Latest Crypto related questions

A standard theorem is that boolean circuit satisfiability is NP-complete (shown in CLRS, for example).

I am interested in what these statements formally mean. From CLRS, I can cite that

$$\text{CIRCUIT-SAT} = \{C \mid \text{$C$ is a satisfiable boolean combinational circuit}\}$$

In Bitansky et al., boolean circuit satisfiability is used to capture the statement to be proved. However, this is not CIRC ...

We have a primary-order EC group. Need to perform a (sort-of) DH protocol, whereas the key is permanent, not a nonce (single-usage ephemeral key).

So we receive an arbitrary group element (EC point) from an untrusted party, and reveal it multiplied by the secret key.

Is it always safe to do that? I mean, can the attacker craft the EC point in some manner to extract some info about the key? We ensure ...

I am currently working on an ISIS based signature scheme cryptosystem. I am trying to evaluate the bit-security of my construction. To do so, I try to calculate the number of operations needed in BKZ reduction.

I think I was able to find the right formula to calculate the total time complexity of BKZ. However, how do I get the bit-security from this result? This might be a silly question, but I a ...

I'm investigating hardware cryptocurrency wallets and am trying to understand how recovery works from a technical point of view. These wallets typically provide a 24-word "recovery seed" from which the wallet can be recovered. What I'd like to understand is how the private keys for various cryptocurrencies can be recovered from this one seed, especially considering the the private keys are generated sub ...

I'm working on a little hobby project to better understand crypto.

https://app.gitbook.com/@noojee/s/dvault/

The aim is to make it easy to encrypt a set of files into a 'vault' and decrypt them at a later date.

The cli tool will work as follows

#generate rsa key pair
dvault init -p passphrase

#create an encrypted vault that contains <path to file>
dvault lock <path to file>

# decrypt t ...

Here:

https://en.wikipedia.org/wiki/Linear-feedback_shift_register

they wrote:

The linear feedback shift register has a strong relationship to linear congruential generators

What this relationship is all about? Are they mathematically equivalent in some way? In two cases, we can reach the maximum period. Maybe there are LCGs that generate the same numbers as the LFSRs? As far as I know, the LFSRs also ...

I am looking at an answer to a previous question and I would like more detail about how the answer was arrived at but I am not allowed to comment as I am a new user with low points.

I am therefore asking a new question based on an answer to a previous question. An answer was given but the details were not shown as to how the answer was derived. I have looked on line at methods of manipulating lin ...

We know that a short message encrypted with RSA can easily be brute forced.

Lets say Bob encrypts a message containing just "Hi" and encrypts it with Alice's public key. Anyone can try encrypting all possible combinations of very short messages using Alice's public key until they get a match.

What i am wondering is can the identity of a very short message be somehow forged?

Lets say Bob encrypts many o ...

I am curious about Padding the seeds of Random Number Generator.
(I am sure that terminology, padding the seeds, is not correct. If someone knows the proper word, please let me know :) )

What is padding the seeds that I mentioned?

You know that Pseudo-Random Number generator need seed to do its job properly. For example, one of the most famous RNG, mt19937 need only one seed.

However, in KISS algor ...

I've been trying to search for toy examples of the round 3 digital signatures Rainbow, Falcon and Dilithium. Not a lot of actual implementation examples are out there. What I'm searching for are actual examples with numbers that explain how the two algorithms (Falcon and Dilithium) work (key generation, signign and verification), e.g. the parameter for Falcon could be n = 4 or n = 8

Would anyone know  ...

I was reading a question about symmetric keys here and found the answer quite interesting. It mentions:

Be sure to pass in the raw bytes, and not, e.g., a hex-encoded string

Can someone elaborate on why this is bad? and also in the context of password hashing, is converting a salt to hex before sending it though the HMAC bad, and if so, why?

I would like to know if there are any effective methods to choose a cryptographic algorithm from a pool of algorithms depending on a certain situation.

Let's say we know the performances of these algorithms when encrypting or signing messages of different sizes for example (there are too many metrics other than msg size) and we want the best algorithm to do the job. Are there any machine learning ...

The $n$-strong Diffie Hellman assumption state that given the subset $\{g, g^s,\cdots,g^{s^n}\} \subseteq \mathbb{G}$ in a cyclic group $\mathbb{G}$ of prime order $p$, a PPT algorithm cannot output $g^{\frac{1}{s+\alpha}}$ for any $\alpha \in \mathbb{F}_p$ except with negligible probability.

Does it somehow imply that no PPT algorithm can output an irreducible polynomial $f(X)\in \mathbb{F}_p[X]$

Having some trouble cracking this cipher (this is part of a homework assignment for a cryptology class) I've looked at letter frequencies but I'm not sure what else there is to help me.

Given the encrypted string, TNFOS FOZSW PZLOC GQAOZ WAGQR PJZPN ABCZP QDOGR AMTHA RAXTB AGZJO GMTHA RAVAP ZW, the word LIBERTY is encrypted somewhere in the ciphertext.

From that, I find A and Z line up almost perfectly  ...

I am quite new to cryptography low-level mathematic details, though had worked in the crypto area for 2.5 years before. So if I am wrong about any of below part, please correct me without a facepalm gesture ;)

There are already some discussion about this along with questions about what is a valid private key per say, but none of those answers is convincing. At least I don't agree with their argum ...