# Latest Crypto related questions

Score: 0
Faking Pedersen Commitment

Today, I found a website for Pedersen commitment scheme; however, the generators g and h are not independent and therefore a prover can open a commitment c into many ways. I computed the commitment c for a message m and a randomness r (assuming that I know s):

c  = g^m * h^r

= g^m * (g^s)^r

= g^m * (g^(s * r))

= g^(m + s * r)


Say, I have committed to the message m, randomness r, and the c ...

Score: 1
What is the difference between "Elliptic Curve Function" and "Hash Functions" like SHA256?

I am reading about bitcoin and I am a little confused about "elliptic curve function" and "SHA256". Do they have the same properties? Can both be used to generate private and public key pairs?

Score: 1
How to speed up Shamir secret share generation?

Let us say we have to generate Shamir's secret share for n data points. Is there a way to speed up the implementation apart from using Horner's rule for the polynomial evaluation?

Score: 0
Perfect secrecy of the reverse of a crypto system that has perfect secrecy

I am trying to solve a problem that reads as follows:

Let $$E_1 = (\text{Gen}_1, \text{Enc}_1, \text{Dec}_1)$$ be a crypto system that has perfect secrecy. Denote the message space $$\mathbb M_1$$, the key space $$\mathbb K_1$$ and the cyphertext space $$\mathbb C_1$$ ($$\mathbb M_1=\mathbb C_1 = \mathbb T, \mathbb K_1 = \mathbb K$$). Let $$E_2 = (\text{Gen}_2, \text{Enc}_2, \text{Dec}_2)$$ be a crypto system ...

Score: 1
Is Diffie-Hellman less secure when A and B select the same random number?

I understand that it is feasibly impossible for A and B to select the same random number, given the large input space, but what if it does happen? Does it effect the security of the key exchange? Can an attacker determine that the same keys were chosen?

Score: 5
Can an authenticated encryption scheme detect if wrong key is used?

Can an authenticated encryption scheme (like AES-GCM) detect if a wrong key is used for decryption? If not, what is the standard way to check whether the entered key is indeed correct. I presume KCVs can be used for this but does this somehow leak any information about the key?

Score: 2
What's an algorithm for laypeople to make personal passwords

I'm going to be teaching an audience about algorithms. I'd like to give them one to create unique personal passwords for websites.

1. They could start with the domain name of the site and their own secret "word".
2. The algorithm would be simple enough to memorize. Failing that, they could sketch out my flowchart on the back of a business card or something else that fits in a wallet.

There are similar q ...

Score: 1
What are the lower computation and memory cheap fractal symmetric encryption algorimths?

I would like to know about encryption schemes that are based in Fractal theory, while they have decent security and are pretty fast.

Score: 3
Why is confusion and diffusion never talked about in asymmetric crypto?

While talking about symmetric encryption schemes like AES we always have a goal of achieving confusion and diffusion. But when it comes to asymmetric encryption schemes like RSA, DH etc. we never talk about diffusion and confusion.

Is it known that modular arithmetic and prime arithmetic ensure confusion and diffusion?

Is there any literature that dives into the information theoretic analysis, in te ...

Score: 5
Post-quantum algorithms and side channel attacks

I am studying finalist algorithms of NIST Post-Quantum Cryptography Standardization. I noticed that almost all third party cryptanalysis papers consist of side-channel attacks. Why are classical cryptanalysis methods -algebraic, mathematical attacks etc.- more effective on classical algorithms than post-quantum algorithms?

In addition, I know that mathematical problems behind post-quantum algorit ...

Score: 0
KP-ABE Key Generation

In Key Policy Attribute-based encryption if we need a targeted broadcast where the set of attributes are the same for a group of users. It means they all share the same secret key right? Or is it that every user needs to have at least 1 attribute value different from all other users.

Example: If I need to encrypt a message to everyone who is a researcher in CS then attribute= researcher dept=CS.  ...

