Latest Crypto related questions

starting from the fact that there are different attacks on RSA, based on the starting situation, for example there are different studies, on attacks that find the private key having the freedom of an original arbitration text. But I was wondering this, in this situation: you have several plaintext texts and their encryption, you also have the public key (because you use RSA to authenticate) is it possib ...

In some block modes, if we change one bit (or more) in the plaintext, the whole block\ciphertext will be changed (i.e ecb: block will be different. cbc: whole ciphertext will be different) Does encryption in OFB mode will defuse the text? if we will change one bit in the plaintext, more than one bit will be changed in the ciphertext ?

I am acquiring binary data from a sensor and storing it in a file. As each byte of data is read from the sensor, it goes into a SHA256 hash. The length of the acquired data stream varies from one session to another. It is possible that an individual sample having a binary value of 10000000 could be encountered in the input stream prior to the end of the session's stream. How does the SHA256 hash algorit ...

Let's say that a random key is derived using the following function (PBKDF2).

key = fn(password, salt, iterations)

Q1: How can I reverse engineer the salt from the password, iterations, and the key?

Q2: If the same salt is used for generating the key, how can I reverse engineer the salt from the password, iterations, and the key?

It is known that it is possible to apply the Chinese remainder theorem and attack RSA under precise conditions.

https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf

But the question is, can the Chinese remainder theorem in ECDSA be applied to the parameters in secp256k1?

In some applications like QR-codes, saving 25 bytes out of 100 makes a difference in usability.

What choice is there for a signature scheme with (most important criteria first)

1. As small as possible signature size (for a signature with appendix) or as small as possible added size (measured at 40-byte arbitrary message for a signature scheme with message recovery, but I'd prefer avoiding these), at co ...

Does "Enveloped Merkle-Damgård" require last compression to be done in one compression function call?

Since I have compression function with same size of input/output, I would have to make two compressions in last "enveloping" step. Does this invalidate their proofs?

Assume that we have a pairing as $e:G_1\times G_2\rightarrow G_T$. such that $g_1$ and $g_2$ are the generator of $G_1$ and $G_2$ respectively. In a protocol I have $A=\prod_{i=1}^n e(H(i),pk_i)$ where $H(i)\in G_1$ and its discrete-logarithm is unknown (since it is a random oracle) and $pk_i\in G_2$. I can design another protocol such that I can compute my target value $A$ in another way i.e., $A=e( ...

I have learned about the kerberos protocol and seen that the windows version uses a couple of authenticated encryption schemas (like rc4-hmac-md5).

What type of authenticated encryption is it? Is it a:

1. Encrypt-then-MAC

2. Encrypt-and-MAC

3. MAC-then-Encrypt

Thank you

For a CPA-secure encryption scheme, suppose that there is an adversary who can find that the two ciphertexts are encrypted from the same plaintext.

Is this encryption scheme still CPA secure?

Or, CPA security only models whether the adversary can find out what plaintext is encrypted, regardless of the above situation

In the Paillier cryptosystem the encryption of $m \in \mathbb{Z}_N$ with randomness $r \in \mathbb{Z}_n^*$ is $c = g^m r^n \bmod{n^2}$.

My question is, what if short (E.g. 512bits) $r$ is used? Similar question exists for Elgamal encryption.

There are lots of topics related to ElGamal and Paillier, but I searched and did not find any topics regarding this.

I am new to cryptography and I am trying to code the RC6 (Rivest cipher 6) algorithm. The algorithm requires addition, subtraction and multiplication in modulo 2³². If I am performing these operations between two 32-bit blocks how would this work?

Any help would be appreciated because I can't seem to find any detailed explanation on this which would help me write code on how to execute these operations. ...

Bonjour à tous, Je dispose d'un vecteur contenant 15 nombre réel chiffrés avec les schéma de chiffrement homomorphe CKKS. Mon problème est que je souhaite trier ce vecteur par ordre croissant. Je ne sais pas comment m'y prendre. Votre aide me sera la bienvenue. Merci

Hello everyone, I have a vector containing 15 real numbers encrypted with the CKKS homomorphic encryption scheme. My problem is that ...

If I define that $$m\oplus k :=(m+k) \mod 26$$ where A is 0 and Z is 25. How do I efficiently/properly decrypt if I was given two-time pad ciphered texts? I know that $m_1\oplus m_2 = c_1\oplus c_2$. Need to go efficiently to attack to get the two original texts from here.

I never worked with cryptography but I wanted to add an easter egg on the design I'm making for a t-shirt. I need it to have a key that will be embroided on the front design wich is:

15122017

that can be used to decrypt the text that is in the back (still have to think what to put). I tried testing the encryption on Cryptii.com with the rc4 encryption and it worked well both ways but when I tried decod ...