Latest Crypto related questions

Score: 2
foo avatar
Confusion+Diffusion comparison table? (e.g. with Avalanche Criterion / SAC)
br flag
foo

I'm looking for a general comparison of encryption algorithms in regard to Confusion and Diffusion (as defined by Claude Shannon), and if possible, specifically for their SAC and BIC quality.

For example, xor-streaming ciphers have no (0, zero, zilch) diffusion - you switch 1 bit in the ciphertext, you know which single bit in the plaintext after decryption will be flipped.

Most ciphers, especially blo ...

Score: 1
Rafael Werlang avatar
Is a single 256 bits hash table in which the digests are from mixed cryptographic hashing algorithms still considered collision resistant?
aw flag

Consider a single hash table containing digests from about 10 different 256 bits cryptographic hashing functions, like SHA256, SHA3, KECCACK256, BLAKE2, BLAKE3, etc...

Is such table still considered collision resistant?

I am inclined to think so, but I might be missing something.

Score: 3
infinite-blank- avatar
Quickest way to find MD5 collision
es flag

I'm trying to find a MD5 hash collision between 2 numbers such that one is prime and the other is composite (at most 1024-bit). I'm using fastcoll with random prefixes for each iteration.

For this I wrote this script:

import subprocess
from Crypto.Util.number import bytes_to_long, isPrime
import string
import random

won = False

N = 10

while not won:
    # Run the fastcoll executable to generate ...
Score: 0
SN-Grotesque avatar
How does the public key cryptography algorithm generate a public key based on the private key?
im flag

Because of the need of the project, I want to develop a simple public key cryptography algorithm, but I have doubts when generating the key pair.

I have learned about the key generation process of RSA. It is to prepare two coprime numbers (p, q), multiply them to obtain N, and then calculate L (that is, L=lcm (p-1, q-1)), calculate the public key (pk is a number larger than 1 and smaller than L,  ...

Score: 2
crypt avatar
Paper based OTP and MAC
cn flag

Consider the following paper based OTP

  1. Plaintext has 11 possible symbols 0-10.
  2. $C_i = M_i + K_i\ mod\ 11$.
  3. $K_i$ comes from a pre-shared key material which is never reused.

How to introduce data integrity/ MAC in it which can be calculated using pen & paper.

Score: 0
Bean Guy avatar
Why it is important the notion of equivalent divisors in pairing definitions?
in flag

Following the book Pairing for Beginners, the Tate pairing computation requirements are:

  1. Let $P$ be an point on the $r$-torsion subgroup in $E(\mathbb{F}_q)$.
  2. Let $f$ be a function whose divisor is $(f) = f(P) - r(\mathbb{O})$.
  3. Let $Q$ be a point of $E(\mathbb{F}_{q^k})$.
  4. Let $D_Q$ be a degree zero divisor that is equivalent to $(Q) - (\mathbb{O})$, with disjoint support to the one of $(f)$.

The  ...

Score: 2
Joe avatar
Why must ECDSA verification ensure the point is on the curve?
kp flag
Joe

In ECDSA, when parsing the public key a test is made to ensure the public key really lies on the curve. What vulnerabilities appear if one does not do this?

Score: 1
user108142 avatar
LWE encryption: Errors for encrypted messages
sy flag

I am following this paper Encryption from Learning with Errors for the generation of errors e1 and e2 to retrieve the ciphertext u and v as described below.

u = Ar + e1
v = br + m (q/2) + e2

For this text:

We require for this algorithm to work that the χ distribution has a mean of zero and, with overwhelming probability falls into the range [−q/4, q/4]. If we require perfect correctness, then we can ...

Score: 2
misaq saadat avatar
Implementing ECDSA threshold using a secret sharing scheme
am flag

My question might be a duplicate but I wasn't able to find a similar question.

I recently developed a wallet-like app and I am trying to implement some MPC features.

I searched a little and even asked ChatGPT about how I can achieve that.

I know how ECdsa and how Shamir’s secret sharing work but I can't find a way to combine their functionalities.

I need functionality similar to this:

n parties have ...

Score: 0
troubleddev avatar
Use name as the initialization vector to encrypt passwords for users
ps flag

I'm using AES-256-CBC to encrypt password for a set of users, and for each user in the database we gotta generate and store the password in the database. The database has constraint that the name of the user must be unique, so I was wondering if using the name of the person as the initialization vector was okay, because names are sufficiently random for a cryptographic perspective, if I encode it to ...

