Join Log in

Latest Crypto related questions

Score: 1
MichaelW avatar
How is point addition for points of elliptic curve in $\mathbb{F}_p$ carried out technically?
in flag
MichaelW

From a very basic introduction text to elliptic curve cryptography point arithmetic is derived from "standard analysis": The (negative) sum of $P_1$ and $P_2$ is defined as the Point $P_3$, which is on the line connecting $P_1$ and $P_2$: enter image description here

From that it is derived

enter image description here

In real numbers I would understand that completely. But typically, ECC is carried out within a finite (prime) field $\mathbb{F}_p$.

How sha ...

Crypto elliptic-curves finite-field
Score: 1
HMAC data and key swap
au flag
zugzwang

In some contexts (HKDF (RFC-5869 sec 2.2) and Bitcoin's BIP32 (master key generation)), I have seen the key and the data swapped for HMAC. E.g., let HMAC be a function $h:\{0,1\}^c \times \{0,1\}^b \to \{0,1\}^c$ (usual notation) defined for a key $k$ and data $m$ as $h(k, m)$. Well, some people let $k$ be a fixed public value (for instance, Bitcoin seed), and encode secret bytes in $m$.

I underst ...

Crypto hmac
Score: 1
J. Doe avatar
If RSA uses $e$ with $\gcd(e,\phi(N))\ne1$ but $e$ is hard to factorize has an adversary still an advantage in finding $d$ for $m^{ed}\equiv m\mod N$?
at flag
J. Doe

Usually RSA uses an encryption exponent $e$ with $\gcd(e,\phi(N))=1$.
This question shows why that need to be the case: For $\ne1$ there might exist no decryption exponent $d$ because other $m'\ne m$ can exists with $m^e \equiv (m')^e \bmod N$.

However if we produce our $m$ like: $$m = m_0^{e} \mod N$$ or more general $$m = m_0^{e^{r_1}\cdot r_2} \mod N \tag{I}$$

We can always (except some special c ...

Crypto rsa number-theory complexity security-definition modular-arithmetic
Score: 1
TLS 1.2 client finish message
pk flag
Aiin Zul

Im working on TLS1.2 on cipher suite ECDHE_ECDSA_AES_128_CBC_SHA256. Im currently at the stage of client encrypted message where I always got error on wireshark from the server saying that Fatal, Description : Handshake Failure. So from what I have done my research, the contain for this client finish message suppose to go through these steps :

  1. 1 byte of handshake type : finish = 0x14
  2. 3 bytes of data_v ...
Crypto aes tls sha-256
Score: -4
Cinolt Yuklair avatar
The Superiority of Decentralized Credit
br flag
Cinolt Yuklair

First and foremost, I am NOT trying to sell or promote any paid service or product whatsoever. The purpose of this post is to invite discussion about a fundamentally different approach to how we view systems of currency.

Decentralized credit is an extremely simple yet extremely effective system of currency, which I believe to be vastly superior to any other system of currency, including those bas ...

Crypto public-key signature cryptocurrency
Score: 1
Krakhit avatar
regarding MDS matrix and security
kg flag
Krakhit

I found a construction for MDS matrix (algorithm 4 of https://eprint.iacr.org/2020/1143) for a hash function that compresses elements in a prime field $F_p$

If the hash has a rate and capacity $(r,c)$ and $m = r+c$. It proceeds as

  1. Identify a primitive root of unity $g$ in $F_p$.
  2. Write a Vandermonde Matrix $V[i,j] = g^{ij}$ where $ i=0,1,\ldots m-1$ and $j=0,1,\ldots 2m$
  3. Reduce it to a row echelon  ...
Crypto hash mds
Score: 1
Ron avatar
Working with Paillier and ECDSA - Order issue
sm flag
Ron

I'm trying to implement two party computation for ECDSA signing using Paillier cryptosystem.

But my problem is that the order of Paillier is different from the order of the curve (secp256k1 in my case) so when I multiply two scalars in Paillier and then I decrypt them they are in a different order than the rest of the parameters.

Concrete example:

Paillier order - N
ECDSA order - Q

Alice got her secretK ...
Crypto elliptic-curves multiparty-computation signature dsa paillier
Score: 0
Varalaxmi avatar
Which of the algorithms have better performance for embedded system
ke flag
Varalaxmi

Which of the algorithms have better performance for embedded systems(HMAC,CMAC,CBC CMAC,AES CMAC, CBC CMAC AES, OMAC, POLY1305 MAC)?

Crypto cryptanalysis embedded
Score: 4
Archies avatar
Why are binary extension fields preferred for Shamir secret sharing?
in flag
Archies

It is known that Shamir's secret sharing works over any finite field but I don't get it why binary extension fields are preferred?

Crypto finite-field secret-sharing
Score: 3
How to solve LWE/RLWE under partial information about $s$
us flag
frost.crystal

For LWE/RLWE, it's difficult to find $s$ from $\left(A, b = As + e\right)$. But if the partial information of $s$ is leakaged, such as partial $s$ or parity of $s$, how easy would it become to solve LWE?

I don't know much about the algorithm for attacking LWE/RLWE, if there is some relevant literature recommended that would be great.

Crypto lattice-crypto attack lwe ring-lwe
Score: 0
Omer avatar
What E means in Diffie Hellman protocol?
eg flag
Omer

I was looking for an example of protocol to verify user's identity using Diffie Hellman which works like this:

  • client sends: $g^x$, ID-Number
  • server responds with: $g^y$, $E_H_{pwd} challenge$
  • client responds with: challenge

I understand that g^x, g^y are Diffie Hellman keys, plus it's given that H is a hash function and pwd is the user's password but what does E mean here?

enter image description here

Crypto encryption diffie-hellman
Score: 1
mval avatar
Minimal, secure and reasonably efficient P384 implementations
nl flag
mval

For a project I'm working on, I need to implement ECDSA over the NIST P-384 curve (AKA secp384r1). For what it's worth, the choice of curve is beyond my control in this particular case.

While I already have a working implementation, and this is (so far) just a low-stakes pet project, I was wondering how I could take care of this in the most effective way, especially for the signing part. Rough wish list: ...

Crypto implementation elliptic-curves

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.