Latest Crypto related questions

I want to use the same seed phrase for severl cryptocoins (Bticoin, Ethereum, Nano, etc.). I understand that each protocol has its own phrase length and possibly a different way of generating the private/public keys from the phrase.

I also understand that if one wallet is comporomised, and the phrase is stolen, it can be used to access funds on any protocol.

But besides that, from a mathematical/cry ...

I am going through Lenstra's Elliptic Curve Factorisation from Silverman's Mathematical Cryptography book.

I have understood the algorithm itself, but unable to understand a specific point the book makes.

We are trying to factor 187.

We use $E: Y^2 = X^3 + 3X + 7 \bmod 187$ with $P = (38, 112)$

When we try to calculate $5P$, we have to calculate the inverse of 11 in 187, which we are unable to sin ...

What's the functional and security model for SEAL?

From this I get that it

allows additions and multiplications to be performed on encrypted integers or real.

But what are the limitation, like range, precision, on inputs and outputs? What operations can be performed? Is there some limitation beyond range/precision?

What is the security model an application designer using SEAL as a black box should assum ...

homomorphicencryption standards already provide recommended parameters and their corresponding security levels. However, I would like to calculate a security level for nonstandard parameter selection.

Is there an simple way to calculate the security level?

Secure Sampling of Public Parameters for Succinct Zero Knowledge Proofs states:

We design, build, and evaluate a multi-party protocol for securely sampling encodings of random evaluations of certain circuits. The resulting system enables us, in particular, to sample the public parameters for a class of preprocessing zk-SNARKs that includes [21], [25], [31]; we integrated our system with libsnark [ ...

I'm trying to write a function in dart that can can decrypt a file inside a zip that is encrypted using the WinZip AES-256 standard. Documentation I have found here: https://www.winzip.com/en/support/aes-encryption/. Using 7-Zip I was able to create an example file according to the standard. I'm able to extract the encryption key and the cipher text according to the spec:

encryptionKey: 9f2df21ad65ff7f ...

In my application I want to use Rabin crypto system with short keys (like 128 bits) and MD5 for hashing. I found that schema like PKCS1-V1_5 or PPS does not allow you to have such small keys and result signature is like 64 bytes for 512 bit key.

I need to sign small amount of data like 30-50 bytes and having 64 bytes signature is noticeable overhead. I tried BLS (48 bytes for signature) but it is ...

I have been playing around with Hastad's broadcast attack on RSA with linear padding. Using the implementation and the test function from here: https://github.com/0n5/CTF-Crypto/blob/master/RSA/hastads.sage

The test function and the attack work perfectly well with e=3,5,7. However, with e>=11 the attack does not find a solution. I tried playing around with the values of eps and modifying the at ...

I'm looking at https://link.springer.com/content/pdf/10.1007%2F11496137_31.pdf and it seems like in the protocol they propose if Alice can guess Bob's number, she can pretty easily verify that guess. (Section 3: Our Protocols)

Bob isn't performing any private operation besides generating the random encryptions to fill out the items he's sending back to her. So Alice could do the exact same thing  ...

As a start, I'm by any means no expert or anything near that in cryptography. I know the very basic about this, enough to more or less choose a method to implement and then read about it so I knew what I was implementing. So please excuse any supposedly dumb questions haha.

Having that in mind, I've created a AES-256/CBC/PKCS#7 + HMAC-SHA512 encryption/decryption class in an Android assistant app ...

I was looking inside the basics of ecc and found the examples from Internet either uses continuous domain curve or use a very small prime number p like 17 in a discrete domain to show the points.

I am really curious that if I can find a point with a really big p in practice. For example, secp256k1 is using a really big p=2^256−2^32−977 in domain (p,a,b,G,n,h).

Below is the python code I use to de ...

Why consider a random $r$ in building a hardcore predicate in Goldreich Levin theorem? Why not consider just the XOR of all bits of the input?

I use the Bouncy Castle Crypto API to implement McEliece in Java. I have also managed to encrypt and decrypt a message and it works without any problems.

When I use the debugger, I see that the program uses n = 2048, k = 1498, t = 50 as default parameters. Is it possible to change these parameters?

The first step I do is:

McElieceCipher cipher = new McElieceCipher();
McElieceKeyPairGenerator generator =  ...

This is clear to me that message authentication is provided by a signature scheme. Can we use an Identity-based signature for identity authentication?

Assume we have an $n \times n$ MDS matrix, whose entries are among $m \times m$ binary matrices. Can we see this matrix as a $n \times n$ matrix with entries from $GF(2^m)$? How can we replace this matrix with AES's MixColumn matrix? Also is it the other way around possible?