I am solving a four-round Feistel network using pseudo-random round function is a strong pseudo-random function for security against adversaries, but I don't understand that how to solve I know 3 round.

Can you please explain the procedure?

I am assuming ${F : \{0,1\}^λ × \{0,1\}^λ → \{0,1\}^λ }$ be a secure PRF with in = out = λ, and define ${F^∗ : \{0,1\}^{4λ} × \{0,1\}^{2λ} → \{0,1\}^{2 ...

I am struggling to understand the DS-MITM attack on AES (Original Paper). Especially the 4-rounds distinguisher by Gilbert and Minier (section 3).

I get the basic idea that we check exactly on which input-bytes and key-bytes the first entry of the AES-State after three rounds $C_{11}^{(3)}$ depends. So we have a function $f: a_{11} \longrightarrow C_{11}^{(3)}$ (where $a_{11}$ is the first plaint ...

Let's consider a block cipher in CTR mode. And let's consider a keyed PRNG or just a good PRNG with a seed as the key. The PRNG has to be very fast.

Is it a good idea to put away the key schedule and do "infinite" key scheduling by generating a keystream? Then every block in the cipher will be encrypted with a different key.

Of course, even a fast PRNG needs some time to generate a few 128 -bit keys ...

I am keep generating RSA keys for 512/1024/2048/4096... as bit size. Each time the key length is increasing.

Is it possible to generate/use keys other than the above bit sizes. Let us say 800/1000/2000/...

Am I missing any theory behind ?

I took a look at Cloudflare Circl because I'm curious which Post-Quantum algorithms are implemented in Go, which could be used to exchange a key.

I read this comment that SIDH is only good for ephemeral key exchange, in contrast to CSIDH.

Question 1:
Therefore, I wonder, what characteristics must a Post-Quantum algorithm have to be suitable to create a long-term static key for key exchange (like RSA  ...

In chapter 3 of Katz Textbook, there is a theorem which states as follows:

"Any private key encryption scheme that is CPA-secure is also CPA-secure for multiple encryptions."

I can make sense of the theorem as CPA secure scheme requires randomized encryption and hence encrypting multiple messages will also be secure. How can I prove this formally?

The recommended parameters for a secp256k1 ECDSA curve are:

(All values are in hexadecimal)

p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 
    FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F
a = 00000000 00000000 00000000 00000000
    00000000 00000000 00000000 00000000 
b = 00000000 00000000 00000000 00000000
    00000000 00000000 00000000 00000007
G = 02
    79BE667E F9DCBBAC 55A06295 CE870B07
    029BFCDB 2DCE28D9 5 ...

I was recently watching Sneakers (which Len Adleman advised on their "cryptography" sub-plot), which included a line along the lines of:

[Some hardware that ostensibly breaks American cryptography] doesn't work against Russian codes.

The speech that Adleman advised on seems vaguely like a description of a more powerful Number Field Sieve [1], so this would be consistent with Russia having standa ...

I am currently looking into how AES works and found a calculator online: http://testprotect.com/appendix/AEScalc

I understand that the AES process has 10 rounds of calculations. Does this mean that this calculator only provides the cipher text for round 0? Would I need to copy the output cipher text and manually paste it into the input of the calculator and encrypt it with the same key 10 times?

After stumbling upon this question, I wondered if I could obtain a behaviour similar to WireGuard (private and public keys) by using the same WireGuard private key to encrypt a message via OpenSSL in one end, and having the other end being able to verify that message signature by possessing the WireGuard public key. So it could work as some sort of authentication/validation for a request.

For example ...

I work on a project about CAN bus and I want to encrypt the data among nodes but I have have a problem because CAN bus nodes receive and send 8 bytes among each others and I know the size of AES output is exactly the same as the input. I am confused. As far as I knew, AES works in blocks of 16 bytes. My question is :

How can I reduce the output aes size to enable CAN bus nodes receiving 8 bytes c ...

I first generate a keyfile with openssl rand -hex 64 -out keyfile.

I then encrypt the file with openssl enc -aes-256-cbc -salt -in large_file.zip -out large_encrypted.bin -pass file:./keyfile.

I am encrypting files sized anywhere from a few bytes to 1TB. I will be using this in a simple bash script.

1. Is this secure in 2021? Should I use a different cipher?
2. Can any metadata leak from the encrypted file? ...

Alice split a long string P into two segments A and B. A is relatively short and B is long.

H = sha256(A + B)

Bob does not know P, but knows H.

Is it possible for Alice to prove to Bob that A is the prefix of P, but only needs to provide additional information much shorter than B?

I understand that we can verify that given a private input a and a public input b that we can verify a is greater than b. But what if I want to keep both inputs private?

The context is a sealed auction where we need to verify who out of the private bidders has the highest bid. I haven't seen any examples of how this can be achieved but hopefully somebody on here can help point me in the right direction.

The Setup

I have a table of values for which I need to compute a salted hash for each table-cell value. Furthermore, I need the salt for each table cell to be unique and unpredictable. (I can explain what motivates this need later, but for now I don't want to distract from the problem statement.)

Now I don't want to add an extra column per existing column in a table just to store this unique, per-cell ...