Latest Crypto related questions

If a company uses Domain Keys Identified Mail ("sender adds a special signature which includes author name / date signed by RSA Private Key. Receiver verifies the signature by looking up the public key of the sender and ensures that the email's sender name and the date in the regular email header matches the signed name and date in the signature tag") and has an online database with employees public key ...

First I just want to apologize for my lack of knowledge in this system.

The professor kind of gave us an exercise to solve before even going through the lessons. I tired to look at videos online but what I only know how to use a 64 bit initial key.

initial 56-bit hexadecimal key: 'B092EBA02E3798' Give the key K16 (on the last turn) to 64 bits in hexadecimal.

So my question is, do I have to turn my 56 b ...

I am just getting into cryptography and currently learning by trying to implement some crypto algorithms.

Currently implementing the Shamir secret sharing algorithm, what I have noticed is that finite fields keep coming up.

I just don't understand why they are relevant yet.

One thing I see is that they can make sure that none of your results are decimal, so no rounding errors, but I strongly doubt that ...

How easy would it be to crack a AES-256 encrypted file, that is protected by a passphrase?

I understand that the trying to brute force a AES-256 encryption key would be on the unfeasible side, even with quantum computing. But what if that encryption key was instead generated from a passphrase? How easy would it then be to break the encryption?

I'm not experienced at all in cryptography, but tried ma ...

So suppose you are doing this locally (so no network noise), and know the exact specifics of your processor too. Is it feasible to figure out the private key (while having access to the public-key) generated by libsodium based on the time it takes to generate a key-pair?

What about other algorithms, how feasible is this in general?

We have DCRA and ECSQRT assumptions.

1. ECSQRT: Square roots in elliptic curve groups over Z/nZ Definition: Let E(Z/nZ) be the elliptic curve group over Z/nZ. Given a point Q ∈ E(Z/nZ). Compute all points P ∈ E(Z/nZ) such that 2P = Q.
2. DCRA : DCR: Decisional Composite Residuosity problem Definition: Given a composite n and an integer z, decide if z is a n-residue modulo n² or not, namely if there ex ...

Is there an encryption function that preserves the properties of the numbers that are inputted into it?

For example, is there an encryption function that, when two numbers are inputted into this function, e.g., 2 and 4, and those numbers are encrypted using the same encryption key, the raw encrypted output of 2 is always half of the raw encrypted output of 4?

I realise that s boxes are able to make the transformations done in AES non-linear. However I am unsure how this makes AES secure. For instance if we had no s box then it is possible to calculate the key from a set of linear equations:

$C^1=Ax+k$

$C^2=AC^1+k$

...

$y=AC^n+k$

Where A is the linear transformation, k is the key, C as the intermediate ciphertexts, n as the number of rounds of encryption,  ...

I have to verify that the user has registered and is currently logged out without identifying the user. Essentially, I am looking for privacy-oriented authorization mechanisms which prevent simultaneous user sessions.

I am developing an application which stores user's private Identity key (ed 25519) on user's hard drive without any security.

What are the best practices / standards to save private key on hard drive, so even if the filesystem is hacked, keys are secure.

We are building out data masking framework mainly to mask PIIs. Our scale is pretty large, and masking will be done at ingest time, so we want the masking to be done in a very performant manner. Some of the constraints we have are that we would like the masking to be deterministic and reversible. I have looked at AES encryption to encrypt PII, especially AES SIV, on my macbook, it takes around ~2 millis ...

So if we look here, it shows that libsodium uses three 3 different algorithms for this, which sounds weird to me, cause nothing indicates that anything besides Curve25519 is used in those specific functions (the boxes specifically take private and public keys and nothing indicates there is any key generation for XSalsa20):

https://doc.libsodium.org/public-key_cryptography/authenticated_encryption#algo ...

Imagine a scenario:

1. Alice and Bob want to use a platform where they log in using email and password. The platform can be accessed on desktop and mobile devices.
2. Alice would like to store encrypted information in a database or send encrypted files to an S3 server
3. Bob will be able to fetch this encrypted information (data + files) if the server allows to (Alice granted Bob access to this data)
4. Both Bob an ...

Efficient Verifiable Delay Function paper suggested that there is two way to construct the group. One of them requires trusted setup in the sense whoever constructs the RSA unknown group order needs to destroy the factors otherwise fake proof can be constructed.

Another way is using a class group of imaginary quadratic fields. However, the paper didn't give an example of how it can be used. Is ev ...

The problem I'm trying to solve: Identifying the cheater in (3,5)-Shamir's secret sharing when we can see only the 3 shares that were given to the system in the secret reconstruction process, and we can inquire the 3 people who inserted the shares into the system(they don't know what the other people inserted). Also, we have no knowledge about the correct secret, but we do know the wrong secret.

 ...