Latest Crypto related questions

Score: 1
MichaelW avatar
Why using same nonce (IV) twice voids confidentiality of plain text or even key?
in flag

I understand roughly (without details of GF algebra) the scheme of GCS/GMAC:

enter image description here

IV is to be put into Counter-0, so initializing counters.

It is known, that using a IV twice can not only reveal the plain text but also the AES-Key itself.

I understand neither the first nor the second:

Q1: Why is confidentiality of the messages lost when using the same IV twice? Does it mean the plaintext can be inferred? Or  ...

Score: 1
user16910689 avatar
Bleichenbacher CCA, proof of termination
cn flag

I am currently thinking about how to prove that the algorithm presented in Bleichenbacher's paper (http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf) actually terminates.

I know that in each round the intervals in $M_i$ become smaller as we increase $s_i$, and that $m$ must be contained in exactly one interval from $M_i$. Since the intervals are intersected, it follows that the inte ...

Score: 0
security of different federated learning schemes
cn flag

all, I am working on federated learning and here goes my question:

Suppose there are two participants to do the federated learning. For some of the models (e.g. Logistic Regression models, assume one party has some features $X_1$ and the label $y$, the other has some other features $X_2$. The coefficients are denoted as $W_1$ and $W_2$, respectively), the schemes use "full encryption/mask", which ...

Score: 0
Кирилл Волков avatar
Several Discrete Logarithm Zero Knowledge Proof
ph flag

According to Wiki there is an approach for proving knowledge of $x$ such that $g^x = y$. How can I prove that I know $x_1, x_2$ such that $g^{x_1} = y_1, g^{x_2}=y_2$. Of course, I can make these proofs separately but I would like to combine them into a single one. My idea is to prove that I know such $x = x_1 + x_2$ that $g^x = y_1 y_2$. But is it safe? Does not it make the system vulnerable?

Score: 2
guilhermemtr avatar
Encrypting random coins used for the encryption itself
ru flag

Circular security notions for PKE schemes capture the security of (PKE) schemes when encrypting the secret decryption key.

Is there an analogous notion but for encrypting the randomness used for the encryption? i.e. what if one first fixes the random coins $r$ to be used for for the encryption, and then computes the ciphertext for this $r$: $c := E_{pk}(m; r)$, with $m = r$?

Score: 1
Why does deterministic ECDSA (per RFC 6979) include the private key in the generation of k?
au flag

It's clear that using the private ECDSA key $x$ as an additional input into the hash algorithm, as specified in RFC 6979, doesn't harm security (assuming HMAC_DRBG is a PRF).

But is it necessary?

Would there be any problem with allowing the signature algorithm to have the same output of $k$ for the same message regardless of the key used? Per Is it safe to reuse a ECDSA nonce for two signatures if the ...

Score: 2
Schnorr RSA factoring (round 2)
gb flag

Introduction

Earlier this year Claus Peter Schnorr claimed to have "broken RSA". The original paper was discussed in Does Schnorr's 2021 factoring method show that the RSA cryptosystem is not secure?. A revised version of his paper was posted on the iacr about a week ago and as per @fgrieu's comment, someone attempted to start a discussion around it: Is “Fast Factoring Integers by SVP Algorithms, cor ...

Score: 2
Kryštof Vosyka avatar
Does reusing IV in AES-CBC weaken it?
cn flag

Rsynccrypto allegedly uses AES-CBC with a twist: If the last few bytes of plaintext meet a condition*, then stop, pad the current block and start encrypting new block from the current position in file while reusing the IV. Better example might be in pseudocode:

if (trigger(buffer, i)) {
  encrypt_next_block(buffer, i);
  init_encryption(iv);
} else if(is_block_boundary(i)) {
  encrypt_next_block( ...
Score: 12
Ray Perlner avatar
Number of bit-operations required for information set decoding attacks on code-based cryptosystems?
dk flag

This question is potentially relevant to NIST post-quantum cryptography standards, involving code-based cryptosystems such as McEliece, BIKE and HQC.

This paper estimates the concrete number of bit operations required to perform the May–Meurer–Thomae (MMT) information set decoding (ISD) attack. It shows that this is significantly less than for any of the other ISD variants considered, including the B ...

Score: 11
Ray Perlner avatar
Requirements for security against multi-target attacks, for McEliece and other code-based cryptosystems?
dk flag

This question is potentially relevant to NIST post-quantum cryptography standards, involving code-based cryptosystems such as McEliece, BIKE and HQC.

For these cryptosystems, it seems that an attacker can use a "decoding one out of many" strategy as described here to decrypt one out of a list of $n$ ciphertexts, for a cost of approximately $\sqrt{n}$ times less than the cost of attacking a single ci ...

Score: 1
What can I use for key exchange?
cn flag

I am trying to send AES keys from one computer to another, but I need to provide some form of attestation of the key's provenance. How should I go about doing this?

Score: 1
undefined avatar
Does the libsodium sealedbox provide forward secrecy?
us flag

I am using sodiumoxide, a Rust binding to libsodium that provides a function named sealedbox that requires the receiver's public key. However, they also mention that the message is encrypted with an ephemeral public key.

Does that mean that the sealedbox provides forward secrecy, or do I need to implement forward secrecy myself?

Score: 0
ashidc avatar
How are zero-knowledge proofs used in blockchains to achieve anonymity?
it flag

The idea of blockchain is clear to me - If we reach consensus and all participants have the same state, it is easy to verify transactions. But new mechanisms (like Z-Cash) allow this without the transaction information be publicly readable by all participants. How is this even possible?

Score: 0
Bob avatar
The security level on BN254 and BLS381
cn flag
Bob
  1. Does BLS12-381 still provide 128bits security level?
  2. How about BN12-254? 112bits? Is there any references about the security level on pairing?
Score: 1
DurandA avatar
Correlations in ring oscillator PUFs
us flag

A bunch of silicon Physical Unclonable Functions (PUFs) designs rely on variations of the propagation delay (due to process variation) of signals in different path. In many cases, a challenge selects the paths (e.g. using a muxer) to be compared and the response bit(s) compare the two paths (e.g. which signal arrived first or the number of oscillations in ring oscillators).

For example, here is a ...

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.