Latest Crypto related questions

Score: 0
Rabindra Moirangthem avatar
Confusing notation in signature scheme
in flag

In the paper Efficient and Secure Pairing-Free Certificateless Aggregate Signature Scheme for Healthcare Wireless Medical Sensor Networks, on the signature generation part (Page 5), there is an equation $Y_{2i} = [(y_2x_i + h_{2i}d_i)modq]P_{Pub} = (u_i, v_i)$. How is a group element assigned to two integers? $u_i$ is used as an integer in the following steps while $v_i$ is never used again.

Score: 2
3ric-T avatar
Wrap-unwrap of private key using EC master key
sv flag

I want to wrap a private key out of a HSM, using an external EC key pair (master key) and then verify that I can recover it.
The wrapping occurs as follows:

  1. Generate a secret AES key in the HSM, using the public part of the EC master key, the private part of the internal key pair and the derivation mechanism CKM_ECDH1_DERIVE. The derivation parameters for this mechanism are: derivation function CKD ...
Score: 1
Nacho Libre avatar
Why does Shamir secret sharing appear to need ordered shares?
mx flag

The implementation of Shamir secret sharing in this code, only generates the original image if the shares are provided in consecutive order (ex: [2,3,4]) and won't work in any other share order (ex: [2,4,6] or [4,1,3]). However, Shamir secret reconstruction does not require the shares to be in any order, then why does this fail?

import numpy as np
from scipy.interpolate import lagrange as lag
impor ...
Score: 2
VitoCorleone avatar
Padding Oracle Attack - Decrypting First Block with Static IV
sx flag

I'm trying to understand the exploitability of the padding oracle attack, which enables someone to decrypt and encrypt the contents without knowing the encryption key.

Can encrypted data with the first block, be decrypted by the app that relies on a static IV without knowing the IV?

I want to understand the padding oracle attack's exploitability, especially to decrypt the first block of data using st ...

Score: 2
Cristian Baeza avatar
Hiding sum of vectors. Hardness based on CVP
es flag

This is the problem

Let $\mathcal{L}$ be a lattice and $v_1,v_2,\ldots,v_n\notin\mathcal{L}$. Given the values $a_1,\ldots,a_n$ such that

$$a_1=\lfloor v_1\rceil+v_2+\ldots+v_n$$ $$a_2=v_1+\lfloor v_2\rceil+\ldots+v_n$$ $$\vdots$$ $$a_n=v_1+v_2+\ldots+\lfloor v_n\rceil$$

where $\lfloor\cdot\rceil$ means projection to $\mathcal{L}$. Retreive $\Sigma:=\sum_{i=1}^{n}v_i$.

Paraphrasing, say Alice lets Bob kno ...

Score: 2
John Shelburne avatar
Does anyone know of how I would authenticate the data my algorithm generates?
np flag

I have a pytorch model that generates bond trade pairs that have a high probability of reverting to the mean in a 30 day time period.

I want to sell the signals, but I do not want them to be redistributed. Is there a way to encrypt my data signals, if I put them on a marketplace like Amazon Data Exchange or Snowflake?

Score: 2
Bus avatar
Is hashing salt possible even with the password with salt appended to the end?
sa flag
Bus

Should you hash the salt on its own ? Is that possible?

for example being password with salt appended at the end hash(pass || salt) and hash(salt) in a password file?

Score: 1
Cisco Saeed avatar
Scalar Multiplication using NAF method
pl flag

I am learning about Elliptic curve scalar multiplications and I am on NAF, and I am trying to figure out the concept.

What I understand is if I have K=27 with using NAF the binary looks like this 100-10-1 then the scalar multiplication process like this: 2(2(2(2(2P))-P))-P which is 5DBL and 2ADD.

My questions is if want to scalar K=27 it means the steps like this:

1- 2P (0 bit)

2- 4P (0 bit)

3- 8 ...

Score: 2
snsdgm avatar
Safety of reusing same seed to derive secp256k1 keys and AES-256-GCM
cg flag

The use case here is to deterministically generate a multi-use wallet from a single 12-word BIP39 mnemonic. Currently a standard process for deriving secp256k1 keypairs is implemented, e.g., using a derivation path like m/44'/60'/0'/0/x for an arbitrary x (0, 1...) to derive keypairs, which include a 32 byte/256 bit private key. The use case came up where it would be convenient to also deterministi ...

