Latest Crypto related questions

For $A\in \mathbb{Z_q}^{n\times m}$, where $m \geq n$, consider the given two q-ary lattices \begin{align} \Lambda_q^{\bot}{(A)} & = \{\mathbf{x} \in \mathbb{Z}^m: A\mathbf{x} = \mathbf{0}\text{ mod }q\} \\ \Lambda_q{(A)} & = \{\mathbf{x} \in \mathbb{Z}^m: \mathbf{x} = A^T\mathbf{s} \text{ mod }q \text{ for some } \mathbf{s} \in \mathbb{Z}^n_q\}. \end{align}

Compute a basis for the above ...

I started with the question: Brainpool curves exist in a variant ending in ..r1 and ..t1. What does it mean?

But there are also "secp.." and "sect.." just like NIST's "..r1" and "k1".

What do all of those mean?

The Ajtai one way function is defined by

$$f_A(x)= Ax \; mod\; q $$ where the x $\in \{0,1\}^m$ and A $\in \mathbb{Z_q}^{n \times m}$. $f_A(x)$ is one way function ( Ajtai 96)

While the Regev One way function(Regev 05) is defined over x $\in \mathbb{Z_q}^k$ and $e \in \mathscr{E}^m$ and A $\in \mathbb{Z_q}^{m \times k}$ .The one way function is defined as

$$g_A(x,e) =Ax +e \; mod\; q \; (LWE) $$

I have so far seen the proof by reduction technique to prove the security guarantee of cryptosystem where we consider breaking the cryptosystem as hard as solving a difficult mathematical problem. What are the other proof techniques used to prove the security of the Cryptosystem? It would be beneficial if the technique is briefly stated.

In lattice cryptography, people often work with q-ary lattices so that we can use the hardness of short integer solution (SIS) and learning with errors (LWE). I saw in some notes that sometimes we want $q$ to be prime or a prime power. However there wasn't any explanation to why that is the case. So I have a couple of questions about the choice of $q$:

1. Is there any issues with taking q to be any po ...

I have been recently studying the Schnorr identification scheme. The book Cryptography: Theory and Practice by Stinson and Paterson states the following about the domain parameters in the Schnorr identification scheme:

The scheme requires a trusted authority, or TA, who chooses some common system parameters (domain parameters) for the scheme, as follows:

1. $p$ is a large prime (i.e., $p\approx 2^{ ...

I have been looking at the Cryptography: Theory and Practice book by Stinson and Paterson and when I came to the Schnorr identification scheme, I read the sentence that goes something like this:

Observe that $v$ can be computed as $(\alpha ^a)^{-1} \bmod p$, or (more efficiently) as $\alpha ^{q-a}\bmod p$.

In this context $\alpha$ is an element having prime order $q$ in the group $\mathbb{Z}_p^*$

Poly1305 uses $r, r^2, r^3$ and $r^4$. I understand this if $r$ is a generator of the finite field. But since $r$ can be any random non-zero number, won't its exponents be non-uniform distributed? That is, even if $r$ is chosen with uniform random over the field, $r^4$ is not uniform over the field. Why isn't this a weakness?

Note that Bernstein's papers* use similar schemes for any finite field, u ...

In his design of Salsa20, Bernstein writes to ensure non-linearity he chose

32-bit addition (breaking linearity over $Z/2$), 32-bit xor (breaking linearity over $Z/2^32), and constant-distance 32-bit rotation (diffusing changes from high bits to low bits).

Can you help me understand this? A linear function is one such that $f(ax+by) = af(x) + bf(y)$. It sounds like whether addition and xor are linea ...

For example, for a randomly generated password of 28 lowercase letters, which is about 128 bits of entropy, how would adding a space after every four characters affect it?

ijaxjnddkcswzovcrpbnqqiwaqyb
ijax jndd kcsw zovc rpbn qqiw aqyb

What is a slide attack? I am not able to comprehend how they are used for attacks on FPE schemes like FF3.

Which asymmetric algorithm will be best only for key exchange to set up communication using symmetric cryptographic algorithm. Comparison should be in term of speed, key length and their hardware implementation on FPGA?

While reading through the sections about decryption in PKCS#1 v2.2, I noticed that the decryption algorithms are required to output the failure symbol: decryption error when the RSA maths subroutine reports ciphertext representative out of range.

While notes on security consideration says padding removal should be a "poker-face" process, it didn't say anything about ciphertext being out of the decipherabl ...

The ECDSA standard mandates that during verification we check that an intermediate calculation does not lead to the point-at-infinity (see Step 5. in this summary on Wikipedia ). But why do we check for this? That is, how do you as an attacker actually trigger this event without knowledge of the private key?

In the above I assume that all the other checks of ECDSA are in place ($r,s \in [1,n-1]$, pu ...

Given a ciphertext, after performing a frequency analysis on it, how would you identify it as a hill cipher? What should i expect to see in the statistics?