Latest Crypto related questions

Can I generate from a randomly generated key let say three other keys via HKDF with predefined IVs, eg. Sha-256 of "apple", "banana", "pear"?

My use-case is an app that at the beginning generates one key from which is created every other key using HKDF for each individual DB and the IV for each generation is an SHA-256 of the DB's name. So every app has a different master key but the IVs for DBs  ...

In "How To Simulate It" (page 45, line 10), Lindell noted that, in the $f_{\textsf{zk}}$-hybrid model (where $f_{\textsf{zk}}$ denotes the ideal zero-knowledge functionality) in the stand-alone model,

if the adversary controls the party running the prover, then it directly sends the input and witness pair $(x, w)$ to $f_{\textsf{zk}}$. This means that a simulator who internally runs the adversary wi ...

We are currently designing a simple Challenge-Response Authentication Mechanism (CRAM) protocol based on symmetric cryptography that would be used on the constrained embedded devices that would operate in a closed short-range network.

Mutual authentication is desired. The security capabilities offered by the devices are for now unknown. Hence, we are focusing primarily on only using the AES proto ...

I understand that the password-based authorization check procedure requires that you enter a password that is correct, that is, does not allow even a single bit difference.

Suddenly I have this thought.

[System A] For password-based authorization system A, let's assume that the password is 256bit.

And it always asks for the correct password for permission verification.

The probability of successful autho ...

Imagine that one needs to periodically encrypt very short messages (i.e., a boolean Yes/No, a single byte, or 3-4 bytes in the worst case). We assume that there is no session, and we just need to encrypt under a receiver's public key (i.e., posting an encrypted byte to the blockchain).

I'm aware of ElGamal, Cramer-Shoup, RSA, ECIES encryption etc. and I'm looking for the algorithm with the shorte ...

Forgive me for this question. I have an idea to encrypt *.bmp bitmap files using ChaCha20/Salsa20 without Poly1305.

This is just a simple program, where I can encrypt *.bmp bitmap images, with the resulting CipherText in the form of *.bmp files that can still be opened and display random pixels that have been encrypted. The image illustration is below:

1. Is this this possible?
2. If so, does Ciphertext  ...

6 months ago i created a bot that basically stored every users data in json format in different text files and i had a fernet key. I basically didn't touched it for like 2 months now, because it's a bot for students. So here is the thing, school starts is 15 days, i have 106 accounts which are encrypted using a single fernet key and i can't decode any files because it says that it's corrupted. What can  ...

Considering the English alphabets to be encrypted why is the computation of mod 26 necessary after adding the pad to plain text. Is it just that it adds to another level of encryption or is it used so that two letters may end up with the same symbol in the cypher? 3 mod 26 is 3 and 29 mod 26 is 3.

I was playing around with stream ciphers an found this Wikipedia ChaCha20 page (the ChaCha variant). What I'm lost with is how to test this code. There are no testvectors anywhere on that page and I cannot find any. I wrote the following C code:

#define ROTL(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
#define QR(a, b, c, d) (            \
    a += b,  d ^= a,  d = ROTL(d,16),   \
    c += d,  b ...

I am trying to code SHA256 from scratch to understand its implementation based on the wiki pseudo code as its clear enough. But I am running into problems with the calculation of W[i] for the first block. I am sure I am missing the logic somewhere. Given a data string of size 80 Bytes (in Hex): "02000000aaf8ab82362344f49083ee4edef795362cf135293564c4070000000000000000c009bb6222e9bc4cdb8f26b2e8a2f8d16350969 ...

If a time-based key generated by an authenticator app like Google Authenticator is compromised, can future keys be deduced from the compromised key?

I'm studying lattice attack using this sage script. There are 2 options in script: LSB and MSB. The most interesting option for me is MSB. It recovers private key with less then 100 signatures provided with script. When I run it with my PQG generated by openssl and my own signatures with zeroed 8-bit MSB I was able to recover private key with 800 signatures in one case and unable to recover even wi ...

I would like to know what cryptographic primitives could be used for Alice to prove to Bob that she actually executed a program. The goal is to make a Proof-of-useful work, where Alice proves she verified a transaction, but where this proof is tied to Alice's public key. Creating the proof needs to be only possible by executing the program. Verifying the proof should be much faster using the public key  ...

The texts below are from some tutorial, and it says (in bold format below) a qubit can be both 0 and 1 at the same time. It sounds very strange to me, can you please explain why?

Quantum cryptography utilises the physics of photons (light energy according to the formula E = hf) and their physical quantum properties to produce a virtually unbreakable encryption system. This helps protect the security of  ...

I have a python script that does the ECC point addition (code paste below), it simply performs the P =Q1+Q2 on Jacob coordination. However, when doing some regression tests, I found that if I exchange the P1 and P2 positions, I will get different results, one of which is correct. Below is an example that simply using secp256k1 G point as one point, and 2*G as the 2nd point to run the test.

My que ...