Latest Crypto related questions

I am reading a textbook and in there they explain the property of hash functions. In particular, they give an example of how unlikely it would be to find a second input value that would match the hash output of the original input. Here's the example:

We show now how Oscar could turn his ability to find collisions (modifying two messages) into an attack. He starts with two messages, for instance:

I'm new to this field,Symmetric Searchable Encryption, and have read some papers in this field. Notice lots of these papers about SSE use identifiers when build encrypted index and return identifiers as the search results to users.

These schemes seems work like this: when users get the identifiers, then use them to download files from server or server just sends the files along with the identifie ...

I need to securely pass an AES key to a remote client. What I did so far is to generate a random AES key and encrypt it using the RSA public key of the client (PKCS#1 v1.5 padding is taken care by the RSA library I'm using, CryptJS).

I didn't realize that AES requires the key but also an IV. I don't know what's the correct way of dealing with the IV. Should I encrypt it as well and basically send ...

Because of the assumption of joint security, I want to use the same keypair for signing (ed22519) and encryption key exchange (x25519)

How can I share the same public key for my nacl.box.keyPair and nacl.sign.keyPair ?

As I understand it should be possible because both are on the same curve.

nacl seems to transform his ed22519 private key using this function:

  crypto_hash(d, sk, 32);
  d[0] & ...

I have a text sentence that consists of 448 digits [0-9] [a-f] (in HEX format).

This text sentence is partially cut off, but I know the middle, and the beginning and end are damaged.

What I know is 322 known digits in the middle of a text sentence.

74 unknown digits at the beginning

52 unknown digits at the end

That is, the entire text Size: 224 bytes and it is hashed using the SHA256 hash algorith ...

I'm looking for a more efficient solution to prove the correctness of multiple ciphertexts sent to different parties are correct.

The background is that $P_i$ uses lifted ElGamal encryption to encrypt a message $x_j$ to party $P_j$, where $j\in[N]$. Therefore, the ciphertext will be $Enc_{pk_j}(x_j;r_j)$.

Now I need to generate a proof for $P_i$ to show all the ciphertexts he generated is correct.

I have made some progress on the MD5 avalanche problem, https://github.com/221294583/crc32 It is said that CRC32 realizes avalanche through recursive XOR of polynomials and original values at the same time.I think MD5 is the same,but I can't understand the code of MD5. Can you help me explain this code. https://github.com/blueimp/JavaScript-MD5 ,it is a big massive of codes as in my link.I am not a devel ...

As I am fairly new to cryptography, I would like to understand how to, in a simple way, implement a system that would achieve the following: the user would have to setup a password, which would then be used to:

1.) encrypt the data provided by the user and save it in an encrypted form and 2.) to authenticate the user when using the system the next time and decrypt his data.

When searching for viable solut ...

For a given block size of N bits, the total number of possible permutations is (2^N)! In order to select from any one of the possible permutations, the key would have to be of length log2((2^N)!) which is typically much larger than N. Given that AES has a 128 bit block and can have a key length of 256 bits, the AES block cipher is only using a small sub-set of all possible block permutations.

My ...

I am engaged in the research of zk-SNARKs. After I read some papers about zk-SNARKs, I realize the Kate Commitment and the Algebraic Group Model is used a lot since 2019. They are used in Sonic, Plonk, Marlin and etc. Most of these papers are about "universal and updatable zk-SNARKs". I want to know if the Kate Commitment, the AGM and the "universal and updatable zk-SNARKs" have some kind of connectio ...

Are there any good attack models of HMAC? Like how it can be attacked? If there are any possible attacks of HMAC I would be happy to know about it.

I noticed that the PKCS#11 supports C_GenerateKey function for symmetric keys and for asymmetric there's only C_GenerateKeyPair function. So from the definition, this lets us create only both private-key/public-key pair. From my understanding the private key stores public key info (modulus and public exponent), which are needed for public key creation, so it can be fetched every time to generate the publ ...

For doing MPC over Boolean circuits (typically XOR, AND, INV gates over field of size 2), Boolean circuit files can be found online for a range of interesting functions (e.g. AES, SHA-256). These circuit files can then be used in different implementations in order to compare performance.

For arithmetic circuits (ADD, MUL gates over larger rings), is there such a thing as an arithmetic circuit fil ...

The reference below refers to "FE2OSP (Field Element to Octet String Conversion Primitive)".

Would appreciate any help in finding the definition (algorithm) for FE2OSP, and the format of its input and output parameters.

Thank you!

Reference: IETF RFC8446, The Transport Layer Security (TLS) Protocol Version 1.3, August 2018), section 7.4.2. "Elliptic Curve Diffie-Hellman"

I made a javascript aes encryption program and I do have the key to what I encrypted. Is there a way to use that key and figure out what was encrpyted without help of a program? I encrypted "Hello" with the key 2892 and got EQ/9Yt/IvIAmtF0wKYbb3+XYUOKuKlxJ. Is there a way to apply the key to the characters and fully decode what it says without making a program to do it for me? This is just so I can prac ...