Score: 3
What does the bounded storage model mean?

In the bounded storage model, it assumes the storage of the adversary is bounded or limited, and thus it is possible that we can achieve a kind of cryptography without relying on hardness assumption. But what does it mean by "bounded storage"? Should it assume the length of the message is always too long for any computer on the earth to store? So can I conclude that the cryptographic scheme that replies ...

Score: 2
Node.js uuid.v4 vs crypto.randomUUID. Which implementation is more cryptographically secure?

For a long time I've used the uuid npm package for my v4 uuid needs. It seems in recent versions of node they have introduced a built-in crypto module with the method randomUUID.

Some benchmarks have been done to show crypto.randomUUID is much faster than uuid.v4 (roughly 3x +).

However I can't find any information about how the implementations differ (if at all) in terms of how they choose random num ...

Score: 1
What are the expected values of a particular rotational-XOR property of a sequence of random bitstrings?

Assuming that $$x$$ is a sequence of $$l$$ bits and $$0 \le n < l$$, let $$R(x, n)$$ denote the result of the left bitwise rotation of $$x$$ by $$n$$ bits. For example, if $$x = 0100110001110000$$, then $$\begin{array}{l} R(x,0) = {\rm{0100110001110000}},\\ R(x,1) = {\rm{1001100011100000}},\\ R(x,2) = {\rm{0011000111000001}},\\ \ldots \\ R(x,15) = {\rm{0010011000111000}}. \end{array}$$

Let $$A \oplus B$$ denote th ...

Score: 0
How does AES-256 works if AES is only a 128-bit block cipher?

I'm currently studying AES encryption and I'm quite confused on how do we use a 256-bit key in AES?

Becuase in my understanding, AES no matter what the key size is, it still operates and encrypt a 128-bit block of message only in the whole cycle/rounds until it reaches the end.

well for AES-128 we use a 128-bit key that is total of 16 byte char, and that can be represented by a 4x4 matrix, and most  ...

Score: 0
IBE for Access Control

What makes IBE (Identity-based Encryption) unsuitable for Access Based mechanisms? What are the attempts made for using IBE for access control?

How does the concept of ABE (Attribute-Based Encryption) sort out the issue?

Score: 3
No Final subtraction in Word-level Montgomery Multiplication

I am trying to make an RSA module in VHDL, which in turn will be deployed to an FPGA. I am trying to implement a full Montgomery algorithm which means that I am working with the Montgomery Exponetiation algorithm, and the Montgomery Multiplication algorithm. Mostly my tests consists of generating random numbers (keys, modulus, r, messages) that I use to perform encryption/decryption. If the original mes ...

Score: 0
Does hash-then-sign provide confidentiality?

Suppose I use the hash-and-sign paradigm and reveal a signature on the message digest $$\sigma(H(m))$$. Would just revealing this signature violate message confidentiality (assuming H is one-way and collision resistant)?

Score: 1
Which passphrase length is good so it's hard to break bitcoin's PBKDF2 key?

To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The le ...

Score: 0
Is there a way to ensure that the signer has generated a valid (message, signature) pair without seeing the message?

Suppose Alice sends message $$Enc(k_{AB}, m)$$ to Bob where $$k_{AB}$$ is the common symmetric key. Next Alice sends a signature of $$H(m)$$ $$\sigma_{sk_A}(H(m))$$ signed under her private signing key $$sk_A$$ to Eve, where H is a secure hash function. Then, Bob decrypts the message and sends it to Eve where she verifies it with the signature. Here, either Alice or Bob can be malicious. If Bob is malicious, he g ...

Score: 0
Encryption mode of operation with lowest malleability/not vulnerable to bit flip attack?

I am trying to choose a mode of operation for encryption which does has the lowest malleability and is specifically not vulnerable to a bit flip attack. My understanding is that PCBC is the only mode which makes the rest unreadable, therefore is the best option?

