Latest Crypto related questions

Score: 2
Junghee Kim avatar
Accumulation Updater for Cryptography
fk flag

I want update in place for sorted element list and proof for accumulator encoding of only element updated. I try to find technique similar to this, but only GCTI pop up and similar methods.

It must get elements in order of sorted list, replace ith element ($e^i$) with update list element ($e'^i$) to make new accumulation with modification. I must need proof so accumulation with update and replaced elemen ...

Score: 2
tonythestark avatar
Check if $F_1(k,x) = F(k,x) \oplus x$ is pseudorandom
vi flag

Let F be a pseudorandom function. Check if if $F_1(k,x) = F(k,x) \oplus x$ is pseudorandom( $\oplus$ is bitwise XOR).

I found this question in a book. I am not sure how to proceed :

$F_1(k,x) = F(k,x) \oplus x \implies F(k,x) \oplus F_1(k, x) = x$

Now do we assume that we know $F(k,x), F_1(k,x)$ ? Because if we do I found x, by xoring these. In general, is there a methodology for proving a function no ...

Score: 1
Marian Valentin avatar
What schemas are possible for the following encryption algorithms?
ug flag

I'm trying to practice and to understand possible scenarios and the basics of symmetric encryption schemes. For the scenarios I listed below, I am not 100% sure of scenarios 1 and 3.

    1. A symmetric encryption algorithm using non-random/predictable IV that is CPA secure. I do not think this scheme is possible. For example, there is the BEAST attack for the TLS 1.0 scheme on AESCBC encryption schemes. Ran ...
Score: 2
Titus avatar
Does encrypting data all at once or in chunks using the AES algorithm makes any difference?
mn flag

Sorry if this is a duplicate but, to be honest, I don't even know how to search for an answer to it.

I'm working in an environment in which I cannot use streams to encrypt data (React Native using the react-native-aes-crypto module).

Unlike Java where I can use something like cipher.update(buffer) (where cipher is an javax.crypto.Cipher instance) here, I will have to encrypt each part individually. ...

Score: 2
Ray Den avatar
DGHV FHE, How is the maximum value of the rightmost term in Lemma A.1 calculated?
gr flag

The proof of Lemma A.1 of the paper "FHE over the Integers" (Page 21-22) states that the absolute value of the rightmost term of

$c=p\cdot (kq_0+\sum_{i\in S}{q_i})+(m+2r+k\cdot2r_0+\sum_{i\in S}{r_i})$

is at most $(4\tau +3)2^{\rho}<\tau 2^{\rho+3}$.

We have $|k|\leq\tau$ and $|r_i|\leq 2^{\rho}$.

In addition, it is mentioned in the paper that $-2^{\rho'}<r<2^{\rho'}$ and $m\in\{0,1\}$. ...

Score: 2
oCriptoPanquer avatar
Self-contained digital certification device
um flag

Does it work if we try to construct a device (e.g., for counting purpose in several remote branches of a company) using a self-containing digital signature key enclosed in a tamper-proof hardware to make sure that the operations transcript of that function could be verified? (the transmitted report/transcript of the counting will be signed by the internal tamper-proof hardware)

Is there any conce ...

Score: 2
Elliot Solskjaer avatar
Generating an IV from a constant seed and predictable salt larger than the value space of the IV
sa flag

I am planning to encrypt multiple values using a 16 byte IV that I'm generating from the below scheme. My seed is a 32 byte value generated from hashing a password and salt is an 8 byte counter (i.e. salt is easy to predict for an outside observer).

iv = sha256(seed, salt)[0:16]

Intuitively this should be equivalent to randomly generating IVs, as I am mapping 32 + 8 = 40 bytes of possible values seed/sal ...

Score: 2
mathd avatar
Encoding a message as points on elliptic curve
cn flag

I want to encode my plaintexts as points on some given elliptic curve $E$ defined over a finite field $F_q$. Suppose I want to use Koblitz's method. Does the size of the message I want to encode matter? Can I encode the message in the size I want? What should I do with very long messages?

Score: 1
Request for Bilinear pairing numerical example
jp flag

The definition of Bilinear pairing is shown hereenter image description here

Could you given an simple numerical example of Bilinear pairing? It would be very helpful for me to understand

Score: 1
Gogu123 avatar
Django password hashes in database
bj flag

can someone explain to me why django saves the hash in the database asargon2$argon2id$v=19$m=102400,t=2,p=8$... and not $argon2id$v=19$m=102400,t=2,p=8$...?

