Latest Crypto related questions

Is there a method by which a secret can be split across multiple nodes, such that:

1. No one node can learn the secret.
2. An adversary can't learn the secret by bringing up multiple dummy nodes.
3. Redundancy can be had if one or more nodes in the network fail.

In cryptography security proofs mainly use the reduction proof technique. I now have read a lot of reductions proofs and also did some on my own and I think I understand it pretty well. While reading those proofs I noticed two main styles of such a reduction.

Say we have scheme $B$ based on $A$. We know $A$ is secure. If one wants to proof the security of $B$ by reducing it to the security of $A$ ...

Are there any constraints when it comes to proving that search-LWE and decision-LWE are equivalent? Should we assume that the module $q$ is prime when switching from one version to another?

Please give a good reference where proof exists.

There is a field of exchanging information that combines cryptography and game theory. I am interested in understanding this field, but it's a little complex for me. To begin with there is a paper of Barany which shows that instead of having a centralized mechanism of information where a mediator can inform the players about what strategy to follow, the players instead can replace the mediator w ...

One-way functions have many candidates such as integer factorization. I am interested in combinatorial one way permutations. Specifically, I am interested in known one-way pseudo-random permutations (ideally a survey paper).

We're given a vector $x\in \mathbb{R}^d$ whose coordinates where sampled from a known normal distribution $\mathcal{N}(0, \sigma^2)$.

How should I send this vector while maintaining (local) differential privacy? with some sensitivity over its $\ell_2$ norm (i.e., two close vectors should not be distinguishable). Is there a way to take the fact that we know the source distribution into account?

Thank y ...

By my understanding, a key derivation is when you take some data, say a password, and use a function to convert it into a number that can be used as a secret key in say elliptic curve cryptography. Argon2 uses a random salt when hashing, which necessitates that the hash is different every time despite the same password being used. If the hash is different, how can it be used to represent the same secret ...

Are there any different secret sharing schemes instead of Shamir's Secret Sharing , that is not based in polynomial interpolation over finite fields? Or is it the most efficient than the others?

I am using AES-CBC as a hash function which is encrypting a block of length n. The blocks, m = (m1, m2, ..., mn). The IV is one block long and the encryption key is length 128, 192 or 256 bits.

Will I get collisions? And if so, how could I find examples?

I expect to find collisions every 2^(n/2) hashes but I don't imagine this would allow me to find any matches in the next 10000000 years.

I know that the unicity distance of some encryption algorithm with a given key entropy $H_K$ encrypting a message with per-character redundancy of $D$ is $\frac{H_K}{D}$, and that the per-character redundancy $D$ is equal to the difference between the bits in one character of the alphabet used (e.g. 7 bits for ASCII) and those encoded in one character of the plaintext (e.g. ~1.5 bits for standard Eng ...

I have read that Shamir's trick can protect RSA with CRT against fault attacks. However, it is not clear to me why the following equations $$ s_{p}^{*}=m^{d \bmod \varphi(p \cdot t)} \bmod p \cdot t \\ s_{q}^{*}=m^{d \bmod \varphi(q \cdot t)} \bmod q \cdot t $$ imply that: $$ s_{p}^{*} = s_{q}^{*} \bmod t $$

Is it possible to use HMAC while performing encryption of blocks?
I think that the main problem with the approach would be to get the same output size as the block, from the HMAC function.
Also, the hash function is one-way, so how would one perform the decryption?
Are there any real-world examples for this approach, or is it not feasible?

In NTRUEncrypt with system-wide parameters $(N, p, q)$, let Bob's public key be $h(x).$

To encrypt plaintext $m(x)$ whose coefficients are small, Alice needs to generate a random $r(x),$ whose coefficients need to be small too, and calculates ciphertext $c(x) = r(x) \times h(x) + m(x) \bmod q.$

It is considered difficult to find $m(x)$ from $c(x)$ and this difficulty is presumably based on the clo ...

I am trying to implement SHA-3 using this document and have a question about the iota step.

This step consists in a single XOR between the central (0, 0) lane of the state (illustration of the state p.8 if needed) and a round constant. In other terms:

for z in [0, w[:
    let new_state(0, 0, z) = state(0, 0, z) ^ RC[z]

where RC is viewed as a bit string.

The first round constant of the first round is 1, ...

I have an hybrid encryption (RSA, AES) for a file sharing project I am working on, where I use a single public key for encryption on the sender side and corresponding private key for decryption on the recipient side. I would like for a sender to be able to send files to multiple users each having only their own unique key pair (public keys would be distributed).

I know this is possible using GPG