Latest Crypto related questions

What exactly are keystores?

I understand they are used to store things like private keys, certificates etc. But how exactly is that done? Is it just an encrypted databases where you put all these things? Or is it a single file that keeps all these things? Or is it in more abstract term just a specification (which maybe includes how the file and storage is to be constructed?)

I was thinking about why and how the RLWE problem is hard at all. I know that it's hard because it can be reduced to the shortest vector problem, but I'm thinking about how does it even have a solution.

The problem is basically:

$a_{i}(x)$ be a set of random but known polynomials from $F_q [ x ] / Φ ( x )$ with coefficients from all of $F_q$.

$e_i ( x ) $ be a set of small random and unknown p ...

Assume that there is a cyphertext that I want to make such that only someone who can prove ownership of a certain public key, or set of public keys would be able to decrypt.

It is my understanding that theoretically, this is solved by witness encryption.

Is there currently any implementation of such an algorithm in the wild? If yes, is there anything actually practical?

Edit:

I realized that my ques ...

I am trying to find constants of 128-bit key version of the stream cipher Chacha.

I know for 256-bit key version, constants are 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574.

Are these same for both versions?

As part of our linux secure boot implementation using dm-verity and root hash signature checking, I need to sign a file with the following openssl command (example):

openssl smime -sign -nocerts -noattr -binary -in unsigned.txt -inkey private.key -signer cert.pem -outform der -out signed.txt

This generates a PKCS#7 file which then can be processed successfully by the linux kernel.

But for productio ...

Is it possible to leak private key data if attacker control signing request ?

Everyone know $N$ and $E$ because they are public.

My server is designed to decrypt incoming request which is encrypted with public key.

Make sign and for decrypted data which have SHA-2 return back RSA sign for that data.

Is it possible that an attacker can learn my private key?

I am testing this in my local workshop f ...

I am trying to understand the Key Scheduler used in RC6 and I have a total of 3 questions. The RC6 Wikipedia page says that the only difference between the RC5 and RC6 key scheduler is that more words are produced from the key in RC6. In my application, I am using w=32bits, r=20rounds and b=16bytes.

My first question is are these are two separate for loops or is the second for loop that iterates  ...

As far as I know Whatsapp ,Signal and co in their group channels first used the already existing peer-to-peer channels between the participants and protected using the Double Ratchet Algorithm to exchange the key material for group communication. The Matrix Olm Library implements this principle using its Megolm Ratchet for advancing the sender keys for each participant. Each group member creates i ...

$n$ is a run-time variable chosen each time the user runs the implementation.

One way I can think is to use any block cipher, say AES, as a seeded CSPRNG to randomly shuffle list of numbers $0, 1, \ldots, 2^n-1$. This way I guarantee collision-freeness up to $2^n$ numbers. But this approach is too expensive as it will require me to swap $2^n$ numbers.

Another way I can think of is to use the block ciphe ...

Does applying a strong hash function like SHA-256 to the ECB-encryption of a message (using some secret key $K$) produce a secure mac? For example, given a message $m$, would a simple mac construction $H(E_K(m))$ be considered a secure mac if we used a strong hash $H$ like SHA-256?

Compared to standard HMAC, this construction seems simpler and might even execute a little faster too. Also, it doesn't see ...

I need to find a prime number $p$ with the following constraints:

• $p$ is at least $1000$ bits long
• $p-1$ is a smooth number with the largest factor below $1000$
• any factor of $p-1$ can be present multiple times

Does this number exist? and if yes, does there is an algorithm to find it?

In An Efficient Quantum Algorithm for Lattice Problems Achieving Subexponential Approximation Factor, the author claims they give a polynomial-time quantum algorithm for solving the Bounded Distance Decoding problem with a subexponential approximation factor on a class of integer lattices. What does this result mean? Will it imply the insecurity of lattice cryptography? Is it as important as quan ...

The key size for AES is chosen as 256 because that's considered the minimum keysize which can protect against a brute force attack - i.e. $2^{256}$ tries.

However, in practice, for a lot of applications, a user chosen password is used to derive the 256 size key using a KDF. Let's say the application mandates a 8 character password - that's a 64 bit password - so the brute force reduces to $2^{64}$

I've played around with John The Ripper before and it was able to successfully crack some personal passwords via brute force. However, in those scenarios the "unknown variable" was a password - and the known variable was the encryption method.

In the current scenario, things are a bit different. Now I have a scenario where the 2 input keys are known - and an external tool exists that can convert  ...

I have just checked a few FPE schemes like "Swap-or-not", "Mix-and-cut" which are provably secure. What techniques do the provably secure FPE scheme provably secure?

The FPE schemes used in practice use Feistel Network like FF1 and FF3. What makes provable secure FPEs work slower so that they are not used in practice?