Latest Crypto related questions

If a cryptographic protocol has a computational security parameter and a statistical security parameter, does this mean it is only computationally secure instead of information-theoretically secure?

I am wondering because this answer says that statistical indistinguishability is when the adversary is computationally unbounded: https://crypto.stackexchange.com/a/11790 . That would imply that the presence o ...

Hey I'm wondering if the following scheme is secure or not , I tried reductions and some tries to prove that it not must be secure but I feel completely stuck .

More details:
It's just any reduction that came to my mind (up to my knowledge) required knowing $k$ . I tried to use the 'classic' technique of trying to simulate somehow the original Mac and get into a contradiction of it being insecure ...

I am wondering if encrypting a file with AES will reduce or increase its file size and generally by how much. Thanks for any tips or advice.

I'm trying to obtain a random, unpredictable quite long number (± 20-25 digits) using Javascript (created by user's client) as fast and light as possible. Is this solution reliable, robust and secure enough?

When the online page is opened, the 13-digit timestamp is stored. A timer determines the number of milliseconds before user clicks on 'OK' (let's assume he got a short text to read or anythi ...

I'm curious about the relation between the Discrete Logarithm and Decisional Diffie-Hellman. Is it safe to have an assumption like the following to link the two?

Given uniformly and independently chosen g^x and g^y, if there is an efficient algorithm that can distinguish g^(xy) and random g^r with non-negligible probability, then there is an extractor that can extract x or y with non-negligible p ...

In SIDH, either party chooses its secret point $R_A = [m_A]P_A+[n_A]Q_A \in E[\ell_A^{e_A}]$, $R_B = [m_B]P_B+[n_B]Q_B \in E[\ell_B^{e_B}]$ from two different sets $E[\ell_A^{e_A}]$ and $E[\ell_B^{e_B}]$. What is the issue if the two points are chosen from the same set ($E[\ell_A^{e_A}]$ or $E[\ell_B^{e_B}]$)?

if a cryptographic protocol has a computational security parameter and a statistical security parameter, does this mean it is only computationally secure instead of information-theoretically secure?

I am wondering because this answer says that statistical indistinguishability is when the adversary is computationally unbounded: https://crypto.stackexchange.com/a/11790 That would imply that the presence of  ...

Given a group signature, it is not feasible for anyone except the only group administrator to determine the identity of the signer, at least computationally difficult. In the event of a dispute, the group administrator can open a signature to determine the identity of the signer, and no one can prevent the opening of a legal signature. Can the multi-signature algorithm be like the group signature algori ...

Suppose user A encrypts some data using his public key and stores the data publicly. Later user A would like to transfer that same data to user B publicly by encrypting it using user B's public key.

What is the best way to verify that the same data was transferred to user B without knowing the data, user A, and user B's private keys?

Does the key sizes specified in Australia's ASD Approved Cryptographic Algorithms impact operational performance?

The larger the key size the slower the operational performance. Is it true?

The set of ASD Approved Cryptographic Algorithms can be found below:

• Diffie-Hellman (DH) for agreeing on encryption session keys
• Digital Signature Algorithm (DSA) for digital signatures
• Elliptic Curve Diffie-Hel ...

I don't quite understand why a smaller quotient between modulus $q$ and the noise's standard deviation implies better security against known attacks.

In FIPS 140-2 Part 2:Interfaces and Port in the security policy of product told : 1- "the output data path is provided by the data interfaces and is logically disconnected from processes performing key generation or zeroization. No key information will be output through the data output interface when the module zeroizes keys." What is this meaning? 2- And this "The output data path shall be logically di ...

Given a Hash Function H, how are the properties such as collision resistance, target collision resistance, one wayness, and non-malleability proved? I have read about hash function and stating that it is collision-resistant but how are they formally proved? If a hash function satisfies all the properties will it act as a random oracle model?

What's the required key usage/extended key usage for signing documents, eg.PDF, Word, PowerPoint, Excel, etc...

I am going to create a self-signed certificate that is needed to sign those documents. I wonder which key usage is required as there are many types that I can choose.

Note: I just need a self-signed certificate, not from trusted CAs.

Let $x$ be a random element from $QR_n$, the quadratic residue group over Blum integer n (where $n=p*q$ and $p$ and $q$ are safe primes), and $g$ a generator of $QR_n$. Are the following computationally indistinguishable?

$$(x^2 \mod n, g^x) (r^2 \mod n, g^x)$$

The intuition is that it's hard to compute $x$ from $x^2$ and $g^x$. Could this be reduced to some standard assumptions?