Score: 3
LianoQ avatar
AES first and last round key whitening
bi flag

I've found this question from 2014 on Key Whitening: How exactly does key whitening manage to increase security? where is said that AES applies key whitening internally by adding a sub-key prior to the first round and after the last round.

Isn't key whitening applied to each round in AES?

Score: 1
phantomcraft avatar
Encrypting an IV with XEX using a block cipher and XORing on the plaintext: Is this scheme valid?
pf flag

I had an idea to make XEX mode parallelizable at CPU level.

Let's suppose I take an IV, XOR with random data, encrypt, XOR again with another data, and XOR on the plaintext

Would this encipherment scheme be valid? Would it be secure?

Score: 2
void_117 avatar
If rabin signature uses a hash function then why cant we use that hash function to sign a message?
mr flag

About Rabin Signature link

According to this paper, the person who wants to sign a message M first appends a random byte string U.
=> M_new = MU Then uses a compression function to get c = Compression_function(MU)
Then solves the equation for x, x(x+b) mod n = c mod n.

Then the signature is (U,x) pair.

My question is why cant we just use c as a signature?

I Assume that 'compression_function' is ...

Score: 1
akasaka avatar
Identifying an encryption algorithm and/or writing an encryption function
nf flag

I am currently trying to reverse engineer a piece of software that uses a seemingly-custom encryption algorithm.

After disassembling the decryption part of the code, I've come up with the following code that decrypts the data file just as well as the original software:

void decrypt_one_run(uint8_t* four_bytes_to_decrypt, uint8_t* four_bytes_key) {
    uint8_t local_buffer[4] = { 0 };

    for (int i = ...
Score: 2
Can elliptic curve groups be used for commutative encryption?
jp flag

In trying to implement mental poker, can all players agree on a standard set of 52 points on the curve corresponding to each card, and then to "encrypt" a card you just multiply it by a scalar which is your encryption key? (and to decrypt, multiply by the scalar's inverse modulo the group size)

Score: 2
Konrads avatar
Can I use last N blocks of AES-CBC +IV as hash?
in flag

Suppose I want to take advantage of hardware accelerated symmetric encryption like AES and use it to compute a “hash”. How collision resistant would it be if I’d take the IV + last N blocks of an AES CBC transformation and use it as my hash. What would be good Values for N?

In my hypothetical use case I am not immediately concerned about adversarial inputs / pre image attacks.

Score: 2
fjarri avatar
A variation of Sieve of Eratosthenes for random pseudoprime number generation
st flag

I wasn't sure if this question is more suited for SE.Math or not; please tell me if I should move it.

For its mpz_nextprime() function (find the next pseudoprime following the given number) GMP uses an interesting variation of the Sieve. In order to weed out multiples of small primes before applying slower tests (Miller-Rabin and Lucas), it first generates a table of residues of the "base" number. The b ...

Score: 1
NewbieBoy avatar
Deal with large number
fj flag

I'm having a problem in a RSA challenge. I already had p, and q is calculated based on p.

(100000000**(p-1) -1)%p

q is the nearest prime to this number.

I knew that my comp will take a huge time too compute this (Don't know what time it would take). So can you guys suggest some ways to deal with this large number. Many thanks!

Score: 1
anon1234 avatar
Construct a OWF using two functions $f : X \rightarrow Y$ and $g: X \rightarrow Y$
sc flag

Given two functions f,g we have to construct h; such that h is one way function. Either f or g is a one way function. We don't know which one is a one way function. Both f and g are defined over X-> Y

Score: 3
Kirill Tsar. avatar
What does break with "usual" classical security reductions in quantum setting?
cn flag

OK, so I know that this is somewhat really basic in "post-quantum discourse", but unfortunately I did not find any textbooks/entry level papers specific to the topic of reductions in the quantum setting. It seems that there are two main caveats regarding quantum adversaries:

  1. The possibility to ask a "superposition query" => hence, no "off-the-shelf" way to lazy sample functions.
  2. The inability to clone ...
Score: -1
Mike avatar
Attack on cipher that adds modulo FF output of two LFSRs (LFSR-12 and LFSR-19)
bq flag

LFSR-12 with poly $x^7+x^2+1$ and LFSR-19 with poly $x^{11}+x^5+1$ are used to produce 8 bit of output each, output is then added together modulo FF

(LFSR-12+LFSR19)mod FF

I know first 8 bytes (-> 8 cycles of registers) of this sum. I am pretty sure there is better solution than just brute force - which is currently running on my pc;-)

I would appreciate any hints on this.

