Latest Crypto related questions

Score: 0
questioner avatar
CTR mode calculate messages before new key is required
tr flag

I am studying a cryptography video on Coursera here titled: Modes of Operation: Many Time Key (CTR).

I have just two simple questions:

  1. At around 4:30 in the video they show 2^48 without saying where this number came from, perhaps it forms part of the AES specification?

  2. They then go on to explain that they plugged in the value 2^48 into the underlined equation on the line above, to calculate how ma ...

Score: 1
Steven avatar
How to properly guarantee authentication, confidentiality, and replay-resistance for multiple messages using a pre-shared key?
ws flag

I have a device that needs to communicate with another host and exchange fixed-length messages. All traffic should be encrypted and authenticated, and it should be resistant to replay attacks. Unfortunately relying on TLS is not an option, so I need to implement some custom protocol. I have control of both devices so I can securely generate and distribute a shared key $k$.

I thought to use AEAD with  ...

Score: 3
Are non-FIPS algorithms allowed to execute at all in a FIPS-compliant system?
cn flag

If a piece of software is running in FIPS mode and using FIPS-certified cryptographic modules, is it permitted to execute any non-FIPS algorithms even if the security of the system is not uniquely dependent on them?

Example: lets say you have a system that exchanges two ECDH key pairs: one curve25519 key pair and one NIST P-384 key pair. Key agreement is performed using both key pairs and then th ...

Score: 1
Finding second-preimage to this use of weak hash
cn flag

$h'(x) := h(a_1 \parallel x \parallel b_1) \parallel h(a_2 \parallel x \parallel b_2) \parallel h(a_3 \parallel x \parallel b_3) \parallel \dots \parallel h(a_k \parallel x \parallel b_k)$

$a_i$ and $b_i$ are known prefixes and suffixes.

If $h$ is MD2 or MD4, how much work would it take to find a second-preimage to $h'$?

Just to be clear: The output of $h'$ is relatively long, $k$ times longer than  ...

Score: 1
Eddie avatar
In TLS 1.3, what is the rational for using different handshake transcripts for Resumption Master Secret vs Application Traffic Secrets?
in flag

The TLS 1.3 RFC, section 7.1 lists this as the last part of the key schedule:

https://datatracker.ietf.org/doc/html/rfc8446#section-7.1

            ...
   0 -> HKDF-Extract = Master Secret
             |
             +-----> Derive-Secret(., "c ap traffic",
             |                     ClientHello...server Finished)
             |                     = client_application_traffic_secret_0
     ...
Score: 0
Кирилл Волков avatar
Parameter c in Fiat–Shamir heuristic
ph flag

According to Wiki there is a possibility of non-interactive Zero-Knowledge Proof of discrete logarithm if challenge $c$ is computed via a hash function. But what is the purpose of $c$? Why can not I always set $c=1$? Does it make the system vulnerable?

Score: 1
Gabriel avatar
Proof that interactive proof system is equivalent to generalized interactive proof system
cn flag

I did try to prove the interactive proof system and generalized interactive proof system are equivalent. According to both definitions are in the pictures. However, I still struggling to do it. Please help me solve this.

Definition of Interactive Proof  Definition of Generalized Interactive proof

Score: 2
Randomization of ECDSA signing operations to prevent SCA
us flag

A large number of SCA papers that talk about ECDSA mention the need for blinding/randomisation of the signing process, typically with a single-sentence comment about replacing the projective coordinates (X,Y,Z) with randomised ones (lambda^2X,lambda^3Y,lambda*Z) and declaring the problem solved, but nothing really seems to provide any detail of what specific steps are required. In particular looking at  ...

Score: 1
Maarten Bodewes avatar
What are the differences between the various Authenticated Encryption schemes using Keccak?
in flag

Keccak - as used in SHA-3 / SHAKE amongst others - can also be used for authenticated encryption.

However, there already seem multiple schemes defined for it, including their own implementations:

  1. Ketje:

    1. Kejte Jr;
    2. Kejte Sr;
    3. Kejte Minor and
    4. Kejte Major
  2. Kravatte (excluding the deprecated/broken schemes):

    1. Kravatte-SANE and
    2. Kravatte-SANSE (SIV)
  3. Keyak:

    1. River Keyak;
    2. Lake Keyak;
    3. Sea Keyak;
    4. Ocean Keyak  ...
Score: 2
mehdi mahdavi oliaiy avatar
What happens if the Edwards curve isn't quadratic twist secure?
ro flag

On this webpage, Daniel Bernstein offers that the curve must be quadratic twisted secure. This means that if the curve has $\#E$ points on $Z_p$ where $\#E=p+1-t$, then the quadratic twist curve has $\#E'=p+1+t$ points. The condition for quadratic twisted secure curves is that the cofactor of a quadratic twist curve is low. For example, the cofactor of a curve is 8 and the cofactor of a quadratic twist c ...

Score: 0
Design an algorithm to generate random session key
gr flag

good day. I am asked to design the a simple algorithm to generate random session key id of block length of 8 and change continuously every time it refreshes. Is there any simple algorithm to create random session key id encrypt and decrypt it? I would prefer not to use library supported in python module.

Please kindly advise.

Score: 3
What are the properties of a hash function?
gr flag

I have created a hash function. If I am asked whether it conforms to the definition of a hash function, I only know that it should have a fixed-size output. I use multiplication and adding of every plaintext character with the random number I assigned.

Aside from the fixed-size output, what other characteristics must a hash function have, and why?

Score: 0
Ekin avatar
How Differential Cryptanalysis of DES work?
in flag

I have been studying the DC of DES. As a beginner, I completed the general structure of DES and began DC. I understand the idea of attack, how to find different characteristics for differential cryptanalysis of des-like systems?

Can someone explain them to me or point out a good explanation on the Internet?

Score: 2
DBWeinstein avatar
How much much data can be verified by an electronic signature?
it flag

I’m trying to get a good understanding of how data encryption and signing work. I imagine these vary a bit depending on the software being used.

In particular, I am wondering about this: how much data can be verified by an electronic signature?

Score: 2
arka avatar
Can you please explain how Manger's attack against RSA OAEP works?
ki flag

I searched but found nothing except the original paper, and I can't wrap my head around it. Can you help me by giving an overview and then if possible, a short explanation of the algo?

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.