Latest Crypto related questions

I am a member of a sports association and I am developping a simple JavaFX application for managing member's license.

This application will be used on a notebook without any connection, it has to be offline an protected by a user/password. It will run on a shared Windows account.

The application must be the simpliest possible to install and use (average user age around 60-70 years old) so for storin ...

Merkle trees can be used for vector commitment scheme. In particular given two sequences S, S' with the same elements in the same order the merkle root for S will be the same as the one for S'. What if I need to append to S and S' the same elements over time but they may differ in ordering? Is there any specific commitment scheme best suited for this scenario?

I'm trying to encrypt and store strings in PHP as per example #1 on the PHP openssl_encrypt documentation.

<?php
//$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
    $ivlen = openssl_cipher_iv_length($cipher);
    

As it is depicted above, the Feistel Network uses random function fi which is not required to be invertible. However, if fi is not invertible, how can fi(Li) == fi(Ri-1)? Furthermore, why Feistel Network is invertible?

$\textbf{Continuous LWE}$ : $(\overrightarrow{a}, b)\in \mathbb{Z}_q^n\times \mathbb{T}$, where $\mathbb{T}=\mathbb{R}/\mathbb{Z}$, $b = \langle \overrightarrow{a},\overrightarrow{s}\rangle/q + e\mod 1$, where the error $e$ is sampled from $\Psi_\alpha(x) := \sum_{k=-\infty}^{\infty}\frac{1}{\alpha}\cdot exp(-\pi(\frac{x-k}{\alpha})^2), x\in [0,1)$ over the torus $\mathbb{T}$. The density function

In this Python CRC32 table look-up method, the polynomial is 0x104c11db7.

I can understand that the generated table does not collide. After all, as long as the start and end of the polynomial binary are 1, then the hash obtained by different raw data is different.

But why do the first two bits of the hash table not collide?

The first four digits of the polynomial are 0x04c1, and the binary end of

In a digital signature scheme (Gen, Sign, Verfiy) that satisfies correctness and existential unforgeability, can you assume that the outputs of Sign() are computationally indistinguishable from random?

Let $x, y, z$ denote three $n$-bit words such that $$z = (x \oplus y) \oplus ((x \land y) \ll 1).$$

The NORX paper contains the generalized description of the algebraic normal forms for each bit of $x$ given $y$ and $z$: $$\begin{array}{l} x_0 = (z_0 \oplus y_0),\\ x_1 = (z_1 \oplus y_1) \oplus (x_0 \land y_0),\\ \vdots\\ x_i = (z_i \oplus y_i) \oplus (x_{i-1} \land y_{i-1}),\\ \vdots\\ x_{n-1} = (z_{ ...

While I'm trying to implement BGV scheme myself, I found that I'm really confusing about the encryption and decryption of the scheme. Here's my understanding:

Let $p$ be a plaintext modulus and $q$ be a ciphertext modulus (they are coprime). Let $\mathbb{Z}_{m} = (-m/2, m/2] \cap \mathbb{Z}$ be the fixed set of representatives modulo $m$ and $[\cdot]_{m}: \mathbb{Z} \to \mathbb{Z}_{m}$ be modulo  ...

Why exactly do we use factorial for finding an $L$ which is divisible by $p - 1$?

Pollard's algorithm is about B-powersmooth numbers & not B-smooth numbers. So where exactly does the factorial come in? Factorials aren't done by powering anything - it's just a multiplication of numbers without any exponentiation.

I am referring to Pollard's $p - 1$ algorithm as covered in Silverman's Mathematical C ...

I was looking at an example of the ElGamal encryption operation here (page 24), but I can't seem to understand why: $$\beta = 3(10, 3) = (10, 8)$$

I am considering the following questions and would appreciate any help.

Problem formulation:

Suppose Alice holds a secret value $x$ and there is a public Boolean predicate function $\texttt{Pred}$ that applies to $x$, $\texttt{Pred}: x \rightarrow \{0,1\}$. A sample predicate function can be whether the input $x$ is in a certain range or not.

Now Alice computes $y\gets\texttt{Pred}(x)$, but instead  ...

I was reading the “Fast Multiparty Threshold ECDSA with Fast Trustless Setup” paper by Gennaro & Goldfeder, 2018 and I encountered this portion (Sect. 2.4, p.6):

This excerpt leaves me slightly confused. First, there’s seemingly a mismatch (a typo?) between r and R — or is it that R is the set from which r is sampled? Second, most important, what are these coin tosses? There’s no men ...

A Merkle signature scheme is post-quantum-suitable as it relies only on the security of a one-way function. However, this construction seems to only be capable of authentication, and not confidentiality.

Is there any cryptographic protocol enabling key exchange via a Merkle scheme -- that is, without relying on weaker assumptions that might be broken by future cryptographers with a quantum compute ...

Wikipedia:

The ANOM sting operation was a collaboration by law enforcement agencies from several countries, running between 2018 and 2021, that intercepted millions of messages sent through the supposedly secure smartphone-based messaging app ANOM. The app was covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), with law enforcement ag ...