Latest Crypto related questions

I have read FHE lately. In Fully Homomorphic encryption using ideal lattice[Gen09], I noticed his recrypt algorithms:

1. We have a ciphertext $\phi_1$ which is encrypted by public key $pk_1$, and can be decrypt by secret key $sk_1$.
2. we use a public key $pk_2$ to encrypt the bits of $sk_1$, and we get $Encrypt_\epsilon(pk_2,sk_{1,j})\to \overline{sk_{1,j}}$.
3. we use the same public key $pk_2$ to encrypt the b ...

As the title suggests, I wonder what kinds of attacks there are in the LFSR filter generator. The most representative attack is the fast correlation attack and inversion attack. I wonder what other attacks are possible.

I have a task that needs M people to approve out of a group of N.

I can obviously implement it in software using a basic ECC signature mechanism. The code on the "server" can send request for N approvals and then send the "approval" after it receives M signatures. I need to worry about replay attacks, tie in the approval identifier properly to the data flows and ensure the counting and verifying  ...

I'm interested in data anonymization techniques and scores for the quality of data anonymization in "the real world". I was told this is also part of cryptography.

What I know: In theory one can use k-anonymity, l-diversity or t-closeness to define the quality. Also the open gda score could be used. Common techniques are generalization, synthetic data and deleting data. I also studied the laws an ...

A few years ago, I've heard about a harsh report from an American institution (I've forgotten which one, but it was something like the NSA) about IACR conferences. Which report could it be?

I think the global point of view of this report was about the fact the topics studied were too much theoretical.

I remembered that it made explicit mention of IBE (but I'm not sure).

I am looking for an encryption protocol with the following properties.

• Alice has a private key $x$. Using this private key, she chooses public key $p$ corresponding to this private key. She let's Bob know about this public key. Bob then uses this public key to encrypt a message to Alice.
• Later Alice wants to receive a message again. She creates public key $q$ using the same private key $x$. Bob the ...

Alice wants to store files $m_i$ on Bob's untrusted cloud storage platform, with the additional restriction that she can only store one master key $k$ herself.

She encrypts the files with keys $k_i$ respectively and obtains $c_i := Enc_{k_i}(m_i) $. She also encrypts the keys as $k'_i := Enc_k(k_i)$ and sends the tuples $(k'_i,c_i)$ to Bob to store.

Seems quite natural that the encryption mode used for  ...

$\forall k \in \{0,1\}^n,m \in \mathbb{M},F_k(m)$ is defined as follows: $F_k(m) = F'_k(m) \oplus k$. It is known that $F'_k$ is a PRF. Note: is the message space and it's assumed that the key $k$ is generated by some Gen algorithm in a random manner.

Must $F_k(m)$ be a PRF too?

I have an intuition that the answer is yes as it does not feel like changing the distribution of the output, but any kind ...

Consider the Decision Diffie-Hellman (DDH) over $QR_n$ (the quadratic residue group over $n=pq$ where $p$ and $q$ are safe primes).According to Boneh's paper, DDH should be hard over $QR_n$ (https://link.springer.com/chapter/10.1007/BFb0054851):

[DDH] Given three randomly sampled $g^x, g^y, g^z$ it is hard to tell if $z = x*y$.

I'm wondering: if given an extra $x^2$ $mod$ $n$, is this problem stil ...

If it is possible, could an attacker create a collision for an MD5 password in a database? Could they look at an MD5 hash output and figure out data that creates the same MD5 hash?

I have encrypted data in AES-GCM with the crypto API. The initialisation vector is then added to the data, forming a unique encrypted string stored in local-storage. Finally, the secret key is stored in IndexedDB.

Since the secret key is non-extractable I though it was secure enough for most use-cases. To my understanding, an attacker would have to rob both the local storage and the indexed db, fi ...

I am using Paillier scheme to encrypt a message however, I have divided the words into alphabets and then convert each alphabet to ASCII code encrypting the final result. It works fine, but I want to encrypt each word. It this possible?

As by encrypting each alphabet the size of encrypted file increases 10 times.

What are keyed hash functions?

Why are they needed? I have never used a hash function which specifies the key so not getting the significance.

The key need not be secret. Why is it so?

My naive understanding of proof-of-work algorithms is that they are essentially a p=np type problem where it's easy to check a solution, but difficult to produce a solution.

I have recently read that some cryptocurrencies are based on algorithms that are designed to be resistant to ASIC mining - they're built to live on the GPU. This got me wondering if there is a proof-of-work algorithm that cou ...