Latest Crypto related questions

Score: 3
AAA avatar
SIS without the modulus
nl flag
AAA

Consider the following modification to the Short Integer Solution (SIS) problem:

Let $n$ be an integer and $\alpha=\alpha(n),\beta=\beta(n),m=m(n)>\Omega(n\log \alpha)$ be functions of $n$. Sample a uniform $A\gets[-\alpha,\alpha]^{n\times m}$. The task is to compute "short" vector $e\in\mathbb{Z}^m$ in the kernel of $A$. That is:

  1. $|e| < \beta$.
  2. $A.e=0^n$. Here, equality holds over the integers
Score: 2
James avatar
Cracking Elliptic Curve Cryptography
br flag

I am quite new to the study of elliptic curve cryptography and as such I might be asking something with a mundane solution, but I can't easily find such a solution online. My understanding of ECC is that you can generate a private key (some integer $k$), a starting point on the curve ($G$), and a curve equation, and then generate a public key through finding $kG$. My understanding is then that your comput ...

Score: 0
Chito Miranda avatar
Is my proof about uniqueness of ring-LWE secret correct?
us flag

Suppose that $n$ is a power of two, $q=3\pmod 8$, prime and $R=\mathbb{Z}[X]/(X^n+1)$. Denote $\Vert\cdot\Vert$ as the infinity norm in $R_q=R/qR$ on the coefficients of elements in $R_q$. The coefficients are assumed to be in $[-\frac{q-1}{2},\frac{q-1}{2}]$. I'll just cite some facts that I will use in my proof:

  1. $X^n+1$ factors into two irreducible factors modulo $q$, where each factor is of de ...
Score: 0
Dylan avatar
HElib: send sk and pk to another party for decryption and encryption
bb flag

This question is about the serialization of pk, sk, and context in HElib. In my scenario, there are two trusted parties (A and B), these two parties can encrypt the messages and decrypt the ciphertexts.

So, A will send the context, pk, and sk to B. Then, A encrypts the message and send ctxtA to B, B decrypts ctxtA and sends another ctxtB to A. This example is just for explanation.

But it's confusing in ...

Score: 3
Rígille S. B. Menezes avatar
Making WOTS+ public keys shorter
cn flag

In WOTS+ — as described in section 3 of RFC 8391 — public keys, private keys and signatures all consist of $len$ strings with $n$ bytes each, where $len, n \in \mathbb{N}$. Is it safe to use the hash of the concatenation of all $len$ strings as a short public key? Since you just need the message and the signature to compute the (long) public key, the process would be exactly as described in sectio ...

Score: 2
Are my calculations about WOTS parameters correct?
ca flag

I'm reading the WOTS+ paper, but I'm having some trouble with its notation and specially the involved units. For example, under my interpretation, the parameters n=11, w=16 and m=256 result in a quantum security level of about 81 bits, with a 992 bytes signature length, but that looks incorrect.

To the best of my knowledge, I've made the following script to output public key and signature lengths, and ...

Score: 2
Chito Miranda avatar
Proof that (ring-)LWE secret is unique
us flag

I read Regev's paper in 2005 about Learning with Errors and he mentioned that the secret of a LWE sample is unique but I have not seen a proof of this claim. Can someone point me to a paper proving this claim? Also, for the ring-LWE case, in particular for power of two cyclotomics, is the secret always unique?

Score: 1
Rdrr avatar
CK vs BR Key Exchange Security Models
in flag

I'm writing a paper on Authenticated Key Exchange Protocols. I've read Bellare and Rogway's seminal paper on the subject and I think I understand BR Model and I'm now reading Cenetti and Krawczyk's paper which aims to improve on it. I'm confused as to how the CK model is an improvement of the BR. As mentioned in the appendix of the CK paper, the BR paper phrases their analysis in terms of oracles. They m ...

Score: 2
How do I construct the Fn family of functions of WOTS+ using SHA3?
ca flag

From the WOTS+ paper:

Furthermore, W-OTS+ uses a family of functions Fn : {f_k : {0, 1}^n → {0, 1}^n | k ∈ Kn} with key space Kn. The reader might think of it as a cryptographic hash function family that is non-compressing. Using Fn we define the following chaining function.

I do not understand the meaning of this paragraph. My interpretation of it is that I need a family of n n-bit pseudoran ...

Score: 3
XSalsa20Poly1305 for encryption at rest
cn flag

I just found a project that used XSalsa20Poly1305 for transit and encryption at rest. I am trying to find some information if that is something worth trusting data to.

It feels a little hard to put the information I found into context. I read that a Poly1305 (MAC) with (a good number of rounds of) Salsa20 (cipher) can be an alternative to AES.

  1. Is there a significant advantage of using XSalsa20Poly1305?
Score: 0
hideonjungle avatar
How to understand the per-gate computation overhead of the FHE scheme?
hu flag

In BGV12(Fully Homomorphic Encryption without bootstapping), they investigate the efficiency of a FHE scheme by considering the per-gate computation overhead of the FHE scheme, defined as the ratio between the time it takes to compute a circuit homomorphically to the time it takes to compute it in the clear. I wanna know what means compute a circuit homomorphically and compute it in clear?

Thank you ...

Score: 2
ChipsManfredo avatar
Representation theory in cryptography/coding theory
ke flag

How can representation theory be used in cryptography and/or coding theory?

I am studying a MSc in pure mathematics and I am currently working on things related to biset functors, but cryptography and coding theory are some of my interest areas. I know that classical representation theory (complex character theory) can be applied in group codes, but I haven't found anything related to biset funct ...

Score: 0
NB_1907 avatar
What are the explicit usage of different keys derived from SKEYSEED in IKE?
us flag

We have seven different keys derived from DH key and nonces via PRF in IKEv2 as skd, skai, skar, skei, sker, skpi, skpr. Why different keys are generated for initator and responder for encryption? What are the explicit usage of different keys derived from SKEYSEED in IKE?

For example, ska and skp are defined as "a key to the integrity protection algorithm for authenticating the component messages ...

Score: 3
Is NOTS a valid one time signature scheme?
ca flag

I've just learn about NOTS, a quantum-resistant signature scheme based on hash functions that claims to have much shorter signature and key sizes. Is this signature scheme known to be secure? From looking at the paper, I'm suspicious about the way it uses modulus of indices (couldn't an adversary just generate a hash with the same char counts?). Is it legit? enter image description here

Score: 0
David Merinos avatar
Extra bytes when decryping with OpenSSL
fr flag

The string is encrypted with the following properties (using C#):

myAes.Mode = CipherMode.CBC

myAes.KeySize = 128

myAes.Padding = PaddingMode.PKCS7

myAes.BlockSize = 128

myAes.FeedbackSize = 128

Key: 5753B8AA97BE5B5D9584864DF3134E64

This is my decryption function:

int AESdecrypt(unsigned char *ciphertext, size_t ciphertext_len, unsigned char *key, unsigned char *iv, unsigned char *plaintext)
  {
    ...

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.