Score: 3
EC group order primality test
jp flag

(Sorry for a newbie question) In ECC the intent is to create a group of a prime order (or prime multiplied by a relatively small cofactor).

I know there's an algorithm for ECC to count the number of elements. My question is: how is it known that the group order is indeed prime? AFAIK there're no known deterministic algorithms to test the primality of a number in polynomial time.

There're examples of ...

Score: 2
Garret Wilson avatar
theoretical hash collisions vs random number collisions
nf flag

I have a theoretical question about the probability of collisions of hashes versus random numbers. I'm not interested in the exact probabilities. The exact hash function is not relevant (we can assume it is perfectly uniform, cryptographically strong, etc.). The implementation of the random number generator is also not relevant (we can assume it is a perfectly random generator).

  1. If I have some poo ...

Score: 27
swannty avatar
Can an AI really generate random numbers?
ru flag

I asked an AI the following question:

Can you provide me with random numbers of 30 digits in length?

And then the AI has generated these numbers for me.

563958422461839604397274590248
743298571529845197630149526734
962345019834590239458293827563
841259630492576302945836184025
129458392650293745092837563945
938475029835820943759284396284
284657492870476502834795836192
937453090283964506295830295830 ...
Score: 2
Joe avatar
Two way key transport?
kp flag
Joe

For a KEM mechanism like RSA, Kyber, etc. is there it usually worth doing key trapping/key encapsulation both directions in a key exchange? By this I mean: Alice wraps a symmetric key and sends it to Bob. Bob wraps a different symmetric key and sends it to Alice. They both then run the concatenation of these two keys in a KDF to produce their shared key.

What are the pros and cons of such an mech ...

Score: 4
TrinityTonic avatar
TPM - Ecc based encryption / decryption using the public key
in flag

Our device comes with a device certificate which was signed with our private registration authority (CA). The private key (type ECC) was generated on the device itself - to be more specific directly on the on-board TPM. The public key is included inside the device certificate.

Now we have a use-case where we want to encrypt some sensitive file to be used on the device and wondered how we could do ...

Score: 1
crypto12 avatar
A ctf practice question
jm flag

Ciphertext : UCOWgokwyaqgkqguowgykkg

Alice said Adobe was attacked this year, find the sum of digits of that year. (Alice - a) Bob said i would want to know the month as well, i'm curious. (Bob - b)

Hint : Modular arithmetics, monoalphabetic substituions. can anyone give any hints on which substitution this is ..I am thinking it to be affine but it is not working

my try : i searched that adobe was atta ...

Score: 5
shy-student avatar
Method to break a baby Elliptic Curve analog to secp256k1
hr flag

What would be the method of choice to compute the private key from the public key on a baby analog of secp256k1, say with $p$ and $n$ 144-bit?

What would be the pros and cons of Pollard's rho and Pollard's kangaroo ?

How can the special properties of a Koblitz curve be put to use?

Score: 3
PanosDgs avatar
Text to Divisor Class Encoding in Hyperelliptic Curve Cryptography
cc flag

When trying to implement ElGamal Public Key Encryption using Hyperelliptic Curves, one needs to map the message that will be encrypted to a valid Divisor (in my case in the Mumford representation, which is the most common).

I have not found any specific methods similar to Koblitz encodings in ECC. Are there any methods out there that can be presented in a more algorithmic way so that they can be  ...

Score: 2
Pi-Turn avatar
Back2back addition with Jacobian Coordinate
ng flag

I implemented below algorithm in hardware and it works fine with first point addition.

enter image description here

However, when I continue to perform back-to-back addition, I got the wrong result. The part that I'm not sure here is,

  1. The original calculated X3 and Y3 are still in Jacobian coordinate and I do not want to convert them back to affine coordinate due to expensive cost for doing multiplicative inverse for Z-1.

     ...
Score: 2
Joseph Johnston avatar
Why not compose bilinear maps for higher arity maps?
gb flag

I understand the only multilinear maps used in cryptography are bilinear maps, and higher arity multilinear maps are not "known." Why does the composition of bilinear maps not yield usable higher-arity maps? I thought the primary feature of multilinear maps in cryptography is simply their multilinearity along with non-degeneracy and efficient computability, so despite restricting to a very small class of ...

Score: 3
Lachlan avatar
Is there a standard I can test a ECDH against?
wf flag

I have a program in Python to do the ECDH with the NIST P-256 curve. The program is seemingly working, ie I get the same private key pair at the end. But I want to make sure it's not a coincidence in my code, and that my double-and-add algorithm is working correctly.