Score: 2
Kevin Perez avatar
Walsh-Hadamard transform in randomness testing
ge flag

I am working on using the Hadamard transform as a way to map randomly generated values and then apply statistical tests as defined by Nist or other institutions. One resource online I found particularly helpful, yet I do not seem to have the mathematical intuition to understand some parts. The python code and the text are found on quant at risk.

2D matrix of $x_{\text {seq }}$ holding our signal ...

Score: 3
Chris avatar
Proving that a PRG is predictable
lk flag

I am attending the video lectures from Prof Dan Boneh. He gives the following example.

Let $G:\mathcal K\longrightarrow \Bbb Z_2^n$ be a PRG with the property that from the last $\frac{n}{2}$ digits of $G(k)$ we can easily compute the first $\frac{n}{2}$ digits of $G(k)$. We want to show that $G$ is predictable for some $i\in\{0,\dots,n-1\}$.

Well, it is clear that we should use the contrapositive ...

Score: 3
Eshkod avatar
Why: $G'(s) = G(s_1, \ldots, s_{\lfloor{n/2}\rfloor})$, where $s = s_1, \ldots, s_n$ is PRG?
gp flag

I'm a novice reader of Introduction to Modern Cryptography, where it states:

Let $G$ be a pseudorandom generator with expansion factor $\ell(n) > 2n$.
In each of the following cases, say whether $G′$ is necessarily a pseudorandom generator. If yes, give a proof; if not, show a counterexample.
(a) Define $G'(s) = G(s_1, \ldots, s_{\lfloor n/2\rfloor})$, where $s = s_1, \ldots, s_n$.

I thoug ...

Score: 1
Javier Albarracin avatar
How is asymmetric encryption possible if you need a passcode in order to encrypt something?
et flag

Cant you look at the algorithm used to encrypt and find the private key from the public key that way? As an example, here's a simple python algorithm that encrypts an input:

rnd.seed(int(pasc))
return [(tran_ltn[content[i]] + rnd.randint(400, 1400)) for i in range(len(content))]

This is obviously symmetric. However, if I wanted to make it so that a different passcode decrypts this output, I could writ ...

Score: 1
filter hash avatar
Is the composite order matrix-DDH secure?
cn flag

I recently read a paper that proposed a matrix-DDH which is a matrix variant of DDH assumption. The brief definition is follows:

Let $G$ be a group of prime order $q$. Then, the matrix-DDH says that it is hard to distinguish between two distributions: $\{[A], [A\cdot w] \} \approx \{[A], [u], u\leftarrow \text{random} \}$.

Here, the bracket notation $[x]$ denotes the group element with discrete logarit ...

Score: 0
Koray Kaya avatar
Is it possible to generate a read-only key for a symmetrical encryption (AES)?
om flag

I am working with hardware that can only encrypt with AES. The problem with this is that the message must be publicly verifiable, without the encoding key being exposed. This is the textbook use-case for asymmetrical keys, yet the hardware does not support this. I cant come up with a method myself where a message is encrypted with AES and decrypted with an asymmetrical public key. Is there a way to do t ...

Score: 1
user108142 avatar
LWE Decryption: Generating errors for (c1, c2) that match binary message m
sy flag

In the encryption process, the ciphertexts c1 and c2 are added to errors e1 and e2 each to get noisy ciphertexts u and v.

c1 = A * r
c2 = b * r + m * (q/2)

u = c1 + e1
v = c2 + e1

However, choosing a random value for e1 and e2 would cause u and v to not match to its message m. Wikipedia and several research papers suggest using discrete Gaussian distribution to choose e1 and e2 that match with m. The e ...

Score: 1
Emison Lu avatar
Circuits for general computing
bl flag

In TCS, functions need to be converted into boolean circuits.

So is this Boolean circuit a combinational logic, i.e. a directed acyclic graph, satisfying the topological order?

I would appreciate your answer. Thanks!

Score: 1
EmbeddedEnthusiast avatar
AES-GCM and tag length
im flag

Due to protocol limitations, I can put in 24 bytes of data only for tx (excluding headers), if I use AES_GCM for encrypting my data, I understand I don't need to worry about padding.

For instance, if my data is 22 bytes, I would be getting a 22 bytes encrypted output. So, I had zero-ed in on AES-GCM or AES-CTR. However, I have observed AES-CTR stream cipher is not available in Microsoft crypto li ...

Score: 1
Sujan SM avatar
How is Crystal Kyber CPA-secure algorithms converted into a CCA-secure algorithm
br flag

In Crystal Kyber specification, page no10, there are 3 algorithms namely KYBER.CCAKEM for making the CPA-secure Kyber into CCA-secure one.

