Latest Crypto related questions

Section 3.3.5 of the paper “Schwaemm and Esch: Lightweight Authenticated Encryption and Hashing using the Sparkle Permutation Family” (the link to PDF can be found in this page) contains the following text:

Alzette provides very fast diffusion. In particular, all outputs bits depend on all the input bits after 4 rounds, though this dependency can be very weak. After 8 rounds however, we have that  ...

so I wanted to ask something since I just learned about cryptography. Here where I have the task to write an essay on cryptography and the title I have to do is introduction digram analysis. However, I did not find any information about digram analysis. What I know is this digram analysis is used on stream and block ciphers. Can anyone explain in more detail what is digram analysis? are Bigram and Digra ...

I am working on implementing ECDH with some HSM. According to the theory behind ECDH, the generated shared secret is a point on the elliptic curve (x, y) which is exactly what is returned by the HSM.

But when I test with SoftHSM via PKCS#11 library, the ECDH function returns a symmetric key directly even with KDF parameter set to null. I did some research and found that some bytes of the shared s ...

The multiplicative inverse in AES s-box is transformed using the following affine transformation:

$s = b \oplus (b \lll 1) \oplus (b \lll 2) \oplus (b \lll 3) \oplus (b \lll 4) \oplus 99_{10}$

Where did the number 99 come from? For what purpose is it there?

I'm asking, because I'm trying to generalize it in $GF(2^{128})$. So I would like to find a similar number if we would operating in $GF(2^{128})$

I have a branching in c++:

if (x & 1)
{
    x = function_1(x);
}
else
{
    x = function_2(x);
}

If function_1 and function_2 are constant time and it takes the same time to compute them, is such branching still vulnerable for side-channel attacks? Can attacker somehow know which condition was executed?

I'm currently reading this How To Simulate It – A Tutorial on the Simulation Proof Technique.

On p. 10, there is a proof using simulation for 1/2-OT, against semi-honest adversaries. Briefly, the player $P_1$ holds the messages $b_0$, $b_1$ and the player $P_2$ hold the choice bit $σ$. Since $P_1$ has no output, it creates a simulator (p.11 bottom - p.12 middle) that simulates the $P_1$'s view. For ...

In this question one way is shown how to prove the possession of a private x25519 key. Would the following protocol also be suitable to prevent someone from using the client as a decryption Oracle?

1. Server generates some 'nonce' and an ephemeral x25519 key pair. The sever sends the nonce and the public x25519 key to the client.
2. The client derives with his private x25519 key and the public x25519 ke ...

I'm falling in the black-hole of NIZK :) and I'm almost getting lost. Is this survey a reliable bird-eye view of the field?

https://www.hindawi.com/journals/tswj/2014/560484/

I ask because I don't know the editor, and not knowing the topic I cannot judge it.

Second part of the question: I loved the book Foundations of Cryptography by Oded Goldreich but I feel non-interactive ZKs are just introduc ...

The documentation for Ed25519-dalek states the following for Secretkey:

The caller is responsible for ensuring that the bytes represent a masked secret key.

https://docs.rs/ed25519-dalek/0.3.2/ed25519_dalek/struct.SecretKey.html

What does a masked secret key mean in this context?

Suppose that we have a symmetric 256-bit master key, and we want to encrypt using AES-GCM with random IVs. I understand that with random IVs, the lifetime of the master key is 2^32 in order to conform to NIST requirements.

Let's assume that we want to increase the lifetime of the master key. Can we do this by adding a key derivation step before the actual encryption? Assuming that we use the mast ...

I'm writing my term paper on bandwidth restrictions between varying generations of PCI-E lanes using the 1x interface of the lane and exploring modern bandwidth restrictions when mining using the latest GPUs.

GPU risers themselves use the 1x lane and I've been looking at the PCI-E wiki to analyze these restrictions: https://en.wikipedia.org/wiki/PCI_Express

Now I know my Motherboard supports PCI-E 2.0 ...

The purpose of a block cipher is to act like a random permutation, and indeed a common security definition is one in which the block cipher is taken to be indistinguishable from a random permutation (see Wikipedia). So then why not use a random permutation as a block cipher? That is, the secret key could just be a list of $2^n$ random pairings (for $n$ bit block) between input (plaintext) and output (c ...

I've been trying to make an algorithm work like the real Enigma machine, fully customizable. I use two online emulators to check that my encoded message is correct :

• https://cryptii.com/pipes/enigma-machine
• https://www.101computing.net/enigma-machine-emulator/

Currently, without the plugboard, it seems that it works correctly... until some weird rotors configuration happens. So here is the exact setu ...