Latest Crypto related questions

Score: 1
Preimage attack on sum of two Hash functions modulo 2
cn flag

If a hash function $H$ is defined as $H(x_1,x_2) = H_1(x_1) \oplus H_2(x_2)$ for two n bit good hash functions $H_1$ and $H_2$ then how can we construct a preimage attack on $H$ that is of $O(2^\frac{n}{2})$ given some y ?

Here, are we allowed to query $H_1$ and $H_2$ ?

I would really appreciate some hints.

Score: 1
Кирилл Волков avatar
ed25519 base point coordinates
ph flag

For the ed25519 standard Base Point is $B = (x, 4/5)$. According to Stack Question the y coordinate equals

46316835694926478169428394003475163141307993866256225615783033603165251855960

But how this value is received? As I understand $y = 4 \cdot 5^{-1} \mod l$, where $l = 2^{252} + 27742317777372353535851937790883648493$.

So $5^{-1} \mod l$ gives

1447401115466452442794637312608598848171423271875981521200 ...
Score: 0
thebalkandude avatar
Can the result of a multiplication between an elliptic curve and a scalar not be on the curve?
tv flag

As the title says, we have an elliptic curve, doesn't matter which one, say p256. We choose any scalar.

Can the multiplication of a point on curve with the scalar result in a point that is not on curve? There would be a case where you get the infinity point as result and which is not considered to be on the curve, but is there any other case? Thank you!

Score: 3
BlackHat18 avatar
Hybrid argument without efficient samplability
sy flag

Let's say I have $k$ distributions, where $k$ is polynomially large, $D_1, D_2, \ldots, D_k$ such that each $D_i$ is computationally indistinguishable from the uniform distribution.

Is it true that the distribution $D_1 D_2 \ldots D_k$ is also computationally indistinguishable from $k$ copies of the uniform distribution?

This trivially holds if each $D_i$ is efficiently samplable. But let's say th ...

Score: 2
SubXi avatar
What is the correct order of operations for one-time pad cipher when using subtraction and mod 10 arithmetic?
cn flag

What would be the proper order of operations for OTP encryption/decryption when using subtraction and mod 10? E.g. P - K = C or K - P = C

Most of the sources I have seen do not cover this topic or I didn't grasp the principles behind this encryption well enough. From what I gather it shouldn't matter as long as the pad key numbers (K) are truly random.

For instance:

PLAINCODE:  65417
OTP PAD(-): 47757
- ...
Score: 1
Woodstock avatar
Composite order ECC and Ristretto
pk flag

I've been looking at ristretto.group, and its really cool.

I understand for some protocols we need curve points to behave as if they were from a prime order curve.

I have a few questions on this,

  1. Do we call curves without prime order "composite"?
  2. Why do some protocols demand prime order from the underlying curve?
  3. Why isn't the fact that we work inside a prime order subgroup anyway good enough in th ...
Score: 0
Thomas Anton avatar
Consequences of P=NP for Authentication
ca flag

Let's suppose that P=NP. That is, every problem whose solution can be quickly verified can also be solved quickly, regardless of what that means at a formal level. So, not only does P=NP, but there are practical polynomial-time algorithms for NP-complete problems. Also, the proof is either constructive or non-constructive. That is, an algorithm can be found that we would eventually find fast enough t ...

Score: 2
Arsi ji avatar
Secret key expiration
in flag

I am looking for suitable techniques through which secret keys can be expired after a certain time limit. Is there any such method in cryptography?

Score: 2
Zero knowledge RSA public key
us flag

Suppose Bob has $k>1$ RSA public keys $(e_i, n_i)$ without any knowledge of their corresponding private keys. Alice also has all the public keys, but also has a private key for only one of them, say, $(d_j, n_j)$. Is it possible for her to prove to Bob that she has at least one of the private keys, without revealing $j$

EDIT: changed notation according to fgrieu suggestions

Score: 1
Eeme avatar
Kyber PKE correctness proof, how is triangle inequality used
cn flag

Im reading the CRYSTALS kyber paper and am stuck on the PKE correctness proof on page 5. I can't see how the triangle inequality would help to get to the result $|| \lceil q / 2 \rfloor \cdot (m - m') ||_\infty < 2 \cdot \lceil q / 4 \rfloor$.

Score: -1
Rikudou avatar
Can someone please explain the "secret" and the "data" in the MD5 hashing algorithm?
uz flag

I've been studying the MD5 hashing algorithm, and there is something that I just don't understand yet. They say that the server holds some sort or "secret" and that it appends some sort of "message" (or "data") to that secret. Then, the algorithm adds the appropriate padding to the concatenated ("secret" + "data") and the process continues from there. Now, it is said that only the server knows the "secr ...

Score: 0
walter7x avatar
Can a garbler "open" a circuit by "opening" only her input labels and AND tables?
tr flag

I'm using the word "open" as in chapter 6 "Malicious Security" of Pragmatic MPC, i.e. to "open" the circuit is for the garbler to provide all the randomness used to garble the circuit, so that the evaluator can be sure that the circuit was correctly garbled.

Suppose Bob has just evaluated the circuit which Alice (the garbler) sent to him. But before Bob does anything with the circuit's output, he as ...

Score: 2
Cryptographic invariant maps
cn flag

In [BGK+18] in section 4, Boneh et al. write that:

For any choice of ideal classes $\mathfrak{a}_1,\dots,\mathfrak{a}_n,\mathfrak{a}_1',\dots,\mathfrak{a}_n'$ in ${Cl}(\mathcal{O})$, the abelian varieties \begin{align} (\mathfrak{a}_1 \star E) \times \dots \times (\mathfrak{a}_n \star E) \text{ and } (\mathfrak{a}_1' \star E) \times \dots \times (\mathfrak{a}_n' \star E) \end{align} are isomorphic o ...

Score: 11
derjack avatar
Cracking RSA (or other algorithms) manually by a savant
cn flag

RSA cryptography strength comes from the hardness (or so we believe) of factoring big numbers. For key lengths over 2048 bits, it is infeasible for current or near-future computers to factor those numbers in a reasonable time.

But what about the human brain? There are people with remarkable math abilities; for example, savants that can perform many complex calculations. Imagine a person who is fi ...

Score: 0
Fiono avatar
Zero-knowledge composability
us flag

Suppose a protocol P is composed of two different zero-knowledge protocols. Can we assume P is also zero-knowledge?

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.