Latest Crypto related questions

According to spec, FOR GCM decrypt function input is IV, A, C, and T. As mentioned below:

5.2.2 Authenticated Decryption Function Given the selection of an approved block cipher, key, and an associated tag length, the inputs to the authenticated decryption function are values for IV, A, C, and T, as described in Sec. 5.2.1 above. The output is one of the following:

• the plaintext P that corresponds to th ...

I want to take advantage of the slow property of bcrypt to hash an input but also want to get the same hash value for the same input every time just like SHA, MD, etc.

So in order to do that, instead of using a static salt, which is less secure I believe, I am thinking to use the input as the salt as well? The output will be the hash value minus the front salt bit (obviously the input itself).

Basic ...

In speedrunning video games, one records a game being played and beaten in one continuous attempt. However, what can be done to cheat is to do multiple attempts, and splice together clips of the best segments to make one fast speedrun that wasn't done in a single continuous hop. This splicing isn't hard, as e.g. loading screens always look the same, so you can swap the video at those points witho ...

Reference : Tutorial by HM Heys

If we find a differential trail that holds with some non negligible probability for n-1 rounds for a n rounds SPN structure, then we can recover some of the bits of the last round subkey.

What happens when we only manage a differential trail that holds with non negligible probability for only few of the rounds R where R < n-1? How do we proceed in that case to make ...

I am defining multi-party computation using the real-ideal paradigm (see A Pragmatic Introduction to Secure Multi-Party Computation). That is, for any successful attack on an MPC protocol in the real world, there exists a simulator that carries out this attack successfully in the ideal world. It follows that security in the real world must be equivalent to security in the ideal world.

I am defining inter ...

If you have a look at a certificate encrypting google.com it advertises a 256-bit ECC key with ECDSA_P256 parameter. The signature algorithm is sha256RSA. I've been trying to achieve something similar by running the below set of commands, but since the -digest parameter I use is -sha256 the result is always sha256ECDSA signature algorithm. So the question is - how Google did that and is that achievable w ...

Moin moin,

Let‘s assume there are two keypairs (d1,e1) and (d2,e2), where d1 and d2 are unrelated private keys and e1 and e2 the corresponding public keys. Imagine Alice knowing neither d1 nor d2 and Bob only d1, not d2. Alice has a ciphertext c resulting from encrypting a message m with e1 using RSA. She cannot decrypt it because she doesn‘t know d1. Alice encrypts c again with e2 using an asymmetri ...

If someone found a scrambled BIP-39 24 word sequence how hard would it be to determine the correct sequence that yields someone's wallet.

Are there multiple different unique sequences of the same 24 words that will determine different bitcoin wallets?

How many?

Thanks

While implementing the Quadratic Sieve, the textbooks give a rough formula for what Smoothness bound you should use in your Factor Base.

To factor a number N using the Quadratic Sieve, we can use the following:

$L = e^{\sqrt {\ln(N)ln(ln(N))}}$, $B = L^{\frac {1}{\sqrt 2}}$

For the Index Calculus method for solving the Discrete Log problem in $\mathbb F_p$, is there a similar formula? Many of the texts  ...

This is a real world question (and as I'm not an expert in cryptography I have only some basic knowledge in terms of just using it, not a deep understanding how ist works under the hood.): A system for data collection from many embedded end-devices employs AES128 GCM/GMAC to protect messages in terms of confidentiality and authenticity: each message $M$ is encrypted $C = E(K, M)$ and protected with a  ...

Say, using something like Shamir's polynomial scheme, you split a secret $x$ among $n$ people (each given a "share" of the secret) such that you need all $n$ shares to recover the secret. How can one ensure that all $n$ participants will have access to the secret. E.g. with two people, Bob and Alice, Alice could tell Bob her share, and Bob could just take that and open the secret without disclosing  ...

Does there exist a source of randomness that anyone in the world can independently, conveniently and robustly access? For example, the 10th decimal place of the temperature in Mexico City is sufficiently random. But it's inconvenient for Bob to access independently, and it can't be measured robustly anyways.

The source of randomness must also be secure, in that no one party controls it (or access ...

Given a block of data, say

THE+ QU+ICK+ BR+OWN+ FO+X J+UMP+ED +OVE+R T+HE +LAZ+Y D+OG

Is there any method of encryption that will make the knowledge that the '+' character will always repeat every 4th character useless for cracking the key used to encrypt the data?

If there is, how does that encryption work, and why would a known signal not enable you to break the code?

Please assume that the use of '+'  ...

Let it be $p, q \in \mathbb{P}$ with $p,q \in [2^{b-1}, 2^b]$ for some $b \in \mathbb{N}$ and $p \cdot q = n \in \mathbb{N}$. What would be the distance between $p$ and $q$ (as a function of b) so that the factorization of $n$ is hardest or be considered difficult?

While reading tutorials on two-party computation I encountered two (at least formally) different definitions of security (with semi-honest adversaries). What I want to know is whether these definitions are actually different or can be shown to be equivalent. I suspect that they are different, but I might be missing something, considering that I have not read anywhere about different definitions.

 ...