modulus, r, messages) that I use to perform encryption/decryption. If the original mes ...

Suppose I use the hash-and-sign paradigm and reveal a signature on the message digest $\sigma(H(m))$. Would just revealing this signature violate message confidentiality (assuming H is one-way and collision resistant)?

According to https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#From_mnemonic_to_seed

To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The le ...

Suppose Alice sends message $Enc(k_{AB}, m)$ to Bob where $k_{AB}$ is the common symmetric key. Next Alice sends a signature of $H(m)$ $\sigma_{sk_A}(H(m))$ signed under her private signing key $sk_A$ to Eve, where H is a secure hash function. Then, Bob decrypts the message and sends it to Eve where she verifies it with the signature. Here, either Alice or Bob can be malicious. If Bob is malicious, he g ...