Latest Crypto related questions

I'm attempting to reproduce ring signatures as described in Section 5 of https://crypto.stanford.edu/~dabo/pubs/papers/aggreg.pdf but applied to the BLS12-381 system.

One of the assumptions in their construction is that an isomorphism ψ: G2 → G1 exists, with ψ(g2) = g1

There's a hint that we may be able to use a trace map as this isomorphism:

Now I've found the definition of trace maps in Pairi ...

I was reading the following paper BA-made it trivial and when talking about BA agreement protocol in page 3, I didn't understand what it meant by soundness here.

A protocol P is an arbitrary-value (respectively, binary) (n, t)-Byzantine agreement (BA) protocol with soundness σ ∈ (0, 1],

so when is the soundness 1 or 0? or is the soundness true if it follows some rules?

I was recently reading the paper A non-PCP Approach to Succinct Quantum-Safe Zero-Knowledge. Among other things, it discusses an adaption of the "folding" technique (from Bulletproofs) to SIS-based proofs.

The paper measures distances in the $\ell_\infty$ norm (rather than $\ell_2$), and is vague on which choice of embedding it uses (although I imagine it is the coefficient embedding). These choices  ...

High level goal: a Verkle tree (Merkle tree using algebraic vector commitments at each level rather than hashes) with depth d where I can prove the existence of n key/value pairs in the tree. Assuming the verifier already has the tree root commitment as well as the key/value pairs, I would like the additional proof size to be sublinear in either d or n, or ideally both. Zero-knowledge is not required. ...

With this question I am referring to the BGW multiplication by Gennaro et al (PDF here). The multiplication is described on the 4th page. (Another source for me was "A pragmatic Introduction to Secure Multi-Party Computation" p. 43-44)

Summary of BGW Multiplication Procedure: To do the multiplication of 2 secret values $\alpha$ and $\beta$ of every player $P_i$ has to have the share $f_{\alpha}(i ...

I'm writing a paper on parsing DER. DER the canonical sister of BER, when it comes to encoding ASN.1, with emphasis on shortest possible encoding. One of the properties that I seek to assure myself of, is that the TLV lengths are always encoded deterministically. This should be in ITU X.690. However, there seems to have been an oversight, and it's not in there. What I have, is a quote that's just out th ...

Is a truly p2p ledger possible, where there is no need for a third party (or a number of third parties) to verify ledgers.

Probably a system where the two parties who don't trust each other can verify each others ledger and then perform a transaction. If one of the parties is foul playing then the other party would not proceed with the transaction, cause that will make all his future transactions ...

EDIT: I want to specify what I know about schemes security:

• Authentication schemes: P can prove V he is P, and nobody else can prove V that they are P.
• Identification schemes: P can prove V he is P, and V can't prove to anybody else that he is P.
• Signature schemes: P can prove V he is P, and V can't prove even to himself that he is P.

https://link.springer.com/content/pdf/10.1007%2F3-540-47721-7_1 ...

I received a very weird question from someone. I feel there is no solution, It would be great if you guys share your views.

There are three people Alice, Bob and Sam and they all work for a high-security facility. Alice is the gatekeeper, Bob is a scientist and Sam is their manager.

Sam has issued an entry pass to Bob which is signed. Alice can verify the entry pass by using public-key cryptography  ...

What is the principle behind threshold implementation of block ciphers and how is this protecting against side channel attacks?

I'm trying to implement kleptography SETUP attack of ecdsa with python. Just a simply script to verify the algorithm. However i can't get the right output as the paper said. Where is the problem? Can anyone help?

from ecpy.curves import Curve, Point
import hashlib
import gmpy

cv = Curve.get_curve('secp256k1')
G = Point(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
          0x48 ...

As we know that at least in cryptography, the group operation on elliptic curve is just the point addition(https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication), which is defined on $E:y^{2}=x^{3}+a x+b$ as: $\left(x_{p}, y_{p}\right)+\left(x_{q}, y_{q}\right)=\left(x_{r}, y_{r}\right)$, $\lambda=\frac{y_{q}-y_{p}}{x_{q}-x_{p}}$, $x_{r}=\lambda^{2}-x_{p}-x_{q}$, $y_{r}=\lambda\left(x_{ ...

I'm trying to prove that this protocol https://de.wikipedia.org/wiki/Fiat-Shamir-Protokoll is zero-knowledge (the page is in german but it was the only good and simple image i could find)
I'm a student and I've never proven the zero-knowledge property, I know a simulator has to exist in order for a protocol to be zero-knowledge, but I've never actually seen how to do it or how its done, can you help m ...

I just watched the movie "The imitation game" (2014) which is based on Alan Turing's biography.

At some point in the movie the machine built by Turing wasn't fast enough to decrypt the Germans' messages, so they had the idea to search for the Enigma setting that deciphers a secret message into a plaintext that contains a known phrase (it was "Heil Hitler" in the movie but I have read that Turing actu ...

This may be more of a math question but I cannot find an intuitive answer.

On an EC curve why is 2P+2P equal to P+P+P+P?

The addition operation seems to a layman as some arbitrary sequence of steps. Draw a line here, flip the y coordinate, and so on. And yet point doubling twice brings up the same point. How is this so? (how is it that point addition is associative)