I do not want to apply any message authentication at this stage.

Thanks!

Score: 1
Comparing complexity of RSA decryption with/without CRT

(Cross-listed on math stackexchange, received no replies) For context, this is a homework question from an assignment already turned in. I am looking for better understanding of the concepts involved, mainly complexity theory since I have not seen it before outside this class (and prior knowledge was assumed).

I am asked to evaluate the complexity of RSA decryption with and without using CRT, wit ...

Score: 1
Why Zk-SNARKs are Argument of Knowledge if a Knowledge Extractor exists?

From what I know, proving the existance of a Knowledge Extractor implies perfect soundness.
So why in zk-SNARKs (and similar) we talk about Arguments of Knowledge, where the soundness property is only computational (a.k.a, secure only from computationally bounded Provers), if a Knowledge Extractor also exists? Am I missing something? Maybe a Knowledge Extractor can be proven in different "levels" of ...

Score: 1
How are probabilities combined in the game hopping proof technique?

I'm currently studying a paper (Sequences of Games: A Tool for Taming Complexity in Security Proofs) on proving semantic security using the Game Hopping technique by Victor Shoup.

On pages 9-11, he is using a sequence of three games, $$Game 1$$, $$Game 2$$, and $$Game 3$$ to deduct the semantic security of Hashed ElGamal to DDH and entropy smoothing assumptions. How does he combine the three probabilitie ...

Score: 0
Are zk-STARKs a Sigma protocol? Is the communication interactive? And other doubts
1. I've heard that STARKS are not a non-interactive protocol, if so:
• What is (briefly) the mechanism they use to operate?
• Can they be considered a Sigma protocol?
• Why SNARKs are not interactive, instead?
1. Is it correct to state that STARKS are quantum-secure and they don't need a trusted setup because they are defined in the random oracle model, and they use a hash that is collision resistant and this i ...
Score: 0
Is Diffie-Hellman Key Exchange an Asymmetric or Symmetric Algorithm?

To my understanding, the DHKE algorithm is symmetric since it only produces a shared secret, rather than public and private keys, however googling "is diffie hellman asymmetric?" results in the following:

Based on public key cryptography, the D-H algorithm is a method for securely exchanging a shared key between two parties over an untrusted network. It is an asymmetric cipher used by several protocols  ...

Score: 0
Is hashing random numbers generated from a TRNG enough to create a key?

Is hashing random numbers generated from a TRNG enough to create a key?

Basically taking the output of something like a Lavarand and pass that through a hash function like sha-2.

I guess at the end of the day the core of my question is, can an hash function be used as a pseudorandom number generator?

Score: 1
Would it be any good to create a new cryptographic hash function?

Would it be beneficial to create a cryptographic hash function for more security. A cryptographic hash function is pretty much a pseudorandom string generating algorithm and it can easily be made difficult to break by increasing the number of possible hashes that can be generated.

## Why make another cryptographic hash function

I want to hash passwords in a database such that the attacker cannot find ...

Score: 0
Does using ECB mode of Vigenère cipher on files (no plain text) with a key of 10,000 byte(char) is secure in today's standard?

Hi I'm fairly new to studying cryptography and I'm just curious about the security of Vigenère cipher.

Given today's powerful super computers, how secure/unsecure does Vigenère cipher can get?

let us say we will only use Vigenère cipher with the following requirements:

• encrypt only non-text files
• only use keys that has byte character > 10,000
• use ECB mode of encryption

Is there a way for today's  ...

Score: 1
Berlekamp massey possibly wrong SAGEMATH

This is in context with the inbuilt berlekamp_massey function in SAGEMATH.

While computing the minimal polynomial of the sequences using the Berlekamp Massey function, I have felt that the Berlekamp Massey function in Sagemath is so designed that it requires the periodic sequence to be repeated twice for correct results. Considering the problem of computing the linear complexity of the periodic s ...

### The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.