Latest Crypto related questions

I recently started learning about cryptography and its Quantum aspect and I came across Shor's Algorithm (which solves the following problem: "Given an integer N, find its prime factors").

I also came across this video called "How Quantum Computers Break Encryption | Shor's Algorithm Explained"

I am still confused about how knowing the factors of the key is going to help me solve the problem.

I heard about the "Chess Grandmaster Problem", Eavesdropping attacks and Man-in-the-middle.
Can they be applied in any way to a ZK protocol?
I'm not looking for long examples, just what are the main attacks and briefly how they work will do.
Thank you so much!

This is mainly for math purposes although it would be good for cryptographic purposes too, are there any known algorithms for generating an infinitely long (pseudo)random sequence of numbers (say bits). The sequence cannot be repeating or have some pattern and should behave like a "normal" number (i.e. similar the digits of Pi or some other constant).

Imagine authentication like $hmac = H(nonce, ciphertext)$. $nonce$ is truly random and chosen (randomly and WITHOUT replacement) from predetermined set $N$. So ${nonce} \in N$ and once used cannot be reused ever again. And $N$ is publicly known. There is no algorithmic relationship between $nonce$ and $ciphertext$.

Is the HMAC secure given $N$ is public?

Consider a bilinear pairing $e(G_1,G_2)=G_T$, let $G_1,G_2,G_T$ be multiplicative cyclic groups of order p. If I have a message $m$, can I map $m$ to $G_T$, and encrypt $m$ as $m \times G_T$?

Do I need to pay special attention to key recovery attack while focusing on semantic security?

The book "A Graduate Course in Applied Cryptography" by Dan Boneh and Victor Shoup doesn't focus on key recovery attack while talking about semantic security, but it does when mentioning on block cipher.

I m new to cryptanalysis and trying to understand differential cryptanalysis. I have read the paper by Howard M. Heys. I understood the concept of differentials but I m not able to understand how to calculate the probability of a differential to occur when we don't know any information regarding the S-boxes.

It is given that, we give 2 inputs with a difference of say, x to an S-box and get output ...

In cryptography there are 4 basic attack classifications:

• Ciphertext-Only Attack
• Known-Plaintext Attack
• Chosen-Plaintext Attack
• Chosen-Ciphertext Attack

In Katz & Lindell's textbook (2nd edition) one can find a security definition and experiment for those attacks. E.g. to define CPA-security. Those experiment are between a arbitrary adversary and a challenger. I was wondering, if there exists such  ...

Consider that an online shop subscribes an embedded external service for their customers. This external webpage is accessible through a clickable banner on the online shop.

On the subscription area of this external service, the registration form asks about the base url domains where the banner will be published:

companya.com
companyb.org
companyc.net 

The purpose is to create a query string dynamically f ...

Be this the Experiment for multiple COA-security:

• $PrivK_{\mathcal{A},\Pi}^{mult}(n)$:

• $(m_0^1 , ... , m_0^t,m_1^1 , ... , m_1^t) \leftarrow \mathcal{A}(1^n), |m_0^i|=|m_1^i| \forall i \in [1,t]$

• $k\leftarrow Gen(1^n)$

• $b \leftarrow \{0,1\}$

• $C = (c_b^1 , ... , c_b^t) \leftarrow (Enc_k(m_b^1) , ... , Enc_k(m_b^t))$

• $b' \leftarrow \mathcal{A}(C)$

• if $b' = b$ return 1 else return 0

If $PrivK_{\mat ...

Neven et al. stated in their paper Hash Function Requirements for Schnorr Signatures following theorem (using the forking lemma): $\mathbb{G}$ is the generic group (section 2), $s \approx \log_2q$, hash function $H: \lbrace 0,1 \rbrace^* \rightarrow \lbrace 0,1 \rbrace^n$.

Theorem 1 If the discrete logarithm problem in $\mathbb{G}$ is $(t_\text{dlog}, \epsilon_\text{dlog}$-hard, then the Schnorr Signatu ...

I have a scenario where I do not have the key but I have plaintext 1, ciphertext 1, and ciphertext 2. Ciphertext 2 is built using the same key that was used to build ciphertext 1. Is there somehow a way to decrypt ciphertext 2 to get plaintext 2?

In the reverse key schedule of Data Encryption Standard how ko = k16 after 16 rounds?

I'm learning about common modulus attack and learned that public modulus attacks can find out the private key. Assume there are 2 users with public and private keys $(e_1, d_1)$ and $(e_2, d_2)$. Scenario is attacker has his public and private keys $(e_2, d_2)$ and victim's public key $e_1$ Here are the steps to get the secret key:

1. $t= e_2\cdot d_2-1$
2. Attacker uses the extended Euclidean algorithm to  ...

I have read many question on this website and understood the Pedersen commitment until I came across with this page.

This page, it computes $\mathcal h= g^s \bmod p$ where $s$ is secret, instead of using $h$ and $g$ as a generator of a group $G$ like in first page. Is there a specific reason for this?