Latest Crypto related questions

I am trying to choose a mode of operation for encryption which does has the lowest malleability and is specifically not vulnerable to a bit flip attack. My understanding is that PCBC is the only mode which makes the rest unreadable, therefore is the best option?

I do not want to apply any message authentication at this stage.

Thanks!

(Cross-listed on math stackexchange, received no replies) For context, this is a homework question from an assignment already turned in. I am looking for better understanding of the concepts involved, mainly complexity theory since I have not seen it before outside this class (and prior knowledge was assumed).

I am asked to evaluate the complexity of RSA decryption with and without using CRT, wit ...

From what I know, proving the existance of a Knowledge Extractor implies perfect soundness.
So why in zk-SNARKs (and similar) we talk about Arguments of Knowledge, where the soundness property is only computational (a.k.a, secure only from computationally bounded Provers), if a Knowledge Extractor also exists? Am I missing something? Maybe a Knowledge Extractor can be proven in different "levels" of ...

I'm currently studying a paper (Sequences of Games: A Tool for Taming Complexity in Security Proofs) on proving semantic security using the Game Hopping technique by Victor Shoup.

On pages 9-11, he is using a sequence of three games, $Game 1$, $Game 2$, and $Game 3$ to deduct the semantic security of Hashed ElGamal to DDH and entropy smoothing assumptions. How does he combine the three probabilitie ...

1. I've heard that STARKS are not a non-interactive protocol, if so:

• What is (briefly) the mechanism they use to operate?
• Can they be considered a Sigma protocol?
• Why SNARKs are not interactive, instead?

2. Is it correct to state that STARKS are quantum-secure and they don't need a trusted setup because they are defined in the random oracle model, and they use a hash that is collision resistant and this i ...

To my understanding, the DHKE algorithm is symmetric since it only produces a shared secret, rather than public and private keys, however googling "is diffie hellman asymmetric?" results in the following:

Based on public key cryptography, the D-H algorithm is a method for securely exchanging a shared key between two parties over an untrusted network. It is an asymmetric cipher used by several protocols  ...

Is hashing random numbers generated from a TRNG enough to create a key?

Basically taking the output of something like a Lavarand and pass that through a hash function like sha-2.

I guess at the end of the day the core of my question is, can an hash function be used as a pseudorandom number generator?

Would it be beneficial to create a cryptographic hash function for more security. A cryptographic hash function is pretty much a pseudorandom string generating algorithm and it can easily be made difficult to break by increasing the number of possible hashes that can be generated.

Why make another cryptographic hash function

I want to hash passwords in a database such that the attacker cannot find ...

Hi I'm fairly new to studying cryptography and I'm just curious about the security of Vigenère cipher.

Given today's powerful super computers, how secure/unsecure does Vigenère cipher can get?

let us say we will only use Vigenère cipher with the following requirements:

• encrypt only non-text files
• only use keys that has byte character > 10,000
• use ECB mode of encryption

Is there a way for today's  ...

This is in context with the inbuilt berlekamp_massey function in SAGEMATH.

While computing the minimal polynomial of the sequences using the Berlekamp Massey function, I have felt that the Berlekamp Massey function in Sagemath is so designed that it requires the periodic sequence to be repeated twice for correct results. Considering the problem of computing the linear complexity of the periodic s ...

For a given periodic sequence of length $N$ for which minimal polynomial is being constructed. Does the Berlekamp-Massey algorithm take the input of $2N$, i.e., the repeated input sequence or just the input sequence itself? The doubt arise because by taking the original sequence $S$ of length $N$, and the sequence $S \| S$ (concatenation) of length $2N$, I found that the minimal polynomial value c ...

Can someone explain the differences between the DES challenge, the RSA challenges, and the RSA factoring challenge? What were the aims? I think the factoring challenge was to encourage research, the DES challenge was to show that 56-bit keys are too short. But how do the three challenges relate to each other?

Why is it that designing CP-ABE(ciphertext policy) schemes is preferred over KP-ABE (key policy)?

The recent developments/research seems to be focussing on CP-ABE more than KP-ABE. What are the issues still unsolved/needs improvement with respect to KP-ABE schemes?

I have a source data A and a hash H(A) of this A. Is it possible by google's shattered docs to create a new data B that outputs this H(A)?

++ I understood that the content of the paper is to complement two message blocks so that the final CV is the same. The method I thought of is whether M2(2) of "Dummy File" can be properly found so that CV2 of "Original File" and "DummyFile" are output the same as in ...