Latest Crypto related questions

A simple question. How can I proof the next polynomial reduction? : $DH’ ≤_{p} SQ$

where DH': given $g^{a}$ and $g^{b}$, compute {$g^{ab}$,$yg^{ab}$} where $y= g^{d/2}$, d is the order of cyclic group G.

and SQ: Square Diffie-Hellman (SDH) given $g^{a}$ , compute $(g^{a})^{2}$

RFC 4880 section 5.2.3.16, "Notation Data," describes how arbitrary additional notations in the form of name-value pairs can be included in an OpenPGP signature packet. Regarding names, it says the following:

Notation names are arbitrary strings encoded in UTF-8. They reside in two namespaces: The IETF namespace and the user namespace.

The IETF namespace is registered with IANA. These names MUST ...

Suppose that we have a block cipher such that the last round of the cipher depends on half of the key and the penultimate round uses the other half. Suppose also that I attacked the last round using differential cryptanalysis and reduced my search space from 2^8 to 2 choices for each byte of that half of the key.

One way to conclude the attack would be to execute bruteforce on the remaining key s ...

I'm trying to implement the RSA algorithm with some random (valid as far as I know) generated values but for this combination, encryption/decryption doesn't work.

message = 324
p = 3
q = 29
n = 87
e = 15
d = 15

Which give both and encrypted and decrypted answer of 63

I'm guessing I made and error while generating the values but I don't exactly know where.

I know e and d shouldn't be equal for security re ...

A collection of hash functions $H=\{h:\{0,1\}^n \to \{0,1\}^m\}$ is pairwise independent if for every $x_1 \neq x_2 \in \{0,1\}^n$ and $y_1, y_2 \in \{0,1\}^m$:

$$ \Pr_{h \leftarrow H}[h(x_1)=y_1 \wedge h(x_2)=y_2]=\frac{1}{2^{2m}} $$

Given a finite field $\mathbb{F}$ of size $2^n$ I've been able to prove for the set of hash functions: $\{h_{a,b}: \mathbb{F}\to \mathbb{F}\}_{a,b \in \mathbb{F}}$ w ...

I am currently reading about Trapdoor Permutations (TDP). While I can totally understand and think of examples of TDP. I cannot think of any examples of Enhanced TDP. The definition of both TDP and Enhanced TDP is given below :

Standard Trapdoor Permutations Collection : It is a collection of finite permutations, denoted $\left\{f_{\alpha}: D_{\alpha} \rightarrow\right.$ $\left.D_{\alpha}\right\}$ ...

I can't really wrap my head around it. So given a hash algorithm which always produces a 12 bit array. How would I calculate the count of unique secrets with a collision rate of 75%.

I am trying to figure out when to use a new IV for an AES-CBC communication and whether my approach is safe.

Here is a quote from Thomas Pornin from a similar question:

So, to sum up: you must choose a new, random IV (with a cryptographically strong generator) whenever you are about to encrypt plaintext data which was obtained after having sent over the wire the previous encrypted block.

I need  ...

I had a brief look at "On Defining Proofs of Knowledge" by Bellare and Goldreich and I am a little confused by their definitions.

I was under the impression a negligible function $f$ was defined as something like $$\forall\ polynomials\ p\ \exists k\ s.t.\ \forall x > k: f(x) < \frac{1}{p(x)}$$

And that non-negligible meant simply that it was not negligible. The paper however states: "Put in o ...

Let $E$ be a known, "secure" curve, defined over a field $\mathbb{F}_q$ where $q$ is either a prime $\geq 5$ or a power of $2$. Denote by $n$ the amount of rational points of $E$.

Consider $E/\mathbb{F}_{q^2}$, the same curve but defined over the 2-degree extension field. It is clear that any $E(\mathbb{F}_q)$ is a subgroup of $E(\mathbb{F}_{q^2})$, so by Lagrange, $m := |E(\mathbb{F}_{q^2})| = nl ...

Why I care: I want to implement some secure sessions for communicating over internet and since I am a complete amateur in this and don't want to spend a lot of time learning about cryptography or about specific libraries (as I am doing this only for fun), I want to have minimal preparation from programming side. From mathematical side, I am good at it, so spending extra time thinking (as opposed  ...

Is it possible for an attacker on a Diffie-Hellman key exchange to manipulate both sides in a way so that the secret generated on each side is identical?

Or put differently, would it be possible to detect an attack via MITM if we can detect via a different channel that the secrets of both parties do not match?

I need to design a Σ-protocol ZKP using Pedersen commitment scheme that proves knowledge of a, y such that statement A = h^y * g^a only holds for even y (y=2x).

Of course, the protocol needs to be sound, special-sound, and honest-verifier zero-knowledge.

Any suggestions?

In Hebrew language there is the term tzophen (צופן) which means cipher.

There is also a term "maphtech hatzpana" (מפתח הצפנה) which means "ciphering key".

What is a ciphering key?

Cipher, as far as I know, is a matter of resorting characters to get a meaningful message, so what "key" is needed to do so?

It might be that the Hebrew term is wrong and the meaning is "encryption key".