Latest Crypto related questions

As of 2021, is RSA the only practical (i.e. safe, production-ready) option for asymmetric encipherment of symmetric keys at rest? ECDSA is obviously preferable over RSA in the case of signing, but (unless I'm woefully misinformed) it doesn't support key encipherment. If RSA is the only practical option at present, are there any notable efforts toward future alternatives that I should be aware of?

Given a matrix $\mathbf{A} \in \mathbb{Z}^{n \times m}$, $m$ sufficiently large with respect to $n$ and prime $q$. The rows of $\mathbf{A}$ are linearly independent with high probability. In MR09 the authors state that the number of vectors in $\mathbb{Z}_q^m$ belonging to the $q$-ary lattice $\Lambda_q^\intercal(\mathbf{A})$ is $q^{m-n}$ and therefore it follows that $\text{det}(\Lambda_q^\intercal ...

Several papers in, for example, the domain of Secure Multiparty Computation, are set in the context in which the computation domain is a finite field $\mathbb{F}_p$, while some more recent works (e.g. SPDZ2k [1]) are set over a (non-field) ring $\mathbb{Z}_{2^k}$. In some cases, however, the latter-type of protocols carry some overheads.

I wonder:

What would be the cost of emulating arithmetic modulo

I am curious about Randomness test suite.

One of the famous randomness test suite, DIEHARDER, said that Endianness does not matter for a "GOOD" random generator.

Note that this is not the same as writing raw floating point numbers (that will not be random at all as a bitstream) and that "endianness" of the uints should not matter for the null hypothesis of a "good" generator, as random bytes are random ...

Background I am trying to understand how PEM contents are formatted for "EC Private Key" so e.g. following is private key

-----BEGIN EC PARAMETERS-----
BgUrgQQAIw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIAavpiUck1lQc01A6FH1SE1XSwW4C+i354tOQyPjioSnq5lzc9YQXX
yAIiC6hiMhARzBxe2vmYBeCEENlmCG0jNymgBwYFK4EEACOhgYkDgYYABAEyMQ/2
NkU0LHTBhpsbeaFklNSXUeG2znLuFvcb0hvc29R5ydz8/dpDOh ...

I’ve just encountered the following source code which is used as an authentication mechanism where the bytes32 leaf is the hashed action to authenticate :

/**
 * @dev These functions deal with verification of Merkle trees (hash trees),
 */
library MerkleProof {
    /**
     * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
     * defined by `root`. For this, a `proof` must be  ...

Currently unable to think of way to reasonably ensure encryption of something up until a specific moment in the future.

Would it be possible to encrypt something via a public key with a secret key being derived from a time stamp with sufficiently large resolution?

I don't see this property $\gcd(p\,q,(p-1)(q-1))=1$ used in the scheme. And in Paillier's original paper, I don't find this requirement.

Is it required just for the difficulty of factoring $n$?
Or is it related to the specific security of Paillier Encryption?

I know that this is a very specific question, but I still hope that someone can help me. I'm trying to understand the security of the short schnorr signature a little bit better. The security parameter is $k$. The Schnorr Signature $\sigma = (s,e)$ with $s,e \in \mathbb{Z}_q$ has a signature length of $4k$ bits ($s$ and $e$ have $2k$ bits, $e$ is a hash output). The Short Schnorr Signature uses a shorter  ...

Ok, so I have read a few different articles on subject and am maybe just just having problems understanding the point of view from the program I am using or maybe not IDK. Anyhow, ill get into it. The difference between a passphrase and a keyfile from my Ex. --> So in EncryptPad there are a couple icons at the top of the program. One is a lock or if you just click save on the document it will ask  ...

There is a list where, using the coordinates of the x points, it was determined whether there are points in the curve

Here's a link

It can be seen that the generator according to the formula y ^ 2 = x ^ 3 + a * x + b determined from the list GPoint = (Gx, Gy) # Generator Point

a= 0

b= 7

p= 115792089237316195423570985008687907853269984665640564039457584007908834671663


y^2 = x^3 + a * x + b # secp256k ...

Assume I have a matrix $A \in \mathbb{Z}^{m \times n}$, $m > n$, which forms a basis of a lattice. Given a vector target vector $t = Ax + e$, $t,e \in \mathbb{Z}^m$,$x \in \mathbb{Z}^n$, I want to find the (approximate) closest vector in the lattice $\mathcal{L}(A)$ to $t$.

I wanted to use Babai's nearest plane algorithm, in particular the NTL implementation NTL::NearVector to solve this problem (a ...

Kerberos uses des-cbc-hmac (mac and encrypt) and rc4-hmac-exp based on md5 (mac and encrypt I think) in their encryptions.

Those encryptions are considered as weak and should not be used. Why are they considered as weak? What attacks can be launched against those encryptions?

I have keyed 128-bit PRNG. It passed PractRand and Dieharder tests, but I have no idea what is expected cycle lengh of it (for different keys and different seeds).

Is there way to estimate it, through analysis outputs of this generator? I'm trying to analyze cycles in 16-bit parts of 128-bits outputs. 16-bit numbers repeats in truncated 16-bit parts of 128-bit output in average in every $6331708$

I'm currently reading this report on the security of the IOT protocol "LoRaWAN".

On page 3, it says the following:

LoRaWAN relies on AES cryptography algorithms combined with operational mode

Is this an actual mode of operation for AES, in the same way that CBC or ECB is?

Or is it perhaps that the term "operational mode" is often used to describe a certain mode of operation?