Latest Crypto related questions

Let's consider for simplicity Middle-Square Weyl Sequence RNG:

https://arxiv.org/pdf/1704.00358.pdf

We can choose there parameter for independent stream generation, we can call it key. Let's consider we would use it as a stream cipher, so stream is xored with plaintext.

But what it mean to broke such a cipher? Even if we hack the key, we can't compute the seed in invertible way, beacuse regardless of t ...

Assume two end-points $A, B$. $A$ sends to $B$ a $Hash(pv||key)$, where $pv$ is a public value that can be intercepted by attackers. The $key$ is a common secure shared key in both end-points, and $||$ denotes concatenation. Obviously, end-point $B$ has all the info required to check the received hash. I was wondering though if in this particular setup there is some security risk due to the concatenation  ...

Certificates are used very often in crypto. From the search, I am a bit confused what exactly is the "public key" inside a certificate essentially? Is it always a signature verification key, or could it also be the encryption key?

In my understanding, for root and intermediate CA certificates, the public key is always meant to be the signature verification key. But is it also true for the leaf certi ...

Leaving memory-hardness assumptions aside, some slow hash functions are iterated salted hash-chain versions of regular cryptographic hashes. This is usually defined by a round parameter i.e., in PBKDF2. Is there any cryptography paper that addresses security-bits definition based on the factor of rounds of linear successive invocations (not parallel) for one output computation?

I.e., a concrete examp ...

I am wondering if there is any available threshold crypto library that is well-audited and ready to be used in production. Any pointer is appreciated.

I implemented carry-less multiplciation using the CLMUL instruction set. This is similarly fast to simple modulo multiplication. But computating the result mod some polynomial is still very slow. I do it this way:

for (unsigned int i = 32; i-- > 0; )
{
    if (c & (1L << (i + 32)))
    {
        c ^= 1L << (i + 32);
        c ^= (uint64_t)p << i;
    }
}

Where c is 64-bit carr ...

Hi everyone so currently I'm trying to learn about encryption to build secure messaging app (Mobile-app, flutter based). I want the app to have 2 messaging features which are 1 on 1 messaging and group-chat messaging. Firstly I wanted to try using symmetric encryption for the app, but there are some question that make me a little bit confused:

1. When using symmetric encryption, assuming that each  ...

I have an example of an exam question here:

The open message source is a language with an alphabet represented by an 8-bit ASCII code stored in a byte (=8 bits). The relative redundancy of the language is 50%. Calculate the maximum Unicity Distance for an AES cipher operating in the ECB cryptographic mode of operation with an input block size of 128 bits.

I can't figure out how to get redundancy D

skinny cipher has been lately considered as ISO/IEC standard while is still competing as building block of Romulus AEAD in NIST LWC finalists.

what is the difference between the two ISO and NIST processes? which is higher hand in the industry adoption ?

I'm trying to understand the GF theory, but every time I come across information about AES it all makes no sense.

In my opinion $GF(2^8)$ defines any polynomial of the form:

$a_{7} x^7 + a_{6} x^6 + a_{5} x^5 + a_{4} x^4 + a_{3} x^3 + a_{2} x^2 + a_{1} x^1 + a_{0}$

Where $a_{i}$ can be 0 or 1. And everywhere I come across information that AES works just in $GF(2^8)$. But in AES $a_{i}$ are bytes, right ...

Alice has an ElGamal public key $y=g^x$. Bob encrypts a value $g^b$ based on Alice's Elgamal public key and he ends up with a ciphertext $(g^by^r, g^r)$. Can Bob prove that the value $b$ is in some range without revealing it or do you need to be the "owner" of the ElGamal secret key $x$ to create such proofs?

If $g^b$ is confusing then ignore it and consider a value $b$, I just need to know if I can cre ...

Summary. Given some dimension $n$ (say $n=50$), is it possible to describe explicitly a lattice $L$ and a basis $B$ of $L$ such that $$ \frac{ \| LLL(B)_1 \| }{ \lambda_1(L) } > 1.02^n $$ where $LLL(B)_1$ is the first vector of the LLL-reduced basis of $B$ (for $\delta=1$ say)? The constant 1.02 is the one given in "LLL on average" by Nguyen–Stehlé. Or at least, how can I produce (deterministi ...