Latest Crypto related questions

Suppose I have a program $P$. I would like to obtain an encryption function $e$, a decryption function $d$, and a program $Q$ such that $P(x) = d(Q(e(x)))$ for all inputs $x$. Ideally, the encryption would be asymmetric ($d$ cannot be obtained from $e$).

This would allow making a decentralized computing platform similar to Ethereum, but where contracts can store private data, only accessible by tho ...

hi guys, is there a pseudonym in the certificate ? , I read papers that use the certificate authority, and between the components of the certificate, there is a pseudonym.

I'm implementing "Enveloped Merkle-Damgård" and I would like to verify I undestood notation in papers describing it.

Is there any hash function using "Enveloped Merkle-Damgård" so I can look at implementation in code?

I was trying to use Diffie Hellman to first agree on a key and then use that key to symmetrically share a secret. The python3 code using cryptography library look like

#Generate some parameters. These can be reused.
parameters = dh.generate_parameters(generator=2, key_size=2048)
# Generate a private key for use in the exchange.
server_key = parameters.generate_private_key()
n=1
client_key=[paramete ...

I am working on system which can calculate average salary for different positions in large companies I want to use pailler schema to do such calculation.

I have 3 fields which I want to encrypt: companyName, jobTitle, seniority and salary

Let’s say I have 3 different companies which want to calculate average salary on different positions but they don’t want to share data between them. We have su ...

I know I'm not supposed to roll my own crypto, but everyone starts somewhere! I'm implementing the PSI-CA protocol defined in Fast and Private Computation of Cardinality of Set Intersection and Union (Figure 1, Page 5), and I have it (more-or-less) working. My biggest issue is that I only have it working for int64_t types, and nothing else. Ultimately I'd like to compare strings or even arbitrary  ...

Can I use a certificate authority with Elgamal encryption? Is this type of keys in CA?

Public certificate authorities seem to always include the basic constraints extension. Why is this a best practice? What is the risk for a PKI to issuing end-entity certificates that don't have ‘certificate signing’ in the key usage list but lack the basic constraints extension?

I have read parts of https://www.ietf.org/rfc/rfc5280.txt. From what I understand, CA certificates must have the keyCertSi ...

I am reading about the logjam attack. I was asked if the attack could be prevented by checking the integrity of the Server Hello message.

My answer would be no because the man-in-the-middle can still not send the original Server Hello message and send its own.

From my research, it seems like the client only gets hold of the server's public key during the Server Hello message which includes the server's ...

I guess this is more of a math problem in a cryptography context so I apologize beforehand if it is not the right place to ask. Basically I have to check whether a certain implementation of RSA key-pair generation adheres to FIPS 186-4. More specifically, Appendix B-3-1. FIPS 186-4 necessitates that $d$ (the private exponent) be created like so:

$d = (e^{-1})\bmod(\text{LCM}(p-1, \space q-1))$

The ...

What are the drawbacks of an encryption scheme being a deniable encryption scheme? Is there a generalized approach to convert an encryption scheme $\pi$ to $\pi'$ which will be a deniable encryption scheme?

Suppose we have some Merkle–Damgård hash function. Assuming compression function supports it and is equally secure with more rounds.

Would changing number of rounds (for example doubling them) for last block cipher compression prevent length extension attack?

I have two ciphertexts (I do not know which encryption algorithm was used to create them) which both starts with the same 3-characters long word. This led me to believe that the same key was used for both of them and that I could exploit that to decipher it.

I thought that one-time pad was used there, so I tried to XOR them together to get the XORed plaintexts, but I cannot decipher it so I think ...

Let $t$ be a threshold in the Shamir secret sharing (SSS) scheme.

Assume we know $t'<t$ shares. Assume we are given some random values picked uniformly from the same field as the one used in SSS.

Question: can we distinguish the random values from the shares with a non-negligible probability?

I have been studying the subject of theoretical cryptography and there has always been discussion regarding the sampling and distribution(while learning any schemes) in the class. The questions are like What is the distribution from which the input will be sampled from? Also, I get confused in the question like how will the samples be generated?

I just wanted to get a perfect understanding of sa ...