Latest Crypto related questions

Consider the following protocol:

1. $A\rightarrow B: \{N_A,A\}_{pk(B)}$

2. $B\rightarrow A: \{N_B,N_A\}_{pk(A)}$

3. $A\rightarrow B: hash(N_B, A, B)$

where it is intended that when either $A$ or $B$ has completed their own role in the protocol, they are assured that the other has participated in the protocol with them and that $N_A$ and $N_B$ are random nonces generated by $A$ and $B$. $\{X\}_{Y}$ mean ...

Work Factor is defined as the minimum amount of work (can be the length of the key) to determine the secret key of an cryptosystem (HAC, Menezes, Alfred J. et al).

And One time pad have unconditional security or is perfectly secure, it means it is impossible to break even with unlimited processing power and memory (when correctly implemented, of course). How these definitions can be met? Because it ...

Is it possible to generate a .pem file from a sha256 ?

As an example, I obtained the hash of a sha256 certificate, I don't have more information on it. Can I generate a certificate based on this hash in order to listen to the traffic using this certificate?

I am trying to prove the following:

Given an ensemble $\{p_n, g_n\}$ ($p_n$ is an $n$-bit prime and $g_n \in \mathbb{Z}^*_{p_n}$ is a generator), if $A$ is a deterministic polynomial time algorithm such that:

$$ \Pr_{x \leftarrow \mathbb{Z}^*_{p_n}} [A(a)=x \text{ where } g_n^x=a]=\frac{1}{poly(n)}$$

then there is a PPT algorithm $A'$ that solves discrete log with high probability for this ensem ...

I read some papers that mention the von Neumann corrector. They always assume that for the von Neumann corrector, the input bits are independent of each other and same bias

Why does the von Neumann corrector only work when the input bits are independent of each other and same bias?

In the final step of verifying an EdDSA signature, 4[S]B is compared to [4]R + [4][k]A.

Because I'm using the XYTZ - extended twisted Edwards coordinates, I want to, for efficiency reasons, do:

$$ Y(\text{Left}) \cdot Z(\text{Right}) = Y(\text{Right}) \cdot Z(\text{Left})$$,

But that leaves the X coordinates unchecked.

Can this check be secure?

I want to modify the semi-honest opprf protocol in CCS17(Practical multi-party private set intersection from symmetric-key techniques) to be against the malicious receiver. I see that Paxos against malicious sender and receiver, but for some reason, I need to use OPPRF, is there an easy way to modify the semi-honest opprf in CCS17?

I am trying to remove the encryption (AES) from the improved LSB which is in Python:

I want to do comparison on LSB with AES and LSB without AES. The AES is connected to LSB.py, PLShandler.py, main.py. How to detach/remove the AES completely. i try deleting the AES.py but show error as other files are connected. How to remove the connection in each file. I don't know to reverse engineer that.

https://gi ...

In the Section 3.12 of book writen by Boneh and Shoup, a Bit commitment from secure PRGs is presented as follow:

Bob commits to bit $b_0\in_R\{0,1\}$:

Step 1: Alice chooses a random $r\in R$ and sends $r$ to Bob.

Step 2: Bob chooses a random $s\in S$ and computes $c=com(s,r,b_0)$, where $com(s,r,b_0)$ is the ollowing function: $c=com(s,r,b_0):=\left\{ \begin{array}{rcl}G(s) & \mbox{if}& b_0=0 \\ G ...

Imagine you have a blockchain where the Proof of Work scheme is integer factorization. There is an opcode that takes two integers $N,M$ where it returns true if $M\not\in \{0,1,N\}$ and $N \mod M \equiv 0$. Now, suppose we want a number factored, say $M_g$. It could be a Cunningham number, a brilliant number or any other number where there is an interest in knowing its factorization.

We can create a tr ...

Show that if two different RSA public keys $p_k$s are known to an attacker for the same secret key $s_k$, then $s_k$ can be broken

I've deduced that that if the 2 public key exponents are $e_1,e_2$ then they have the same remainder modulo $\phi$, but that still doesn't help me determine $d$.

Assume an architecture with fast 60-bit native words (a close example would be Ocaml, which has unboxed 63-bit numbers, and only boxed 64-bit numbers). We're looking for the fastest hash function in that architecture. Keccak is great, but our best bet, so far, is to port it from implementations that use 32-bit numbers, such as JavaScript. That would be sub-optimal. I wonder if it is possible to modify K ...

I'm trying to stop a server using Diffie Hellman algorithms of less than 2048 bits ..but I'm getting confusing results

I've run

Get-TlsCipherSuite | Format-Table Name, Exchange, Cipher, Hash, Certificate

and I can see

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

......all of which I know to use only 1024 bit ...