Latest Crypto related questions

I don't quite understand why a smaller quotient between modulus $q$ and the noise's standard deviation implies better security against known attacks.

In FIPS 140-2 Part 2:Interfaces and Port in the security policy of product told : 1- "the output data path is provided by the data interfaces and is logically disconnected from processes performing key generation or zeroization. No key information will be output through the data output interface when the module zeroizes keys." What is this meaning? 2- And this "The output data path shall be logically di ...

Given a Hash Function H, how are the properties such as collision resistance, target collision resistance, one wayness, and non-malleability proved? I have read about hash function and stating that it is collision-resistant but how are they formally proved? If a hash function satisfies all the properties will it act as a random oracle model?

What's the required key usage/extended key usage for signing documents, eg.PDF, Word, PowerPoint, Excel, etc...

I am going to create a self-signed certificate that is needed to sign those documents. I wonder which key usage is required as there are many types that I can choose.

Note: I just need a self-signed certificate, not from trusted CAs.

Let $x$ be a random element from $QR_n$, the quadratic residue group over Blum integer n (where $n=p*q$ and $p$ and $q$ are safe primes), and $g$ a generator of $QR_n$. Are the following computationally indistinguishable?

$$(x^2 \mod n, g^x) (r^2 \mod n, g^x)$$

The intuition is that it's hard to compute $x$ from $x^2$ and $g^x$. Could this be reduced to some standard assumptions?

Let's say I have 3 items (A, B, C). Is there some sort of hash algorithm such that if I send (A, B, C) to another person, they can give me back the same hash and the same items or a subset of those items (for example (A, C)), and I can validate that they didn't give me extra/invalid items (for example (A, D))?

I apologize in advance for my lack of mathematical background.

Is there an algorithm that allows proofing that an input x1 was used as 1 out of N inputs to create an output hash y, without knowing the other inputs?

I.e. if there are 5 users providing an input hash for example, can we create an output hash that allows each individual user to verify his input was part of the inputs without him needing to know all other inputs?

(it's ok to learn all inputs during the  ...

Suppose I am given a Decision problem(DP) which is proven to be NP-hard. Is there a generic method/process to construct a cryptosystem based on the DP?

Thanks.

I wanna create the safe Twisted Edward curve. As far as I know, The number of curve points must be $\#E=8r$ that $r$ is big prime number. Also the number of points of quadratic twist of this curve must be $\#E'=4r'$ that $r'$ is big prime number. I search the value of $d$ for $-x^2+y^2=1+dx^2y^2$ that satisfices these properties. I know that $d$ must be nonquadratic number in $F_p$ and $p=1 \ mod ...

Given two values $g^{a_1}, g^{a_2}$ where $a_1, a_2 \in \mathbb{Z}_q$ and $g$ is a generator of group $\mathbb{G}$ of order $q$. Discrete logarithm is assumed to be hard in $\mathbb{G}$.

Is there a way to find the value $g^x$ such that $x = a_1 + a_2 \text{ mod } p$ with p < q. We also know, $a_1, a_2 < p$. Here $p,q$ are large primes, for example $128, 256$ bit respectively.

I am in the process of creating a flutter application that will include direct messaging. You can message 1 person or a group of people. I want this to all be encrypted for privacy.

The method I was thinking about is to do a hybrid RSA, AES system. On signup, a RSA key pair would be generated and the public key would be sent to the database for storage. Then when the user wants to message someone ...

I aim to find the answer to what is $X$ on an EC over a finite field where $A + X = B$ and $A$ and $B$ are known. I’m currently learning with secp256k1 so the simplified equation for the curve is $y^2 = x^3 + 7$. I am trying to figure this out so I can write the formula in python.

I was wondering if someone could help explain md5 collision abit better. I found this resource: https://www.mscs.dal.ca/~selinger/md5collision/ where they provided an example of where two cipher texts have the same md5. I tried to confirm that their example was correct but when I input their examples into a md5 calculator, I get two different md5s for the two different cipher text. What am I doing ...

My first objective is to implement AES-GCM in PowerShell 5.1 since there is not an implementation that not use external dll libraries.

According to the GCM schema of encryption:

the E_k block should correspond to a 128-bit block and the input is encrypted by AES with a specific key K.

If at the beginning I want to focus only on the E_k block and I want to implement directly there the AES algorithm, is ...

How do you find RSA encryption key e when RSA modulus is n = 55 = 5 x 11 and your decryption is d = 37? Is this possible for large values of n say of the order of 1024 bits?

The UC framework [Can00 (version of 2020-02-11)] defines security (defn 9) as for all adversaries there exists a simulator such that for all environments the environment output is indistinguishable in the ideal and real model. $\forall A \exists S \forall E$: $$EXEC_{\varphi,S,E} \approx EXEC_{\pi,A,E}$$ where $EXEC_{\pi,A,E} = \{EXEC_{\pi,A,E}(k,z)\}_{k \in \mathbb{N},z\in\{0,1\}^*}$. This means ...