TLDR: Is there a strong curve that gives all the details like the NIST P-256 curve and also a tested 2 integers that give a specific p ...

Score: 0
Wael Sadek avatar
Why sbverify needs a certificate to verify digital signatures?
pm flag

sbverify needs a certificate to verify digital signatures. I wonder why it's needed, since the signer certificate is already included in the digital signature itself ?

Score: 2
Lachlan avatar
Implementing Elliptic curve point addition and multiplication in Python
wf flag

I am learning Elliptic Curve cryptography, I have been working on an example from a book: example of problem with a=2,b=2, P=(5,1) and finding 2P

I don't fully understand the line where the slope is calculated, specifically how 2^(-1) * 9= 13 mod 17? I saw a post here that says to get the inverse with the Extended Euclidean algorithm.

I just don't see what 2^(-1) is the inverse for. What I understand from the EEA is that for gcd(n, a) = (sn + ta) = 1 mod  ...

Score: 2
IlIIIlllIIllIIl avatar
How to recover generator G of edwards curve
bd flag

If we know the value of G*n, the value of n, and the value of p in Zp, is there a way to find out G?

I tried the code below on sage but the value was different from the original G.

# we know nG = (x, y)
Gx = inverse_mod(n, p)*nG[0] % p
Gy = inverse_mod(n, p)*nG[1] % p
G = (Gx, Gy)
Score: 2
p_1092131280 avatar
Double Ratchet Algorithm: Active Man in the Middle Attack without Root-Key or Ratchet-Key
tl flag

I am currently studying the Double Ratchet Algorithm from Signal (link to the documentation). I stepped over a security issue which I was not able to find that it was mentioned anywhere.

I assume that an attacker is able to delay messages at the public channel. Let's say Alice and Bob are having a conversation via double-ratchet encrypted messages.

At double ratchet, if an attacker has compromised a me ...

Score: 2
xiao avatar
When can the types of data be distinguished during the addition of encrypted data to a deterministic encrypted data set with equal proportions?
nz flag

This question is about adding new data with different proportions to a dataset with equal proportions for each type of data, and determining at what point the added data can be distinguished.

For example, in a hospital with doctors, nurses, cleaners, and security personnel, with proportions of [0.5, 0.2, 0.2, 0.1], there is a table of 1000 encrypted doctors, 1000 encrypted nurses, 1000 encrypted  ...

Score: 1
Wesley Jones avatar
DH Finding A Public Key from Public key and shared secret
is flag

Is there a known feasible method for determining an unknown public key from a Diffie Helman shared secret and the other public/private key pair?

This would be rarely useful, but I am curious if the DH operation is 'invertible' given the derived secret and private/public key of one party.

So if the shared secret (which is known to the attacker) was directly used to encrypt data, and the local key pai ...

Score: 2
thant zin tun avatar
Which channel protocol should I use to broadcast the message between parties?
bm flag

I am building the Threshold Signature Scheme (TSS) based wallet. I would like to run the each party's node separately with different host. And these nodes should be able to send the messages through the secured and authenticated channel to the other partie's nodes. So what channel protocol is prefered to used. Can i use the rabbitMQ?

Score: 2
Flan1335 avatar
Grover's algorithm explained for children?
tc flag

Can you explain the mathematical details of Grover's algorithm for children?

Score: 2
Amit Mishra avatar
How to hash a JWT signature using Public & private key (Have both key in JSON format & X.509 PEM Format), using ES256 algo for JWT
lb flag

I want to hash my signature of JWT using public & private key, since we are using ES-256 algorithm in JWT. But the problem is that I have both the keys in JSON & .PEM format, so how can I do it in one openssl command? below is the shell script code which I am using to hash the signature:

SIGNATURE=$(echo -n "$DATA" | openssl dgst -binary -sha256 -hmac "$SECRET"| openssl base64 -e -A | sed 's/=// ...

Score: 3
IlIIIlllIIllIIl avatar
How to recover $p$ from edwards curve?
bd flag

The shape of the edwards curve is equal to $a x^2 + b y^2 = d x^2 y^2 + 1$ in $\mathbb{Z}_p$. Is there a way to know $p$ when we know the five points on the edwards curve without knowing $a, b, d, p,$ and generator $G$?

I tried to find p by using the five points given to me by concatenating the relationship $a x^2 + b y^2 - d x^2 y^2 - 1 ≡ 0 (mod \ p)$, but the expression became too complica ...

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.