Though about algebraic at ...

Score: 1
LianoQ avatar
AES Decryption - Expand Key/First Roundkey
bi flag

I am wondering how to use and expand keys during the Decryption.

Let’s say we have an initial key (128bits): 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70

So we get: w[0] = (61 62 63 64), w[1]=( 65 66 67 68),w[2]=( 69 6A 6B 6C),w[3]( 6D 6E 6F 70)

Then with the g () function, we get:

  • Circular byte left shift of w[3] = 6E 6F 70 6D
  • Byte substitution using the SBOX
  • Adding round constant for the rou ...
Score: 4
Lt. Commander. Data avatar
How can Garbled Circuits be utilized to reduce the round complexity of GMW?
cl flag

I've been reading this set of notes on some topics in MPC and am having difficulty understanding the transformation the authors make in order to reduce the round complexity of the GMW protocol through applying garbled circuits. In particular, the goal is to make the round complexity of GMW independent of the depth of the circuit being evaluated and instead let it be dependent on $\kappa$, the securi ...

Score: 1
Cristie avatar
Is the xor of a prg and a function still a prg?
hm flag

I have this couple of deterministic functions $G_1$ and $G_2$. Suppose at least I of them is a PRG. Take $G^*=G_1(x)$ xor $G_2(x)$ with the same $x$. I have to show whether this is still a PRG. I thought about this counterexample: if $G_1=G_2$ then $G^*$ cannot be a PRG but my teacher said then $G^*$ isn't interesting.

What should I do?

Score: 3
P_Gate avatar
Question about Theorem 2 in CRYSTALS-Kyber Paper
mq flag

I have some questions about the Kyber paper, especially about Theorem 2 on page 6, which I would like to ask here. First of all I quote the following theorem from the paper and ask my questions afterwards.

Theorem 2. For any adversary A, there exists an adversary B such that $Adv_{Kyber.CPA'}^{cpa}(A) \leq 2 \cdot Adv_{k+1,k,\eta}^{mlwe}(B)$.


  1. My first question is about the definition of $Adv_{ ...

Score: 4
phantomcraft avatar
What would be the maximum acceptable block size for disk enryption?
pf flag

AES-256 in XTS mode has 32x16 (512) bytes of blocksize but there are some other wide-block modes of operation such as WCFB which accepts any block size.

My question is:

What is the maximum acceptable block size for disk encryption? "Acceptable" is ways of not having too much cons.

Score: 1
HankCa avatar
Understanding seed phrase, private key, wallet addresses
pt flag

I have a question about Cryptocurrency wallets like Metamask (soft) or Ledger (hard).

How is a 12 or 24 word seed phrase enough to show the same crypto addresses in any crypto wallet that supports the same standard (ie. BIP-39). Can someone unravel this for me / us?

Would it be this:

  • seed phrase with its 2048^(12 or 24) combinations is used to encrypt a private key
  • that private key can decrypt yo ...
Score: 1
phantomcraft avatar
Can the encryption with CTR mode be replaced by a publicly known unkeyed permutation when doing multiple encryption and keeping the IV secret?
pf flag

A user of this forum answered in one of my questions and said that if the IV is kept secret in multiple encryption with CTR mode, the cost of breaking the scheme is $${2^{2 l_{key}}} 2 \cdot {2^{l_{iv}}}$$

Can the encryption operation in multiple-encryption with CTR mode be replaced by a non-cryptographic operation assuming the IV is kept secret?

I'm questioning this because I took a look in the  ...

Score: 1
vquest avatar
What qualifies as a key?
us flag

For my own project and the fun of it I have created an algorithm that turns plain text into cipher by interacting between entered text and a given password. My question is, in this instance, does the password count as what is known as a key, or is a key something entirely different?

Score: 14
fjarri avatar
Why does GMP only run Miller-Rabin test twice when generating a prime?
st flag

In mpz_nextprime(), after some sieving with small primes, an MR test function is called, with the number of trials set to 25 (https://github.com/alisw/GMP/blob/master/mpz/nextprime.c#L118):

      if (mpz_millerrabin (p, 25))
        goto done;

But then in mpz_millerrabin(), for large enough candidates (candidates bigger than $31\times2^{46}$), the number of trials is suddenly reduced to 1 (https://githu ...

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.