Latest Crypto related questions

I'm currently reading this paper [PDF]. On page 4, I bumped into these notations :

\begin{equation} \text { Experiment } \operatorname{Exp}_{\mathcal{F} \mathcal{E}, A}^{\text {ind-mode }}(k) \text { : } \end{equation}

\begin{equation} A_{1}^{\mathrm{KDer}\left(s k_{i}\right)}(p k) \end{equation}

I tried searching online and resolved most of the other notations involved, like the $ \stackrel{\\\$}{ ...

Essentially I'm asking, what if I have designed a quantum-proof stream cipher that is faster than AES-256?

Will using less computational power for encryption/decryption be valuable to companies or various organizations?

I can imagine that faster and lighter encryption while secure enough could potentially cut down costs or give a competitive advantage to a business. (like Google)

However, I would highl ...

e,N,c and around 2/3 of p are given and I need to get the whole p to decrypt c.

N: 831920962257214756401382654251425949868264224385841957482372042416309146170150136001598220999003333652074674457203501497888508388030665515087882611269844918362760437859104547616381568314060144014118133650075504206531935707368804768936984206957688059038290716699862253339535050931352726410898837592450575051490781120052 ...

I have come across a two factor login mechanism using Time based OTP (TOTP). TOTP (6 digits) is shown to the user in an app.

There are two ways of logging in.

Method 1:

User inputs the username and password. Then approves the login notification received in the TOTP app. There is no need to enter the TOTP in this case.

username = username
password = password

Method 2:

User enters the concatenation of ...

The PKG performs the following steps

1. Choose $p,q \in \mathbb{P}$.
2. Calculate $N=pq$.
3. Calculate $\phi (n)=(p-1)(q-1)$.
4. Choose $e$ with $gcd(e,\phi(n))=1$ and $1 < e < \phi(n)$.
5. Let it be $e = {p^{e_1}_1} \cdot {p^{e_2}_2} \cdot \ldots {p^{e_k}_k}$ the prime factorization of $e$ for $i \in k:p_i \in \mathbb{P},e_i \in \mathbb{N}$. Choose an injective mapping $H$ with \begin{align*}  ...

I wanted to test the implementation of the Salsa20/8 Core function provided in the RFC 7914, with the test vectors provided, and I do not get the expected output from provided input. I guess that I am not using the input properly, but I am afraid I need help... Here is my code:

#include <stdio.h>

int main() {

  unsigned int in[16];
  unsigned int x[16];
  unsigned int out[16];

  /*
  <https:/ ...

In libsodium, there're 3 symmetric encryption(stream cipher) which are AES256-GCM(Hardware-accelerated), XSalsa20Poly1305 and XChaCha20Poly1305(uncertain which version of libsodium add support to XChaCha20Poly1305).

Considering that AES256-GCM will be a primary choice if hardware supports it as it's an industry standard which commonly seen in file storage or any other applicable platform.

AES256-GCM ...

Recently, the NSA (re-published?) their CNSA guidelines and some information on post-quantum computers (per the title of the document).

Here's the link for convenience (document is titled, 'Quantum Cryptography and Post-Quantum Computing' if you'd rather not go straight to the link)

Question about P-256 Removal

The noticeable difference in the new suite is that, at a minimum, EC-384 strength keys are rec ...

I am looking for a hash methodology that allows previous hashes to provide "hints" to find same or nearby hashes:

1. if I expect to find a message $M = P + U$ consisting of private $P$ and public $U$ that hashes to some $H \lt N$ on average after $T = S/N$ tries, where $S$ is size of hash space (ie a cryptographically secure hash that can only be brute-forced)
2. then there is a way to find another $P'$ ...

Block-cipher use self-inverse ($f(f(x)) = x $) operations which then will be applied to the plaintext and most likely contain some constants which can be based at a key. To get security such operations which interpret the input in different ways are aligned to each other. This process gets repeated multiple rounds with different keys. In optimal case a random input lies inside a closed cycle (if b ...

I have a RSA-4096 public key, a ciphertext, and almost the whole plaintext : there are only a couple dozens bytes missing near the end, or in other terms, I know the range 0-80% + 90-100% of the plaintext. Is there any way to recover those missing bytes ?

In Differential Privacy resources, the limiting cases of $\epsilon, \delta$ are not justified well enough.

For example, on Wikipedia, it is said that Gaussian mechanism only works when $\epsilon < 1$. However, any Gaussian mechanism that satisfies, e.g., $(0.1, \delta)$-differential privacy, already satisfies $(1, \delta)$-differential privacy, or $(5^{100}, \delta)$-differential privacy, am I correct? ...

I'm working with a dev team who are implementing encryption at rest at the application level. It's for particularly sensitive fields inside an RDB. (The underlying DB storage has an additional layer of encryption, but that's off topic here.) We're using a Spring's AesBytesEncryptor and related classes for that.

We have not fully solved key rotation yet, and i'm investigating how to do that in a secure ...

I am using AESGCM256 with a nonce of 96 bytes to store keys (very secret information). There are more than 500 keys, the only place where they can be stored in decrypted form is the application RAM.

Now, when the application is launched, the user enters one decryption key and a nonce for each key. This is very uncomfortable, all the nonce are stored separately from the database where the encrypted ke ...

Is Transposition Cipher perfectly secure?How to prove it? I can't figure it out by comparing |M|and |K|