Q1: How is the shared key K being generated in KYBER.CCAKEM.Enc & KYBER.CCAKEM.Enc related to the CPA-secure algorithms ?

Q2: Is the shared key K used as input parameter of sorts, for the CPA-secure algorithm ?

Score: 0
alpominth avatar
Is there a way to make a pseudorandom function to generate decimal numbers in a specified range and not only producing big ones?
il flag

When I try to generate decimal numbers in the range 0-18446744073709551616 using a hash function I always get big numbers like this:

$ A=$(date | b2sum -l 64 | awk '{ print $1 }'); echo $(calc 0x$A)
16324260068905187599
$ A=$(date | b2sum -l 64 | awk '{ print $1 }'); echo $(calc 0x$A)
5500525113920202581
$ A=$(date | b2sum -l 64 | awk '{ print $1 }'); echo $(calc 0x$A)
2795550665156396173
$ A=$(da ...
Score: 0
alpominth avatar
Once a secure hash function built up a (fast) internal hash table, can data to be hashed be different from the data inserted when doing the lookups?
il flag

One experienced user of this forum said: "The key is the input of the hash function to build up a fast internal hash table. The key is hashed again to perform the lookup.".

If I hash a data such as a 262144-bytes seed (as SMhasher does) is passed through a hash function to build up a fast internal hash table, can the secondary lookups include different data such as a counter appended to the seed again? I ...

Score: 5
PCFX avatar
Is it insecure to sign the value 0 with ElGamal?
sl flag

Is it insecure to sign the plaintext 0 with ElGamal signature algorithm? Can this leak the private key, give the possibility to forge other signatures or does provide any other attack vector?

Score: 1
Kevin Perez avatar
Frequency Monobits Test
ge flag

As detailed in the paper Statistical test suite for random and pseudorandom number generators for cryptographic applications by NIST, the first test is given as a basic significance test, it uses a bit sum and calculates the p-value and test statistic. But I do not have the clearest understanding of why $S_{obs}$ is defined as the sum of the sequence divided by the square root of the length of the s ...

Score: 0
rzxh avatar
Is there any new progress on the issue of 2-server private information retrieval with secret shared index?
de flag

Recently, I encountered a secret retrieval problem. In my scenario, two parties each holds a secret share of index $i$, and they want to get $bucket_i$ together. I found that CCS17 paper Floram is quite good, they observed that computing PRG with general 2PC method like GC can be avoided when generating FSS correction words, which is a very neat idea. However, they needed to decrypt that encrypted

Score: 1
Cisco Saeed avatar
How to recover y-coordinates when using XZ montgomery curve
pl flag

I am using Montgomery ladder with Montgomery curve $by^2=x^3+ax^2+x$ using XZ coordinates and I recovered the $X$ value using $X3=X1/Z1$, but I don't know how to recover the $Y$ coordinates.

for Double and add ladder I am using this:

      A = X2+Z2
      AA = A2
      B = X2-Z2
      BB = B2
      E = AA-BB
      C = X3+Z3
      D = X3-Z3
      DA = D*A
      CB = C*B
      X5 = Z1*(DA+CB)2
      ...
Score: 0
gabbar avatar
Clarification regarding AES-CTR
tk flag

I was recently trying to perform a AES-128 CTR Encryption and Decryption.

I had a observation that if a AES-CTR encrypted value is encrypted again (with same key and Iv) it results in the plain text that was in encrypted in first place.

Just want to the reason behind this and does any other AES scheme support this similar behaviour ?

Thanks!

Score: 0
Aditya avatar
Is size of key space divisible by size of message space for a encryption scheme following perfect secrecy?
no flag

In a perfectly secret encryption scheme, any ciphertext c can be decrypted in |K| ways and it should decrypt to any message with equal probability (assume messages are uniformly distributed over message space). Does this imply that |K|(size of key space) is always divisible by |M| (size of message space) for perfect secrecy?

Score: 1
Wan avatar
prove of disprove the modified shannon's theorem when the correctness requirement is relaxed
se flag
Wan

Suppose the correctness requirement of private-key encryption scheme is now relaxed to require only that $$ \Pr[Dec_k(Enc_k(m)) = m] \ge \frac{1}{2} + \epsilon. $$ Prove of disprove that if an encryption scheme satisfies the perfect secrecy and the relaxed correctness, then $|M| \le 2|K|$, where $M, K$ are the message space and the key space, respectively.


The following is my thinking. Assume $|M| > 2 ...

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.