Latest Crypto related questions

I'm very new to cryptography. I'm required to read a paper.

I totally don't understand. First, what's the meaning of the asterisk in $H:\{0,1\}^*\rightarrow \{0,1\}^k ?$.

Second, what does PPT mean here? (I searched the Internet but didn't get satisfying answer.)

Third, why if $b=1, s\leftarrow H(g^{ab})$, else $s\leftarrow \{0,1\}^k$? I understand step 1,2,3 but don't understand step 4,5,6.

Could anyon ...

In many NTRU material it is said that with our choice of the polynomial $f$, it will almost always have an inverse. Maybe it's a stupid question, but why will it almost always have an inverse element? And why is it recommended to take the polynomial $1 + pF$ in order to have the inverse? And one more question: why is it necessary in this scheme that $g$($x$) does not have an inverse element? What is ...

I am talking about the process in the image:

Everyone is saying this process is safe and and what I am claiming is impossible, but common sense says different.

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA supports forward secrecy but it doesn't use GCM mode and use SHA1 TLS_RSA_WITH_AES_256_GCM_SHA384 uses GCM mode and SHA2 but it doesn't support forward secrecy. Which one is more secure?

I generate a random message m sent to a device that calculates sig(m, privKey) with secp256k1. It then performs an HTTP GET call to share both pubKey and sig with the purpose of authentication.

(m remains private to me and is randomly generated for every new authentication request. EDIT: it crypto terms it might be called a "challenge"?)

I want to derive a constant secret from m and sig, m' and sig'

Here I use a Threefish kernel module with CBC mode. But there is no hash function that can supply a IV with Threefish block size (1024-bits), so I use a 64-bit random IV inserted in the dm-crypt with cryptsetup --skip option.

I know that the ideal size for an IV in CBC encryption is the same size of the block, but, what would be the consequences of using an IV smaller that the block size in CBC encr ...

Referenced paper here.

The above excerpt is from Page 19 of attached paper. I have a few questions.

1. y = F^9(x) is equivalent of F(F(F(F(F(F(F(F(F(x))))))))) ?
2. The excerpt says that this allows us to sign 4 bits of information. Shouldn't it allow a person to sign any size message(ex: 100 bits) not just 4 bits by just running the hash function repeatedly(ex. if the message to be signed has the value 2478 ...

From the wiki, we know that to encrypt a message $M$ using Elgmal encryption, one should firstly map the message $M$ to an element $m$ of G using a reversible mapping function, then run the ElGamal encryption algorithm to get the ciphertext $C$. To decrypt $C$, one should run the decryption algorithm to get $m$, and finally, map the $m$ back to $M$ using a reversible mapping function.

As we know that El ...

Me and my friend would like to login to an SSH server using the same private RSA key.

However, we don't want to transmit the key over the internet, for security.

I am thinking if it's possible to generate the same RSA key pair using a mutual secret from the Diffie–Hellman Algorithm (or other key exchange algorithms).

So basically I want to ask:

1. Is there a tool that does this already? I did some resea ...

I'm curious how, in onion routing, the relay nodes identify which node to forward the message to? From my understanding the message must travel a specific path based on the keys the user has. I don't understand how the nodes understand how to relay the message both in the request path and in the response path. Explanations I've seen at my level seem to abstract this part away.

My guess is that in ...

Let $E$ be an elliptic curve over a prime or a binary extension field $GF(2^m)$, and let $G(x_g,y_g)$ be a generator point on the curve. Let $Q$ be an arbitrary point $Q = r*G$, with $r$ scalar, and $Q$ an element from the group of generator $G$ of order $n$.

I have read in some sources (e.g. here for curves over binary extension fields) that, if an actor can distinguish whether the doubling of $Q$