Latest Crypto related questions

In the Quadratic Sieve algorithm, we first decide on a B & then look for B-smooth prime factors by sieving using a quadratic polynomial.

I can find a few formulas which help figure out how to decide on B.

To factor a number N, we can use the following:

$L = e^{\sqrt {\ln(N)ln(ln(N))}}$

$B = L^{\frac {1}{\sqrt 2}}$

This gives a rough estimate of what smooth numbers we should look for.

However, I am u ...

I read about an encryption cipher that needs the changing of the "main" key for the encryption of each plaintext. Sometimes this change depends on the plaintext and is done automatically.

Question: Is it practical to build a symmetric encryption cipher that needs the changing of the "main" key for each plaintext?

[Edit] Some ciphers take some aspects of the plaintext and include it into the key, tha ...

I try to explain the problem (maybe it's trivial): is there a way to do the following: sign a message with private key, send encrypted version of signature and an encrypted version of publickey to verifier in a manner that the verifier can verify the signature without decrypt publickey and signature? Thanx in advance for the answer.

Background

The following zero-knowledge (ZK) counterexample is described in Canetti's work [Security and Composition of Cryptographic Protocols: A Tutorial, page 26] to show that there exists some protocol that is secure in the stand-alone model but insecure in the UC model:

Assume there is such a "puzzle system" that both the prover and the verifier can efficiently generate puzzles, and

• The prover c ...

Could you please advise me if there are threat vectors from archive nodes such as front running attacks, sandwich attacks and nothing at stake attacks as they are quite powerful in terms of the infrastructure and information architecture. How do we prevent scenarios when they become byzantine and become powerful and practical adversaries.

Are there any pairing-friendly curves whose group order is a safe prime?

That is: the order of the group is $2q + 1$ for some prime number $q$.

Or, is it impossible to have such groups?

On a tendering portal, I want to encrypt the value of the submission using N number of public keys (PKI) and later on want to decrypt the same information using M out of N number of private keys (PKI). M<N and sequence of decryption should not matter. Please suggest the algorithm for doing so.

The original Schnorr signature scheme suffers from a Related Key Attack (RKA) as described by Morita et al. The authors of this paper then suggest a modification to the signature algorithm to prevent a RKA as follows:

1. Set $\psi \leftarrow g^x$, where $x$ is the private (signing) key for the scheme.
2. Set the challenge hash to be $h \leftarrow H(M || r || \psi)$.

The second step above differs from  ...

Authenticated encryption with associated data, such as AES-GCM, will take as input: IV, optional associated data, plaintext and key.

A ciphertext and an authentication tag will be produced.

Is there a frequently used term for this (IV, optional associated data, ciphertext, auth tag) data structure?

I'm looking for a term that ideally would equally apply to the data structure that would contain data enc ...

Suppose that $F:K\times X\rightarrow X$ is a function such that for each $k\in K$, the mapping $F_{k}:X\rightarrow X$ defined by letting $F_{k}(x)=F(k,x)$ is a bijection. Suppose that $F$ is the round function for some cryptographic function such as a block cipher or cryptographic hash function. Let $V_{X}$ be the complex vector space consisting of all tuples $(\alpha_{x})_{x\in X}$ such that $\sum_{x\ ...

I have been told to design my own algorithm as a college assignment. What I could have come up with was a random cipher. For example:

Suppose my plaintext is: AND

So I'll take an array the size of my plaintext and keep on storing random values between 0 to 9.

I will use random values and my array becomes {3,5,1}

My encrypted text becomes DSE

I have used a random function for generating random valu ...

RSA is a popular public-key cryptography algorithm. It has some mathematical assumptions. I mean, one cannot apply RSA on elements of any algebraic structure. Elements from certain algebraic structures are only eligible for utilization in RSA.

I want to know whether complex numbers fall into those particular algebraic structures or not. If no, due to the lack of which property complex numbers bec ...

Update: I made my lattice attack worked finally. As the actual reason is quite complicated I decide to write an answer below to describe how it worked so anyone with similar question might get inspiration from my work. The Question is not modified.

I was studying lattice attack recently. I tried to use data from TPM-FAIL to help me understand this attack and try to implement an attack using "textbook meth ...

As far as I understand, the Winternitz one-time signature is made by:

1. Making an array of private keys.
2. Making an array of public keys by hashing each private key X times, X being the number of different possibilities of characters that can appear in each position of the message (or the hash of the message) to verify.
3. Making an array of hashes as signature by hashing each private key X minus "the charac ...