Latest Crypto related questions

Hey can someone please tell me what kind of encryption this is? This is not the whole encrypted code but you should still be able to tell what it is from the structure.

HC1:6BFOXN*TS0BI$ZDFRH5+FPWF9EIZ.0769Y3S3XHP+56R5-F9/17BOMEY4/OBMMD/GPWBILC9GGBYPLR-SNH10EQ928GEQW2DVJ5UL8W2BM8Q.L8SNCYNAK+FA7E7:4N3IK/4S1ARO4R48/3987CGSK37F/HS$*S-CK9B92FF9B9LW4G%89-8CNNM3LK.GVD9O-OEF82E9GX8$G10QVGB3O1KO-OAGJM*KIE9MI ...

I believe I am overthinking it; however, I need to clear out my doubts.

What is exactly RSA groups and how their order is unknown? I know in RSA N is computed by multiplying two prime numbers (p and q) and it is hard to find p and q given N. Is N what is called RSA group?

In VDF they use unknown order of RSA group; however, N is public.

Assuming I have a valid signature scheme, and modify it like:

m = m0 || m1, and output Sign(sk, m0) || Sign(sk, m1).

While it is correct, would this violate existential unforgability?

I've been learning about different types of encryption schemes in class and I was wondering if it's possible to create a private-key encryption scheme that is multi-message secure but is NOT CPA-secure?

It seems that CPA security implies multi-message CPA security, but what about the other way? For example if given a private key multi-message secure scheme what changes would need to be made to ensure i ...

How does LR Oracle model help achieve the CPA security for Multiple Encryption. I am not able to understand how LR oracle model gives an advantage over the normal encryption oracle.(Reference to Chapter 3 Katz).

In computer security applications, to check the integrity of a specific data/program binary, a cryptographic hash function is normally deployed to generate a digest and compare it with a reference digest.

When a remote device proves the integrity of the code and data residing on the platform to a verifying party, it is called remote attestation.

Looking into different remote attestation schemes, I r ...

The encryption function $E_{k^+}: Z_n \rightarrow Z_{n^2}$.
The decryption function $D_{k^-}: Z_{n^2} \rightarrow Z_n$.
$m_1 = 42, k = 15, n=77$.
After encryption, exponentiation and decryption, I get: $$D_{k^-}((E_{k^+}(m_1))^k) \equiv 14 \bmod 77$$ The class of residue of $14$ is of the form: $$\langle 14 \rangle = \{\alpha \in Z: 14 + \alpha*77\}$$ And one of these values is $630 = 14 + 8*77 \ ...

I have searched everywhere in academic papers about time complexity of a brute force attack on a Shamir's Secret Sharing key. I'm confused between if it is $O(p^k)$ or $O(p)$, such that $p$ is the modulo of encryption and $k-1$ is the degree of the encryption polynome. Because practically, if we're going to rebuild the polynome of encryption, it's equivalent to brute forcing all $p$ possible values for  ...

An elliptical curve over $GF(2^3)$ is defined as $y^2+xy=x^3+ax^2+b$ with the given value of $a= g^3$ and $b=1$. $R = P + Q$, where $P = (0, 1)$ and $Q = (g^2, 1)$

Can someone solve this question using an elliptical curve cryptosystem? I have tried solving it but could not do it. I need to find R.

I was reading papers about searchable symmetric encryption these days and in the security definition part the author mentioned:

where state is a polynomially bounded string that captures A1’s state, and the probability is taken over the internal coins of Keygen, A, and the underlying BuildIndex algorithm.

So what exactly do the "state" and "internal coins" mean?

preface: i am not cryptographically savvy. there are similar questions on this board but they do not give the answer i need.

how do i construct a valid IV, given a nonce? What does this have to do with a counter?

im doing 2-way communication with a bluetooth module (it is the server to my phone's client) and its data is encrypted using AES-256-CTR with a 32B key and a 128-bit (16B) counter. after succe ...

This question may be related to this one, though the construction differs.

Let us consider a PRF $f$. We define $g_k$ as $g_k(x)=f(x)\oplus f(x\oplus k)$. Is $g_k$ a PRF, assuming $k$ is chosen at random?

I tried to prove this as follows. Let us consider an adversary $\mathcal{A}$ that is able to distinguish between $g_k$ and a PRF with non-negligible advantage. Let $\mathcal{R}$ be a reduction that has  ...

I'm trying to understand a verilog AES implementation. I know the order of the AES encryption steps to be as shown:

However the code I see doesn't do this. They do the following flow graph: at the beginning of the encryption state is loaded with newstate or the plaintext. The round is set to max and is decremented each round.

They then do the following set of operations for each round until round ...

I want to decrypt a file that has been encrypted using AES-256 in GCM mode in libressl. I have the key but I don't have the IV, is there any way I can still decrypt?

Assume we have the polynomial space $R_q$ defined as $R_q = Z_q/(X^n + 1)$. Additionally, we define the error distribution $\chi$ as a discrete centred Gaussian bounded by $B$. Let $s,t \in R_q$ be randomly selected secrets. Let $r_0=as+e_0$ where $a \gets R_q$ is selected uniformly at random and $e_0 \gets \chi$ is sampled from the noise distribution. We know that given $a$, the distribution of