Latest Crypto related questions

I'm having a problem with an encryption scheme.

There are two entities, $A$ and $B$. $A$ give a simple message $m \in [0,1]$ to $B$. $B$ should generate an encrypted message of $m$: $e=Enc_{pk}(m)$ such that $A$ can verify if $B$ has correctly encrypted a message generated from $A$ without tampering it. But, at the same time, $e$ should not reveal any information that can be used from $A$ to demons ...

I am looking for a simple encryption of the text messages and in order to save some bandwidth, storage etc, I was looking to encrypt them into the same length strings. Something similar to how youtube is doing for their video ids. Having billions of videos in their database, they manage to encode them with only couple of letters and digits.

Is there any encryption which can output the same length ...

Let $K$ be a number field of degree $n$ and $\Lambda^q_h=\{(f,g)\in\mathcal{O}_K\text{ : }fh-g = 0\bmod q\mathcal{O}_K\}$, where $h$ is an NTRU public key. Then $\{(1,h),(0,q)\}$ generates a lattice. I've found it stated in the literature that $Vol(\Lambda^q_h) = Vol(\mathcal{O}_K)^2q^n$ (e.g. here), but how does the proof of this statement run? Or where can I find a proof?

I've been learning about the elliptic curves and how they work, and their usage in cryptography, and I'm trying to figure out how to use them using Go.

1. Where is the 'a' parameter from my ECC equation y^2 = x^3 + a*x + b, in this CurveParams structure? https://golang.org/pkg/crypto/elliptic/#CurveParams To verify I am understanding well please correct me if I am wrong:

• 'P' parameter represents the order ...

community !

I'm looking for the proof of theoritical security of Shamir's secret sharing. I found some articles saying that it's assimilable to the halting problem, which implies that there is no general algorithm to solve it for all possible program-input pairs. But, I don't understand why it stands for SSS encryption.. Why we say that we can only calculate all possible solutions for a threeshol ...

I am a member of a sports association and I am developping a simple JavaFX application for managing member's license.

This application will be used on a notebook without any connection, it has to be offline an protected by a user/password. It will run on a shared Windows account.

The application must be the simpliest possible to install and use (average user age around 60-70 years old) so for storin ...

Merkle trees can be used for vector commitment scheme. In particular given two sequences S, S' with the same elements in the same order the merkle root for S will be the same as the one for S'. What if I need to append to S and S' the same elements over time but they may differ in ordering? Is there any specific commitment scheme best suited for this scenario?

I'm trying to encrypt and store strings in PHP as per example #1 on the PHP openssl_encrypt documentation.

<?php
//$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
    $ivlen = openssl_cipher_iv_length($cipher);
    

As it is depicted above, the Feistel Network uses random function fi which is not required to be invertible. However, if fi is not invertible, how can fi(Li) == fi(Ri-1)? Furthermore, why Feistel Network is invertible?

$\textbf{Continuous LWE}$ : $(\overrightarrow{a}, b)\in \mathbb{Z}_q^n\times \mathbb{T}$, where $\mathbb{T}=\mathbb{R}/\mathbb{Z}$, $b = \langle \overrightarrow{a},\overrightarrow{s}\rangle/q + e\mod 1$, where the error $e$ is sampled from $\Psi_\alpha(x) := \sum_{k=-\infty}^{\infty}\frac{1}{\alpha}\cdot exp(-\pi(\frac{x-k}{\alpha})^2), x\in [0,1)$ over the torus $\mathbb{T}$. The density function

In this Python CRC32 table look-up method, the polynomial is 0x104c11db7.

I can understand that the generated table does not collide. After all, as long as the start and end of the polynomial binary are 1, then the hash obtained by different raw data is different.

But why do the first two bits of the hash table not collide?

The first four digits of the polynomial are 0x04c1, and the binary end of

In a digital signature scheme (Gen, Sign, Verfiy) that satisfies correctness and existential unforgeability, can you assume that the outputs of Sign() are computationally indistinguishable from random?

Let $x, y, z$ denote three $n$-bit words such that $$z = (x \oplus y) \oplus ((x \land y) \ll 1).$$

The NORX paper contains the generalized description of the algebraic normal forms for each bit of $x$ given $y$ and $z$: $$\begin{array}{l} x_0 = (z_0 \oplus y_0),\\ x_1 = (z_1 \oplus y_1) \oplus (x_0 \land y_0),\\ \vdots\\ x_i = (z_i \oplus y_i) \oplus (x_{i-1} \land y_{i-1}),\\ \vdots\\ x_{n-1} = (z_{ ...

While I'm trying to implement BGV scheme myself, I found that I'm really confusing about the encryption and decryption of the scheme. Here's my understanding:

Let $p$ be a plaintext modulus and $q$ be a ciphertext modulus (they are coprime). Let $\mathbb{Z}_{m} = (-m/2, m/2] \cap \mathbb{Z}$ be the fixed set of representatives modulo $m$ and $[\cdot]_{m}: \mathbb{Z} \to \mathbb{Z}_{m}$ be modulo  ...

Why exactly do we use factorial for finding an $L$ which is divisible by $p - 1$?

Pollard's algorithm is about B-powersmooth numbers & not B-smooth numbers. So where exactly does the factorial come in? Factorials aren't done by powering anything - it's just a multiplication of numbers without any exponentiation.

I am referring to Pollard's $p - 1$ algorithm as covered in Silverman's Mathematical C ...