Latest Crypto related questions

I am trying to write the formal definition for mono-alphabetic Substitution Cipher. I have tried the following

$\mathcal{M}:=$ Set of all possible arbitrary length string of English language text, removing all punctuations, numerals, spaces in a string.

$\mathcal{C}=\mathcal{M}$

$\mathcal{K}:=S_{26}$

Let $m=m_1m_2\cdots m_l \in \mathcal{M}$ then

$Enc_{k}(m):=k(m_1)k(m_2)\cdots k(m_l)=c=c_1c_2\cdots c ...

I'm looking for an easy to use tool to generate RsaPssSha256 digital signature of a binary file using the private key. and verify the signature using the modulus and exponent of the public key.

any suggestion?

I wanted to use https://github.com/AntonKueltz/fastecdsa library and the function parameters for creating curve are:

p,  # (long): The value of p in the curve equation.
a,  # (long): The value of a in the curve equation.
b,  # (long): The value of b in the curve equation.
q,  # (long): The order of the base point of the curve.
gx,  # (long): The x coordinate of the base point of the curve.
gy,  # (lon ...

Fernet symmetric-key encryption

To encrypt and provide data — e.g. JSON strings in a database — using Python I'm wondering what is a good approach (package) for symmetric-key encryption.

The Python standard modules are only about hashes and secure random numbers: https://docs.python.org/3/library/crypto.html, so I started with https://github.com/pyca/cryptography as https://github.com/pycrypto/pycry ...

I am a student studying PRP and PRF in school, my prof gave us a thinking question: "Why is a two-round Feistel network not a PRF, even while the component function is a PRF?"

I've seen that why this is a less-secure encryption but not sure how less-secure related to the question that prof gave us.

I'm trying to understand the structure of Rings used in Ring-LWE based on Chris Peikert's Decade of Lattice Based Cryptography paper. The paper says that $$R := \mathbb{Z}[x]\big /\langle f(x) \rangle$$ and clearly for this to make sense, $f(x) \in \mathbb{Z}[x]$. But then $R_q$ is defined as $$R_q := R\big / qR \stackrel{?}{=} \mathbb{Z}_q[x]\big / \langle f(x) \rangle$$

So my question is which rin ...

How do I know where my XOR gates go? What does the F2 stand for here? Also the next task is to generate the sequence (with initialisation vector $s_0 = 1, s_1 = s_2 = s_3 = 0$) until it becomes periodic which I'm fairly certain I can do however even a few rows would be helpful as I won't have any other answers to these (not official homework assignment).

edit: my guess is now the xor port goes on t ...

Let $\varepsilon>0$ be a constant. Say an encryption scheme is $\varepsilon$-perfectly secret if for every adversary $\mathcal{A}$ it holds that $$ \operatorname{Pr}\left[\operatorname{PrivK}_{\mathcal{A}, \Pi}^{\mathrm{eav}}=1\right] \leq \frac{1}{2}+\varepsilon $$ Consider a variant of the one-time pad where $\mathcal{M}=\{0,1\}^{\ell}$ and the key is chosen uniformly from an arbitrary set

I am facing a problem in programming with the charm-crypto library. The hash functions for pairing group elements in charm-crypto can only map from a string to a specific field: $\mathbb Z_r$, $G_1$ or $G_2$.

Examples: $$\begin{align} H_1: \{0, 1\}^*\to\ &G_1\\ H_2: \{0, 1\}^*\to\ &Z_r\\ H_3: \{0, 1\}^*\to\ &G_2\\ \end{align}$$

I am implementing a certificateless public key encryption  ...

I am wondering why the modulus $q$ in the LWE problem has to be polynomial in $n$.

Another question is whether one can take it to be an arbitrary integer instead of a prime number.

Let F be a PRF defined over $F:\{0, 1\}^n \times \{0, 1\}^n \to Y$.

1. We say that $F$ is XOR-malleable if $F(k, x \oplus c) = F(k, x) \oplus c$ for all $k, x, c \in \{0, 1\}^n$.

2. We say that $F$ is key XOR-malleable if $F(k \oplus c, x) = F(k, x) \oplus c$ for all $k, x, c \in \{0, 1\}^n$.

Clearly an XOR-malleable PRF cannot be secure: malleability lets an attacker distinguish the PRF from a random fun ...

suppose no salt or pepper is used and passwords are hashed plain, will entering incorrect password that just hashes to the same let me in? i know that one use of salting/peppering techniques is to, aside from making brute force more time consuming, prevent one hash compromise all the users using same pass. but how does it work for preventing colliding passwords being used interchangeably? in other words ...

I'm in need of an algorithm that can perform a very specific task: take a short string, encrypt it using an algorithm which can be scaled to keep up with Moore's Law/has a proof-of-work factor/is unusually slow, and then, later, decrypt it at the same time cost.

The use case is a list of email addresses being stored for a mailing list by a security-conscious client, to be decrypted one at a time  ...

I am learning about hash functions and I just read about XOF (namely shake and cShake).

I will like to test this functions out by myself but I can't seem to find how to use it via the OpenSSL CLI or using a JavaScript library.

The JavaScript library I am using is https://github.com/paulmillr/noble-hashes but it does not seem to support XOF.

So how do I use XOF (SHAKE and cSHAKE) in openssl CLI and JavaSc ...

In many papers, I see EUF-CMA and SUF-CMA referenced as a canonical term used, but I did not find a reference paper/book that give a formal definition of the those terms. I am looking for a reference that formally defines EUF-CMA, SUF-CMA security and universal forgery, similar to this answer.