# Latest Crypto related questions

Score: 0 Encrypted data sharing in decentralised system Alice encrypts file using her public key and upload it to decentralised file store (some service). Bob buys access to the file. Is it possible to share decrypted file with Bob without having Alice's key? Decentralised file store doesn't store any private keys, but it knows that Bob has access to the file (e. g. from smart contract).

Score: 0 Let user(s) chose to mint a specific NFT from a solana collection I have a collection of images to transform in NFTs. For that purpose I have selected to work with solana blockchain, since it is fast and cheap.

I have used the following software resources:

• solana-cli
• node.js
• metaplex
• candy-machine-mint

In order to publish a collection, I needed to order the tokens from 0.png to Nth-1.png, and I have done some tests on solana devnet. In fact, I have the project almost ...

Score: 0 Fast implementations of verifiable Shamir's Secret shares One way of verifying Shamir's secret shares is to use the technique by Feldman where $$c_0,\cdots,c_k$$ represent the coefficients of the polynomial $$p()$$ in $$\mathbb{Z}_q$$. For verifying share $$(i,p(i))$$ and public parameters group $$G$$ of prime order $$p, q|p-1$$ and generator $$g$$, the share generator provides $$(g,d_0,\cdots,d_k)$$ where $$d_j=g^{c_j}, j \in\{0,1,\cdots,k\}$$. The receiver of the share

Score: 0 Purpose of modulus in one-time pad? I have the following question and don't really understand it. I thought OTP offers perfect secrecy, why do we need modulus? Can somebody please help me answer the question?

$$Z_n$$ denotes the ring of integers $$\pmod n$$. Alice and Bob share a random key $$k \leftarrow Z_n$$. Alice wants to send a bit $$b \in \{0, 1\}$$ securely to Bob (so that Eve cannot learn any information about $$b$$). She computes $$b ...$$

Score: 0 MPC approach to compute +/- 1 times a variable In an MPC protocol, does anyone know a better way to multiply a var p by epsilon in {-1,1} than using a beaver triple ?

(I am thinking about doing it in a SPDZ like protocol such as Overdrive)

Score: 2 Is it insecure to make nonce using random number generator and hashing algorythm with secret key like HMAC? I'm building a project on Arduino Mega microcontroller and I need some nonce generator for challenge-response exchange. But I failed to find some alphanumerical string generators. Then I came up with an idea to make one using the random() function that generates random int in limit you give and hash that integer with HMAC using another secret key (one that could be auto-generated on startup since it  ...

Score: 3 What is/was SEC#1 ECC public key leading octet 0x01 for? In the SEC#1 elliptic curve cryptography standard, the encoding of the public key involve a leading octet:

• 00h: The public key is the point at infinity.
• 02h, 03h: The public key is the compressed point.
• 04h: The public key contain both x and y coordinates.

What is (or was) the value 01h for? Had there been other values defined for ECC?

Score: 1 Literature about cryptography and programming on c++ I'm interested in learning about cryptography and making something practical out of it - make own cryptocurrency sometime im future.

I think I have good knowlegde of c++, I learned from learncpp.com and from Bjarne's books. So first what I need is book about basics of cryptography. After that I would do some practical things so I need something to cover cryptocurrencies in c++.

Any suggestions? Than ...

Score: 1 How to know if you have guessed the correct Diffie-Hellman shared secret? Given only $$p,$$ $$g,$$ $$A = g^a\pmod{p}$$ and $$B = g^b\pmod{p},$$ the possible values for the shared secret are all the unique values of $$A^b\pmod{p}$$, where b is some integer. The shared secret is also equal to $$B^a\pmod{p}$$, where a is some integer.

So, we can check each one of these possible values for the shared secret. My question is, how do we check if a number is the correct shared secret?

My guess i ...

Score: 1 Can I use SHA256 from BIP39 passphrase for auth credentials? I am working on an E2E encrypted app. I am using OpenPGP.js and storing public and private keys on the server. The private key is encrypted with a BIP39 passphrase which is stored in browser LocalStorage so it's never sent to a server. But I also need some credentials for users to login.

