Latest Crypto related questions

In the following paper: https://eprint.iacr.org/2018/056.pdf, the random oracle is defined as follows: $ H: *\xrightarrow{} \{ \mathbf{v} | \mathbf{v} \in R_{q,[1]}, || \mathbf{v}||_{1}=\omega\}$

Where $R_{q,[1]}$ stands for those elements that belong to the ring $R_{q}=Z_{q}/<x^n+1>$ and have coefficients between [-1,1].

Are these random oracles secure? If so, which hash function could outpu ...

$\text{CBC-MAC}$ is defined as follows:

• $\text{CBC-MAC}_k() = IV $

• $\text{CBC-MAC}_k(m_1, . . . , m_n) = E_k(m_n \oplus \text{CBC-MAC}_k(m_1, . . . , m_{n−1}))$

My lecture notes say that this is secure for fixed-length messages but forgeries are possible with arbitrary-length messages. I'm trying to come up with a proof for this.

I read somewhere that oblivious linear function evaluation(OLE) can be used to build a PSI protocol. Is there any link between these two primitives?

I'm studying ECDSA, and almost all somewhat detailed articles talk about using Strauss-Shamir trick on the verification step.
Then I searched, and found this explanation (more like a stating) for the algorithm, and then this other pdf (page 7) that explains it a bit more in detail. But none of them provide an explanation why it works.
I would like to have some sort of demonstration or example of  ...

Currently I am facing a situation in which Ed448 key pairs (private + public key) are available and the system should be extended by a Diffie-Hellman (ECDH) operation. First of let me summarize what I have understand so far.

Ed448: Is the digital signature algorithm on edwards448.

X448: Is the Diffie-Hellman function build for Curve448.

Curve448: Is an elliptic curve in Montgomery format as specified  ...

1. The proof of Theorem 5.2.13 : For semantic security, the author wrote "$m_1 \leftarrow {\rm Sim_1}(1^\lambda)$". I think it may contradict with the security requirement defined in Definition 5.2.11 and Definition 5.2.12 where it is required that the outputs of ${\rm Sim_1}(1^\lambda)$ and ${\rm SFE1_F}(1^\lambda, x)$ should be indistinguishable, that is, it should be "$(s, m_1) \leftarrow {\rm Sim_ ...

Basically this post was about a cipher with a trailing "="

Any idea is welcome :)

I'm self-studying cryptography from A Graduate Course in Applied Cryptography by Boneh and Shoup (version 0.5), and I'm having trouble seeing the result in Exercise 6.7.

In the book a secure MAC system is defined in terms of an attack game where an adversary can perform signing queries on arbitrary messages to receive tags. The adversary sends messages $m_1, m_2, \ldots, m_Q$ to its challenger and r ...

Why if $q$ is a power-of-two integer, then doing arithmetic modulo $q$ (addition and multiplication) is very efficient and straightforward?

Very short question.

Is it possible to encrypt a sequence of numbers with FPE in a range 10 000 to n where the possible encrypted values are offset and can only fall within the range 10 000 to n?

Eg. A sequence number with a maximum of 10 digits will be zero padded (0000 0532 12) and encrypted into the IAN part of a PAN number (Equivalent digit size). Any sequence number larger than 9999 should not  ...

Are there any examples of a cryptographic scheme based on (an average-case form of) a #P-complete problem?

I have read the paper about testing a device for side channel leakage or if it is even possible to perform such an attack on the device. The idea is to perform a TVLA, which performs a welchs t-test to figure out the leakage. My question is: would it be also possible to perform TVLA even if the key is unknown(but constant) or/and the key cannot be changed? In the case of this test we have to adjust the  ...