Latest Crypto related questions

I suspect the answer is "no", but still:

In WireGuard [1], there's a concept of private and public keys for peers; public key derives from a private one and connection between two parties can be established only when keys match. Let's say we have two peers A and B. To connect them, they each have to:

1. generate private key;
2. generate public key using private one from previous step;
3. share public key w ...

In elliptic curve cryptography using Diffie-Hellman protocol, we need to use large prime numbers.

So my question is what makes discrete logarithm hard to solve when we use large prime numbers.

I guess since we use large prime numbers we will have a lot of points that satisfy our curve equation

I have a question about the first programming assignment in Dan Boneh's cryptography course on Coursera. You're given 10 ciphertexts that were encrypted with the same key and you can presumably assume that the plaintext consists of letters and whitespace only.

The hint gives that you should consider what happens when a whitespace is xor-ed with a letter. The idea is to check whether the xor-ed su ...

GPG and age both offer a --armor option but what is the use case when it comes to file encryption? Surely most channels allow for transmitting binary data nowadays? It seems unnecessary and sounds like it satisfies a rare use case.

I can understand it for sharing key pairs, maybe signatures, but not for file encryption. Even for key pairs and signatures, it feels like there are better ways of doing  ...

I am gonna write down formulas that I know and use to generate RSA keys.

1. we choose $p$, $q$
2. $N = p\cdot q$
3. $\varphi(n) = (p-1)\cdot(q-1)$
4. choose $e$ such as
   • $1 < e < \varphi(N)$
   • $e$ is coprime with $N$, $\varphi(n)$
5. choose $d$ so that $d\cdot e\bmod\varphi(n)=1$

That's it. With these, if we have $p=2$ and $q=7$, I successfully get $d=11$ and $e=5$ which is correct.

Now Imagine, that I only  ...

Can Shamir secret sharing scheme (SSS) be verified using automated verification tools such as AVISPA? I read in the HLPSL manual that we cannot use arithmetic or relative operations such +,-,< ...etc in the HLPSL description of the protocol. Thus, we cannot implement LaGrange's interpolation formula?!! Do all protocol verification have this limitation?

(There are other protocol verification to ...

Reading learnmeabitcoin I found the following how bitcoin works:

The bitcoin difficulty self adjusts so that a block is solved on average in 10 minutes.

Solving a block requires the miner to generate hashes until it reaches a certain valid hash (for example a value lower than a target). This means that the miner will use all available processing power to generate random hashes in hoping that it wil ...

After reading a number of ZK-SNARK explainers from here, here, and here, I still don't understand a few things.

The setup of the algorithm uses QAP to calculate polynomial P(x) = L(x) * R(x) - O(x), as well as target divisor polynomial t(x), to represent the generic form of the target computation. Then, to create a proof, the prover

• Calculates P(x) = L(x) * R(x) - O(x) for the specific parameters of the  ...

I'm wondering if the following problem is as hard as computational or decision Diffie-Hellman problem? (Or is it actually an easy problem because $c$ is available?)

Given a cyclic group $G$ and let its order be $q$. Given $g$, $q$, $g^a$ and $g^b$ and $c \in Z_q$, decide if $c \equiv a*b \mod q$.

Another version of the problem could be: let $G$ be a group of unknown order (e.g., where RSA or strong  ...

If there is a limit, does that leave a limited number of prime numbers that can be used for key gen? And, if that is the case is the encryption system vulnerable?

I'm implementing IDEA algorithm in java and I need test vectors for the algorithm that include plaintext,ciphertext and keys in each step to verify my code.

Is SIV mode variant equally secure, if you replace CTR mode encryption with full-block CFB mode encryption?

CFB seems to be safe with predictable IV: Is using a predictable IV with CFB mode safe or not?

But is it safe with Encrypt-and-MAC like construction as SIV?

Take a sequence of byte buffers, hash each of them, interpret the hash digests as square matrices with 8-bit unsigned int elements, and (matrix) multiply them in order. Define the final matrix to be the "hash" of the list of elements.

This definition has some useful properties. In particular, the associative property of matrix multiplication enables calculating the list-hash of the concatenation  ...

I have been messing around with cryptography (for recreational use), and I created my own one-time-pad encryption script in C. Now, with that being said, I freely admit that I am by no means a cryptography expert. I know that Rule No. 1 of cryptography is not to do it yourself. However, I am genuinely interested in whether my encryption script is (theoretically) secure.

First, here is a basic deb ...

In Pollard's p-1 algorithm for factoring N, you try to find a L such that p - 1 divides L. Then you check $gcd(pow(a,L,N)- 1, N)$. If 1 < gcd < N, then you have found one of the factors.

I have seen 2 methods to do this.

1. For n from 1 to Bound, try $L = n!$ (i.e. factorial(n)) & try the $gcd(pow(a,L,N)- 1, N)$ for each one.
2. for n from 1 to Bound, try $L = LCM(range(1,n))$ & try the