Latest Crypto related questions

I'm told that TLS 1.3 supports only non-committing authenticated encryption schemes. What is a non-committing authenticated encryption scheme? What is the difference between committing and non-committing authenticated encryption schemes? What are the pros and cons?

In the traditional 1-out-of-n OT, we suppose Alice has an array $A=\{x_1,{\cdots},x_n\}$ and Bob has $idx=i\in\{1,{\cdots},n\}$. After running the OT, Bob leans $x_i$ and nothing else, Alice learns nothing about $i$.

So, my question: is there a "shared" variant of 1-out-of-N oblivious transfer?

We consider the array and the queried index are secret-shared between Alice and Bob (e.g., additive secret shar ...

This paper On Ideal Lattices and Learning with Errors Over Rings proposed RLWE which is Ring and hence efficient version of LWE problem. My question is that they considered cyclotomic polynomials for modulus. I am not sure why cyclotomic polynomials are used and what extra advantage we get by using them?

How to caculate the inverse of function $x^3$ in $\mathbb{F}_{2^n}$?, Any monomial $x^d$ is a permutation in the field $\mathbb{F}_{2^n}$ iff $gdc(d,2^{n}-1)=1$,why?

I am reading the 800-90B document. In particular, I'm looking at Chapter 5, the chapter on checking that samples conform to IID. There are 11 tests such as Excursion Test Statistic and Number of Directional Runs. All these tests can be performed on binary data as well as non-binary data.

In the case of some tests, in the case of binary data, the test is performed through conversion in one of two  ...

The S-box is defined as the generalised inverse function $S:\mathbb{F}_{2^n}\rightarrow \mathbb{F}_{2^n}$,in quotient ring $\mathcal{R}:=\mathbb{F}_{2^n}[X]/(X^{2^n}-X)$ with $S(x)=x^{-1}$, is correct $S(X):=X^{2^n-2}$. But the Euler's theorem says $x^{\varphi(n)}\equiv1\pmod{n}$,so the answer is $x^{\varphi(n)-1}=x^{2^{n-1}-1}\equiv x^{-1}\pmod{n}$,why is $S(X):=X^{2^n-2}$

RSA challenge is well-known and it has a wiki page https://en.wikipedia.org/wiki/RSA_Factoring_Challenge.

Is there a discrete log for $\mathbb F_p$ where $p$ is Sophie-Germain prime?

I remember reading somewhere that sometimes in some stream ciphers it is necessary to skip the first values they produce. I can't find any information on this right now.

But it seems to make sense. Just as a hash function needs to do many rounds before it returns a random result, the CSPRNG needs some number of iterations so that seed and key information cannot be obtained from the first results. ...

This is a question related to homomorphic inner product as discussed here: Inner product with homomorphic encryption

I browsed through the recommended papers and I have just a major Stumbling block in my understanding.

Why can't a simple bilinear map of two points and the resulting target group suffice to implement an encrypted form of the inner product from two encrypted inputs?

On p.2, Example 1.1 (in this paper), there is a description of a coin tossing protocol with bias 1/4. In the paragraph below the example, they note that for a protocol with $r$ rounds (assume for the sake of clarity it is $poly(n)$) there's a bias of $\frac{1}{r}=\frac{1}{poly(n)}$.

I am quite new to Cryptography, and since the paper they cite in this context is quite old and very different to their examp ...

If $P$ and $Q$ are two points on an elliptic curve of large prime order, given $P, Q$, and a point $R$ which is either (a) $nP$ or (b) $nQ$, is it possible to determine if $R$ is of form (a) or form (b)? Here $n$ is a secret.

I'm looking for a non-invertible bijective function mapping a 64bit value into another 64bit value.

I can't use a hash because it isn't bijective.

Could this be done with public key cryptography ? The key and function may be big. It's just the data that would be small. I would destroy the private key as I never need to decipher.

Since the application is distributed, using a public key or equivalent wou ...

I have to write an essay on the paper ad hoc multi-input functional encryption, and can't understand the security definition. In a nutshell it is a primitive that allow sources to supply encrypted data, such that at any point a dynamically-chosen subset of sources can allow an agreed-upon joint function of their data to be computed by the aggregator.

Syntax description:

Security definition:

I ...