Latest Crypto related questions

This is part of the explanation of the commitment scheme from DDH in this lecture notes by Vipul Goyal: https://www.cs.cmu.edu/~goyal/s18/15503/scribe_notes/lecture22.pdf

My question is not directly related to the content of the pdf, but in page 20-4, it says $\{g, g^a, g^b, m \cdot g^r |(a, b, r) \leftarrow \mathbb{Z}_q\}$ is computationally indistinguishable from $\{g, g^a, g^b, g^r |(a, b, r)  ...

I have written a raw (textbook) RSA implementation (just for fun) and I wonder is there an easy way to make it secure enough so it can be used in real life (without implementing OAEP+ and RSASSA-PSS)? Are there any simple algorithms for padding and generating secure digital signatures?

I'm looking at the MAC defined as follows: $$\text{Mac}_k(m)=\langle r,f_k(r\oplus m)\rangle $$ where $r$ is uniformly chosen at random (each time) and $f_k$ is a PRF. Vrfy is the canonical one. I'm trying to refute that it is secure (secure definition below).

The Mac-Forge game is defined here:

and also:

Now, the forgery will work as follows: the attacker picks two messages $m_1,m_2$ with $m_1\neq  ...

It seems there are keys everywhere in cryptography. From things like HMAC to encryption (both asymmetric and symmetric).

The bit I do not totally understand now is how are cryptographic keys generated? I know they have to be random, but is that all the properties required?

Do the method of generation also differ depending on the use case? For example does the generation method differ for keys used i ...

So, I kinda get the mathematics behind the ECDSA, but I can't seem to find precise information about private key generation. In other words, do we have to generate private key, each time we generate a signature? Coz, if a public key is known, then through using the discrete logarithm we can get the private key, and thus we have a problem.

If a used has a password on a system that is 28 ASCII characters, on a system, lets say it's my.gov.au and then a few years ago a flaw is discovered which limits passwords to 20 characters and the user now discovers that the password for the site is the original 28 character password truncated at 20 characters, is it reasonable to conclude that the password is stored in the plain, and how could one make ...

I am trying to understand the logic behind some basic principles of AES key padding. Why do we use different kinds of AES key padding schemes instead of the simplest zero-padding? Take AES-128 for example, if my key is "cipherkey", How does the padding work, and what is the problem behind it?

Sorry if the question is too elementary, but I fail to find a good explanation of it.

I've seen people making lots of distinctions while reading papers about zero-knowledge.
I've seen the term "Argument of Knowledge" that seems to be used as a weaker "Proof of Knowledge": what I understood is that if you talk about the normal soundness property you talk about "arguments", whilst if you talk about the validity property (from Proofs of Knowledge) then you talk about "proofs". Is it cor ...

Why LFSR stream code is not suitable for encryption? Is there a special attack for LFSR?

I'm trying to build this Ethereum hardware wallet on a custom designed embedded system and I'm no expert. Googling around I found this Robust, low-cost, auditable random number generation for embedded system security paper. As I read the proposal in this paper, it sounded quite safe; a real TRNG. Neverthless, as I struggled to simulate the circuit in any online circuit builder, I thought that maybe I ...

I have tried to answer this question for quite some time now. But a complete intuitive understanding still eludes me.

Consider an alternate construction for a block cipher without any substitution and permutation network. This block cipher just XORs the message blocks with different keys which are derived from a master key(similar to ECB mode but with different keys for each message block). If t ...

In Katz & Lindell's textbook (2nd edition)) is said, that only non deterministic encryption can lead to security for multiple encryptions. Now I looked at the experiment for multiple indistinguishable security and there is said, that the challenger gets two sets of messages from the adversary. Say we have the PRG cryptosystem, that XORs messages with the output of the PRG. Why couldn't the ch ...

Bernstein proofs in his paper that single-key security of the classic Schnorr signature system tightly implies the single-key security of the key-prefixed variant of the system. Can this statement be applied also for short schnorr signatures (halved hash output length)? In other words: Does single-key security of short schnorr signature system tightly implies the multi-key security of the key-prefixed va ...

I read a paper titled "On the entropy of LEGO", which explains how to calculate the number of ways to combine $n$ $b\times w$ LEGO blocks of the same color. For example, six $2\times4$ bricks have $915103765$ ways to combine. I wonder if could we construct a funny cipher algorithm using LEGO bricks.

Some definitions and symbols:

A $2\times4$ brick $i$ can be defined as: $b_i:=\left( \begin{array}{cc} s_0 ...

In the cryptography course, the professor said that:

these days for symmetric key encryption, instead of sending out the key, Alice sends the seed to Bob, and then based on that Bob can get the key.

I didn't actually understand the role of the seed, besides, if Bob can generate the key based on the seed so Eve can do the same, right?