Latest Crypto related questions

Score: 2
Laura avatar
Is generalized birthday attack only suitable for the problem with multiple solutions?
dz flag

In David Wagner's article A Generalized Birthday Problem, he said and I quote:

Our algorithm works only when one can extend the size of the lists freely, i.e, in the special case where there are sufficiently many solutions to the k-sum problem.

  1. Does that means that the generalized birthday attack only applies for the problems with multiple solutions?
  2. Why is it not suitable for the problem with on ...
Score: 1
8n8 avatar
Is it safe to reuse Noise static keys in different handshake patterns?
us flag
8n8

In the Noise protocol, is it safe to reuse static key pairs in different handshake patterns? Like using XK to communicate between client and server, and KK to communicate between clients, but with the same static keys.

Score: 1
Joseph Van Name avatar
Do groups generated by round functions generate the alternating group?
ne flag

Let $K,X$ be sets and let $F:K\times X\rightarrow X$ be a function. For each $k\in K$, let $f_{k}:X\rightarrow X$ be the function where $f_{k}(x)=F(k,x)$ whenever $k\in K,x\in X$. Assume that each $f_{k}$ is a bijection.

Suppose that $F$ is the round function for some cryptographic function such as AES-128 or some cryptographic function.

If $F$ is a cryptographic function, then I do not expect for

Score: 2
Doron Bruder avatar
is $F_{k_{1}}(m)||F_{k_{2}}(F_{k_{1}}(m))$ always a PRF? when F is a PRF
vn flag

is $F_{k_{1}}(m)||F_{k_{2}}(F_{k_{1}}(m))$ always a PRF? when F is a PRF

As an intuition it seems to me that the answer is "NO" as the two halves of the output depends on each other

Score: 0
Public key size for different elliptic curves
pk flag

Let's say I want a certain level of security (eg 128 bits) when using ECIES but I also want to minimise communication, does the elliptic curve used matter on the size of the public key? If it does matter, what is the current state of the art elliptic curve and how does it compare with popular elliptic curves such as Curve25519 or secp256k1?

Score: 0
What hash structure is Facebook Diem using?
am flag

Some cryptocurrencies use fixed values in some positions in the resulting hash, like a fixed amount of initial zeros. What fixed positions and fixed values are Facebook Diem using?

Score: 2
Sean avatar
Pedersen Commitment and Computational Zero Knowledge
yt flag

I am curious at how "good" is computational zero knowledge? Consider Pedersen Commitment $z = g^x h^y$. There exists perfect ZK protocol (based on Schnorr's) to prove that one knows the secret $x$ and $y$. But how about the following "relaxed" one:

(1) The prover sends $G = g^x$ and $H = h^y$ (and the verifier needs to verify $G\times H = z$); (2) The prover runs two instance of Schnorr's protocol to pro ...

Score: 0
Petar Atanasov avatar
Verify data integrity without being able to see the clear text
cn flag

I have a distributed application with many participants. The participants can be in different groups (channels). Is it possible for all data sent in all channels to be accessible as encrypted data, all participants to be able to verify the integrity of the data but only those who were part of the specific channel can actually decrypt the data?

Score: 0
HM Tanbir avatar
Prepare signing/verifying module from node js crypto
cn flag

I'm working on a node crypt module that will signing/verifying. I have managed the verifying module:

'use strict';

const crypto = require('crypto');
const fs = require('fs');
const path = require('path');

const publicKey = fs.readFileSync(path.join(__dirname, 'key.pub'));
const encryptDataPath = path.join(__dirname, 'encryptData.txt');
let encryptData = fs.readFileSync(encryptDataPath).toString() ...
Score: 0
cryptonoob avatar
Determine if a function is a PRG when PRG concatenated with Seed?
bd flag

I am a newbie in Cryptography and have trouble to solve the following question.

Let $G: \{0,1 \}^n \rightarrow \{0,1 \}^{l(n)}$ be a PRG and $x \epsilon \{0,1 \}^n$. Determine if the function $Z: \{0,1 \}^n \rightarrow \{0,1 \}^{(l(n)+n)}$ s.t. $Z(x) := G(x)||x$ is also a PRG.

My first assumption was that it is a PRG, because the concatenation of the PRG Output G(x) as pseudorandomstring with a u ...

Score: 1
Hormoz avatar
So is AES-256 more secure or less secure than AES-128 after all?
us flag

It seems there are attacks that work more effectively on AES-256 than AES-128, which makes it less secure in some cases. But the bigger key size should add some safety margin on the other hand, for example making it immune to even quantum computers. And I have heard some people say that more rounds make it less secure, and others say that it makes it more secure.

Score: 1
SherLin avatar
How to use OR Proof of sigma protocol to prove a commitment C is a commitment to 0 or a commitment to 2
in flag

Such as the following relation: $\mathcal{R} = \{(C,g;r): C = g^r \vee C = g^r h^2 \}$

Score: 0
Merkle-Damgård construction
bw flag

Let $H^f$ be a hash function designed using Merkle-Damgård construction on $f:\{0,1\}^{2n}\to\{0,1\}^n$. Write an algorithm that makes approximately $2.2^{n/2}$ many queries to $f$ and find four messages that all hash to same value under $H^f$.

I get an idea to use length extension and 2 birthday attack to get four collision. But I am not able to write the appropriate solution. Can anyone help m ...

Score: 2
DatagramDigger avatar
Why is ECDHE safe when paired within signing?
us flag

I wanted several videos by Computerphile on Elliptic Curve Diffie-Hellman, digital signatures and TLS.

For the most part I understand everything but something is bothering me. Computerphile made a video explaining using RSA with ECDHE to ensure nobody is messing with the messages in the middle. The video is titled Key Exchange Problems. I don't understand how introducing a cryptographically signe ...

Score: 7
Has there ever been any real world consequences of using probabilistic primality tests for RSA or other similar systems?
et flag

Considering the huge amount of RSA certs which have been generated, wouldn't there probably be a small number of certs where one of the primes which may have actually been a composite? Has this ever been a problem in the wild?

I think RSA with such a p & q will fail signature verification & decryption. So in these cases, I don't think the tools would give a proper error message & this ...

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.