Latest Crypto related questions

Score: 0
Rikudou avatar
Is it possible to have a hash in UUID form that ends with 16 characters instead of 12?
uz flag

You may know how sometimes a hash in a URL may be in UUID format, which consists of groups of hex values separated by hyphens. In UUID format, I have come to learn that this hash takes the form:

8-4-4-4-12 for a total of 32 characters. However, I came across a URL that had a hash for a request parameter that looked like this:

9ced2fb4-f1df-4f00-af76-940736bfeee0001f

Notice that this format is 8-4-4-4-1 ...

Score: 0
Counterfeit EU Green Passes
cn flag

In the EU, a person will soon be able to perform certain activities (going to concerts, to sports events, etc.) only if they can present a valid Green Pass that certifies that the bearer has been vaccinated, or has recovered from Covid, or has been tested negative in the recent past.

The Green Pass is basically a QR code that contains information encrypted with public-key cryptography (see here for detail ...

Score: 3
Digital Signatures with Curve25519 key-pair
it flag

I have a public/private key pair of Curve25519 keys used by Wireguard.

How can I use this keypair to generate/verify digital signatures?

Preferrably, I would like to use EdDSA/Ed25519 but I struggle to derive a Ed25519 keypair from the Curve25519 keys used by Wireguard.

Score: 0
Using shared secret as Out-Of-Band authentication data in Bluetooth pairing
br flag

According to the Bluetooth Specification, the pairing process starts with Slave sending a connectable advertising packet and then the Master initiates the connection. In LE Legacy OOB authentication a secret 128-bit Temporary Key (TK) is supposed to be shared via some other secure channel, e.g. NFC, to be used in a challenge-response authentication, which goes like this:

  1. Master chooses random Mrand a ...
Score: 2
Hlen avatar
Glue between X3DH and Double-Ratchet
jp flag

While studying Signal and more particulartly X3DH and Double-Ratchet one particular apsect seems unspoken or not really documented. X3DH provides a shared secret however Double-Ratchet needs a shared secret and a public key.

In the Double-Ratchet documentation they say that either Alice can be the only Double-Ratchet initiator either Bob can be the iniatiator too if the shared secret (of X3DH) i ...

Score: 2
Can we reverse elliptic curve function mul?
cn flag

I have an elliptic curve system with only one point P. Let's say the client A and server B generate a secret R1 and R2.

A is sending X1 = mul(R1, P) to B and B is sending X2 = mul(R2, P) to A then shared secret is the same for both : S = X1R2 = X2R1

The system only have one point and i have X1,X2 and P. I'm trying to compute the shared secret, by calculating R1 and R2. However the curve function is h ...

Score: 4
Meir Maor avatar
Many near collisions but no full collision
in flag

I read this question: Cracking $f(x) = Cx \oplus Dx$ Asking about finding collisions in a simple 64 bit hash, and I thought I will give it a go myself just for fun. I quickly wrote code to find collisions: https://gist.github.com/meirmaor/b0e59352eb73cacec47d0f95c25a25fc

And yet it finds many near collisions and no full collisions, this baffles me.

Algorithm description: I wanted to solve this using 8GB  ...

Score: 1
What is the security implication of non-full-rank systematic matrix in McEliece cryptosystem?
jp flag

The Classic McEliece cryptosystem has the following key generation procedure:

  1. Choose a field $\mathbb{F}_{2^m}$, an irreducible polynomial $g(x)$ of degree $t$, and $n$ field elements $\alpha_1, \cdots, \alpha_n$.
  2. Build the $t \times n$ matrix $\tilde{H} = (h_{ij}), h_{ij} = \frac{\alpha_j^{i - 1}}{g(\alpha_j)}$
  3. Replace each component in $\tilde{H}$ with a binary vector of length $m$, to get a ma ...
Score: 1
Evan Su avatar
Impact of partitioning oracle attacks on file encryption?
be flag

I've just learned about partitioning oracle attacks recently, and I would like to clarify some things that are a little foggy to me right now.

According to this thread,

The aim is the recovery of a password pw. Consider that you want to test the membership of two passwords S∗1={pw1,pw2}. Create two keys K1=PBKDF(salt,pw1) and K2=PBKDF(salt,pw2) (the salt can be found by sniffing!), now use Dodis et, a ...

Score: 10
poncho avatar
Looking for the current status of the Chinese national cryptographic algorithm design competition
my flag

I'm trying to find the results of the Chinese national cryptographic algorithm design competition (which I believe is targeted towards postquantum algorithms); however I cannot find it.

I did find this page which (from the title) appears to list the results; however the body of the text is in Chinese (and is an image, and hence Google translate can't do anything with it).

Could some kind soul either tra ...

Score: 1
DurandA avatar
Randomness extraction on correlated data in TRNG
us flag

True random number generator (TRNG) designs I read about mostly consist of two digital stages:

  • Low-frequency sampling (of a physical noise source)
  • Randomness extractor

The noise signal is sampled at a low frequency to avoid correlation. Functionally, this is equivalent to the following three stages:

  1. High-frequency sampling
  2. Decimator
  3. Randomness extractor

In this design, (1) produces a correlat ...

Score: 2
T Pluck avatar
Can direct sums be used for deniable encryption?
jp flag

So I've recently become acquainted with deniable encryption and I got to thinking, wouldn't a way to do this involve using a group that can be decomposed into direct summands which already have well-established cryptosystems using a one-way projection map.

A one-way projection map is:

  1. Easy to compute with a trapdoor
  2. Hard to compute without this trapdoor
  3. Idempotent, repeated applications lead to  ...
Score: 2
automatictester avatar
AWS signature v4 key derivation
ht flag

Generating Authorization header with AWS signature v4 involves deriving signing key as follows:

https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html

static byte[] HmacSHA256(String data, byte[] key) throws Exception {
    String algorithm="HmacSHA256";
    Mac mac = Mac.getInstance(algorithm);
    mac.init(new SecretKeySpec(key, algorithm));
    return mac.doFinal(data.getBytes("UTF ...
Score: 2
MeBadMaths avatar
Time Complexity of Exhaustive Search Algorithm
in flag

I have the sets $S_1=\{2,10,20,6\}$ and $S_2=\{25,26,20\}$ and I want to find which numbers sum to make 32. This is very easy by inspection; 6 and 26. It seems similar to the Knapsack problem, but I am no expert.

However, say I have 1000 sets, each with 500 elements such that summing one term from each set always gives you a unique value. This is much harder to inspect and solve, especially if the sets f ...

Score: -1
Is there some function of $n$ that is a multiple of $\phi(n^2)$?
ua flag

Not sure which forum to post this question so here is a link to it from MSE.

This is to adapt the approach of Fermat's Little Theorem to the Paillier encryption system.

I understand that this will occasionally fail (approximately 1 in $\sqrt n$), but I feel this is unlikely enough to ignore. Am I correct in my assumption?

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.