My idea is to make SHA256 from BIP39 passphrase and split it to two strings. First can be used for "username"  ...

Score: 2 Pre-image attack on non-cryptographic hash functions I am not good at cryptography so please :)

After reading this discussion it is now clear to me that xxHash is not resistant to collision attacks and is not secure for MAC usage. But after reading it, I still don't understand how resistant XXH3 (one of xxHash family) is to preimage attacks.

Yes, XXH3 output is $$64$$/$$128$$ bits which means that the probability to find image is $$2^{64}$$/$$2^{128}$$ correspondi ...

Score: 1 Secret sharing is based in random variables that are uniformly distributed? In Rabin and Ben-Or, their basic assumption is that each participant can broadcast a message to all other participants and that each pair of participants can communicate secretly. Hence, they design a protocol of communication that is called verifiable secret sharing protocol (VSSP), and show that any multiparty protocol, or game with incomplete information, can be achieved if a majority of the play ...

Score: 2 Grover algorithm for public key cryptography - FrodoKEM I am wondering if one can apply Grover algorithm on a key encapsulation mechanism in order to crack the shared key.

For example, FrodoKEM is a key generation protocol that, for some parameters, shares 128 key bits.

Can we break it using Grover? i.e. reduce it to $$2^{64}$$ operations?

Reference for FrodoKEM: https://frodokem.org/files/FrodoKEM-specification-20171130.pdf

Score: 2 Equivalent conditions for perfect secrecy of a symmetric crypto system I've been reading about perfect secrecy in crypto systems and I've ran across two definitions which turn out to be equivalent.

The first is Shannon secrecy:

A crypto system $$(\cal K, \cal M$$, $$\text{Gen, Enc, Dec})$$ is said to have Shannon secrecy if for all distributions $$\cal D$$ over $$\cal M$$ and for all $$m\in\cal M, c\in \cal C$$ $$Pr_K[M=m| C=c]=Pr_K[M=m]$$

where $$K,M,C$$ are random variables whose dist ...

Score: 0 If $Hash(x)$ is indistinguishable from $Hash(x,a)$, where $x$ is variable and $a$ is a given number? I try to use a sequence of games to prove a scheme is CCA secure. In the final two games, the ciphertexts are $$(c_1^*, Hash(x)\oplus m_b, Hash(x,a))$$ and $$(c_1^*, random, Hash(x,a))$$ respectively, where $$c_1 ^*$$ and $$a$$ can be viewed as given numbers, $$x$$ is a variable and $$m_b$$ is the challenge message.

The advantage of the adversary in the latter game obviously is 1/2, so if the two games are indis ...

Score: 0 Why does ECDSA produce a pair of values in its' signature (r,s)? I was wondering why ecdsa generates a signature in form of a pair (r and s) and why it can't be only one value.

Score: 1 Do I need to change IV in AES-256 GCM when I only use encryption for challenge-response exchange with random string? When I want to use encryption only for challenge-response exchange and not for hiding the contents of an encrypted message, is it still a threat to me not changing IV for new encryption?

For easier understanding why I ask this here is my situation:

I'm using two Arduinos with LoRa transceivers to communicate with each other. One is a bridge connected to the internet and the other is connected to servos ...

Score: 6 Finding large devious primes Call a prime $$p$$ devious if $$(p-1)/2$$ is a Carmichael number. They are called devious since they superficially look like safe primes but are not. In particular, Diffie-Hellman using such a prime could be vulnerable to the Pohlig Hellman algorithm.

Devious primes exist. A small example is $$4931$$. A more interesting example is

$$1947475860046218323 = 2(973737930023109161) + 1 = 2(220361)(1542521)(286 ...$$

Score: 0 Secure multiparty protocols proof and why is a necessary condition? Is there a strict proof for secure multiparty protocols? What do they serve? I mean some have shown the existence for such protocols, but can I use them in order to substitute a mediator in game theory who sends messages to the players? How can I model a process of $$3$$ or $$4$$ players who can play a game wihtout the central mediator and they exchange infroamtion with each other?

