Latest Crypto related questions

Let $n$ be the number parties in a distributed cryptographic protocol where an adversary can corrupt up to $n/3$ nodes in the network.

Static Adversary: The set of corrupt nodes is fixed a priori.
Adaptive Adversary: Adversary selects the set of corrupt nodes during execution of the protocol.

Let’s say we do not know how to prove a distributed cryptographic primitive X secure against an adaptive adver ...

For the McEliece/Niederreiter cryptosystems, an efficient seemingly secure choice of code is an irreducible binary Goppa code, defined by an irreducible $g(x)\in GF(2^m)[x]$ of degree $t$ and a support vector $L=(\alpha_0,\ldots,\alpha_{n-1})$ with distinct $\alpha_i\in GF(2^m)$.

The code itself is the $GF(2)$-valued vectors in the kernel of the parity-check matrix $$ H=\left( \begin{array}{cccc}  ...

Is there a program to predict the mersenne twister random module in python for a 5-bit integer output, provided the consecutive 3994 outputs are available? The random module is not seeded so i guess, it'll use the system time as it's seed value since no os.random function is used! and it's seeded only once(assumption). Does my claims look valid! and is it really predictable? please forgive me if i'm wro ...

I was wondering if there exists an algorithm, paper, etc. for the following problem:

Assume we have a public list of numbers, let's say {1, 2, 3, 4, 5}. Alice and Bob both pick any subset of those numbers in secret. Is there a way for Alice and Bob to exchange their selections in such a way that neither Alice nor Bob know what the other person has picked, however they still see which numbers they ...

I created a crypto service using AES-GCM in order to encrypt the sensitive data in database. Firstly, I'm generating a cryptographic key from a password (probably will be stored in Kubernetes Secrets) by using Rfc2898DeriveBytes. Then passing this key to AesGcm instance. You can find the implementation down below.

public class CryptoService : ICryptoService, IDisposable
{
    private readonly AesGc ...

I'm working my way through Stallings's book Cryptography and Network Security. I'm self-taught on crypto, never took a class but I've implemented some crypto accelerator functions in hardware at work and am interested in learning more.

Chapter 8 covers random bit generation. The discussion of true random number generators talks about bias and how to remove it with conditioning algorithms. One suc ...

I have seen FF1/FF3 being said that they preserve the same format as that of the plaintext. For example, if I encrypt a decimal number 1234 then its encrypted value is also a 4 digit decimal number. Both of them use the Feistel network. How are the round functions internally designed in each round of the structure to preserve the format of the data? I wanted to get to know how the design of internal fun ...

Hi I know there have been other questions like this on here, namely here.

But of all the solutions I have seen of this problem, $e_1$ and $e_2$ are relatively prime, which is how we can get to the final equation $m \equiv c_1^{\,a} \cdot c_2^{\,b} \pmod n $, where $a$ and $b$ are from the equation $a\cdot e_1 + b\cdot e_2 =\gcd(e_1,e_2)$ from the extended euclidean algorithm.

However I'm wondering how  ...

Suppose that $F:K\times X\rightarrow X$ is a function. If $k\in K$, then let $F_{k}:X\rightarrow X$ be the mapping defined by letting $F_{k}(x)=F(k,x)$ for each $x\in X$. Then we shall call $F$ a block cipher round function if $F_{k}$ is a bijection for each $k\in K$.

The group $\text{Aut}(F)$ is the collection of all pairs $(\phi,\psi)$ such that $\phi\in\text{Sym}(K)$, $\psi\in\text{Sym}(X)$, and

Let's say we have a ciphertext of length 1000. We try to decipher it with an Enigma machine with random rotors and initial positions but no plugboard (so only $5 * 4 * 3 * 26^3 \approx 2^{20}$ possibilities). Assuming we find the correct settings for the rotors, then in this configuration, some of the ciphertext letters would become the correct plaintext letters. Indeed, as there were usually 10 p ...

For those who don't know, a bijective function is one for which each input yields one and only one output. A block cipher, for example, is guaranteed to be bijective or you could not decrypt.

When a hash function like SHA256 or SHA3 is used with an input the same length as its output, AFAIK this is not or at least should not be bijective. (Is that correct?)

If a hash is not bijective, does this mean ...

I'm currently working on a distributed threshold DSA scheme that requires to find the product of two sums via secure multi-party computation. Specifically speaking, every one of $n$ parties $P_i$ possesses a DSA key pair $(sk_i, pk_i)$, where $sk_i=d_i \in \mathbb{Z}_q$ and $pk_i = g^{d_i}$. I want to collectively generate a signature $S_{\Sigma} = k_{\Sigma}^{-1}(m+r_{\Sigma}d_{\Sigma})$, where$k_ ...

Are there any tools available for reversing/determining an unknown Encryption Algorithm if you have access to the key, unencrypted, and encrypted data? Basically, the only unknown is the encryption algorithm itself?

basically, anything that someone with decent programming skills, but very limited cryptography knowledge could use?

Or is this a much more complex problem than I imagine it is?

In PCBC mode, one encrypts and decrypts via $$ C_i = E(P_i \oplus P_{i-1} \oplus C_{i-1}) \Longleftrightarrow P_i = D(C_i) \oplus P_{i-1} \oplus C_{i-1} $$ (where $P_0 \oplus C_0 = IV$), which has good error propagation in that modifying any $C_i$ would break the decryption of all $P_j$ where $j \ge i$.

However, there is a bug in that swapping $C_i$ and $C_{i+1}$ does not affect the decryption of sub ...

I have been reading about the sigma protocols, specially the OR-Proof.

Many examples just take into account two statements and provide a way to say that one of the statements is valid, but not which one. For example this question zero-knowledge proof of disjunctive statements (OR proofs), or protocol 3 in this article Zero Knowledge Proofs with Sigma Protocols, the section 4 of this work On Σ-protocols ...