Latest Crypto related questions

By definition, the discrete logarithm problem is to solve the following congruence for $x$ and it is known that there are no efficient algorithm for that, in general.

$$\begin{align*} b^x\equiv r&\pmod p\quad(1)\end{align*}$$ It is to find $x$ (if exists any) for given $r,b$ as integers smaller than a prime $p$.

Am I right so far? please correct me if I am misunderstanding anything.

In elliptic cur ...

I have seen several recent papers mention that side-channel resistance and countermeasure will be a major evaluation criterion for the NIST finalist candidates. However, I don't find any reference to this. Has NIST officially declared this criterion? I can find this document which has mentioned only about performance but nothing about side-channels. Thank you in advance for your help.

I'm going to generate unique random values based per a range of unique input values.

In other words I have range of input values which these numbers are part of a series (like a range of serial numbers which are increasing one by one) and there are no duplicate values among them. I want to generate random values based per each of input values which there should not be any duplicate values in output  ...

I know Modular Exponentiation ($r = b^e \bmod m$) is important for RSA, and I can find some algorithm that if e is expressed in binary form (for exp: )--in such way for a n-bit long e, one can expect ~1.5n rounds multiply modular operation.

I am working on making a public key recovery methodology for ECC like secp256k1/r1. There is a very efficient implementation in the secp256k1 lib, but that was co ...

If you have a plain text document, known public key to verify generated signature strings against. EDIT: You do NOT know the private key, this is all you have.

Using a modern computing power with 4 cores, 12 threads, (or GPUs, if that is faster) - how long would it take to come up with a signature that the given public key would authenticate?

Let's say I want to prove to someone that a webpage claims X. I could take a screenshot, but it could easily be doctored. However, the webpage's contents are encrypted by the domain using its private key. Is there a way to use the encrypted message to prove to someone that I haven't modified it?

I think this is possible if I generate a temporary private key and use it in the connection, then pres ...

All these post quantum signature schemes are claimed by the authors to be naturally resistant to side channel attacks. My question is, why or how?

I want to know if the below algorithm , secure against quantum computing attack, and how I can compute the running time for the original algorithm and the proposed attack

Source: Yan Zhu, HuaiXi Wang, ZeXing Hu, Gail-Joon Ahn & HongXin Hu, Zero-knowledge proofs of retrievability, in Sci. China Inf. Sci. 54, 1608 (2011).

I'm getting familiar with Signal key exchange phase and as far as I understand all 3 exchanges between Alice ephemeral key and all of Bob keys from the bundle, I have some thoughts about key exchange between Alice identity key and Bob pre signed key.

I'm aware this is to authenticate Alice and confirm she has identity private key but could this exchange be replaced with one of:

1. Alice identity key &l ...

First, I'm using the settings of https://en.wikipedia.org/wiki/NTRUEncrypt, with $L_f$ set of polynomials with $d_f+1$ coefficients equal to 1, $d_f$ equal to $-1$ and the remaining $N-2d_f-1$ equal to 0; and $L_g$ the set of polynomials with $d_g$ coefficients equal to 1, $d_g$ equal to $-1$ and the remaining $N-2d_g$ equal to 0. The natural numbers $d_f$ and $d_g$ are just fixed parameters of the sche ...

In order to improve the quality of random generators, Weyl sequences have been added to the Middle Square (Widynski) and Xorshift (Marsaglia) generators:

https://arxiv.org/abs/1704.00358

https://www.jstatsoft.org/article/view/v008i14

As I understand, it was also about extending generator cycles, especially when it comes to Middle Square, which works like random mapping.

I also have a generator that work ...

I was following along with Christof Paar's lecture on Linear Feedback Shift Registers. He explains the structure coherently as a set of flip flops where the 'taps' are defined by a bit vector (0 for no tap on that flip flop, 1 for a tap on that flip flop). This makes perfect sense to me.

But then he brings up the point that people describe an LFSR not as a set of flip flops and a bit vector to define ...

In bidding for a contract, a company might outbid its competitor by simply multiplying its rival company’s encrypted bid by 0.9, without even knowing the bid. Now Suppose we are given the ciphertext c = (c 1 , c 2 ) of some unknown message m, where c 1 ≡ g k (mod p) for some unknown random integer k ∈ Z p−1 and c 2 ≡ m · h k (mod p), where h is the public key of some unknown private key x, in ...

What are the future prospects of Searchable Encryption?

Are industry based labs interested in Searchable Encryption?

Will doing a PhD in Searchable Encryption help my join industry based research labs?

How active is the field of Searchable Encryption?