Score: 1 Can a nonce be completely random on (simplified) Needham–Schroeder Protocol? From what I've read so far, nonces are random one-time values, which are sent in plaintext in addition to the ciphertext to verify identity of sender/receiver. Theoretically, if the nonce is random, an attacker E can intercept Alice's message which was designated to Bob, and impersonate as Bob by generating a random nonce, without ever communicating with Bob.

So if the request-response protocol i ...

Score: 0 how to break AES why is breaking a (asymmetric) 1024 bit RSA key less difficult than breaking a 128 bit (symmetric) AES key? Breaking RSA key involves finding the prime factors of a large number. What is involved in breaking an AES key?

Score: 1 Why can't we have AES512 or more? Look I know AES256 is ridiculously secure but to keep aes secure even after quantum computers, I have a concern.
Using the Grovers theorem aes can be reduced from 256 to 128 bits for brute force attack which is also pretty strong but I don't want to be limited to it
Is it (atleast in theory) possible to implement aes512, aes1024, etc...
I mean what's stopping us like for 128bit aes we use 10 rounds of ...

Score: 0 Example of exchanging information I am searching for a simle model that can simulate the following procedure.

Suppose that $$i$$ and $$j$$ are two agents that each one obtains her state dependets signal $$s_i(\omega)$$ and $$s_j(\omega)$$. After observing their own signals with probability $$1$$, they do not know anything about the signal that the other agent has, but they do know the common prior $$\pi$$ about the signals, s.t. $$\pi:\Omega\to \D ...$$

Score: 0 How to ensure the data comes from verified source without using asymetric encryption I'm building a project that is remotely controlled using LoRa and I want to ensure, that nobody can imitate my transmitter and send packets to my receiver. Just encrypting sent data is not enough since someone can receive for example packet that opens the door and sent the same one from his transmitter. How do I make it so only I can send authorized packets? Another problem is that it's really likely th ...

Score: 2 Reconstruction of shamir secret shares in the presence of malicious parties Suppose we have a (t,n) Shamir-secret sharing scheme. A value of some computation is shared with n parties where at most $$t-1$$ parties are malicious. What is the best strategy to reconstruct the shares? I believe we can use Reed-Solomon error corrections to retrieve value for upto t<n/3. For t<n/2, we can randomly reconstruct $$k$$ times using $$t$$ shares and check for the value that appears the most n ...

Score: 0 Rabin Cryptosystem: Chosen-Ciphertext Attack I read in literature that Rabin Cryptosystem can be broken using chosen-ciphertext attack. It is described that after chosen ciphertext is decrypted attacker can factorize public key $$n$$ by using square root with probability of $$1/2$$. But in article it is not described how this factorization is done.

If somebody can give some example I would be grateful.

Score: 2  The Cryptography made simple (page 207, under Fig 11.12)(Nigel Smart) say that adversary's advantage of IND-PASS Game is $$Adv1 = 2\times|Pr[b=b']-\frac{1}{2}|$$.
The reason for multiplying by 2 is to normalize advantage from $$[0,\frac{1}{2}]$$ to $$[0,1]$$.

But in this paper (page 5, line 9), the advantage of IND-CKA Game is $$Adv2 = |Pr[b=b']-\frac{1}{2}|$$ which is not normalized and scale is $$[0,\frac{1}{2 ...$$

Score: 2 Program to find the inverse of polynomial Can anyone tell me how to find the inverse of a given polynomial using python programming? Ex: input given is to find the inverse of (x^2 + 1) modulo (x^4 + x + 1). the output should be : (x^3 + x + 1).

Score: 3  I found a scheme for white-box RSA. It seems to protect the input and output of modular operations.
I'm curious about how to analyze the security of this solution.
Does anybody know anything about it?

Score: 2 Shortcut to working out Diffie-Hellman Key Exchange I am trying to calculate Alice and Bob's shared key by hand without the use of a calculator as I feel this is an important trait when progressing into cryptography.

I understand you can use the square and multiply method however we are being taught a shortcut method which I don't quite understand fully.

Question Example:

Alice and Bob use the DH protocol with p = 19,g = 2 and secrets a = 6 and b =  ...

### The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.