Latest Crypto related questions

Assume that block cipher scheme $(KeyGen, Enc, Dec)$ is CPA-secure. Show that $CTR_{Enc_k(0^n)}$ is a good PRNG.

Counter mode works as follows:

$Y_i = Enc_k(IV + f(i))$

$C_i = Y_i \bigoplus P_i = Y_i \bigoplus \{0^k\}= Y_i$

So the output here is simply $Enc_k(IV + f(i))$. Now, as good PRNG I understand that it needs to be indistinguishable from a random source. Let's assume it's not. So if $X_0$ is  ...

I have to solve the following problem:

What I have:

• $n$, a 2048 bit number

What I need to find:

• $p$ and $q$ such that $n = p\cdot q$.

What I know:

• With $p_1$ the first half of $p$ and $p_2$ the second half, the same with $q_1$ and $q_2$: $$p_1 = q_2\ \text{ and }\ p_2 = q_1$$

• Therefore finding $p$ you could also find $q$ and vice-versa.

• The size of both $p$ and $q$ is 1024 bits.

• (obviously)  ...

In comparing the merits of a Key Distribution Center or KDC versus a single root certificate authority public key infrastructure or PKI, is it possible for the KDC to be online at all times whereas the root CA (Single Certificate Authority) can remain offline?

Is there a way to modify the RSA so that it's homomorphically additive?

I did some research and came across a paper which describes MREA (Modified RSA Encryption Algorithm), an RSA modification that, supposedly, is homomorphically additive.

The authors define the encryption algorithm as follows: $$ E(message) = g^{message^e \bmod {n}} \cdot r^{m} \bmod m^{2}$$

$e$ and $n$ have the same meaning like in RS ...

We are manufacturing a sensor which transmits in 8 byte packets. This sensor will be used by several different receivers, some of which have very little spare RAM available (< 3 kb). On some of the receivers we will provide the software, in other cases, we will be providing the code to the manufacturer under NDA.

It is a commercial application and the sensor could be copied relatively easily.  ...

The private (secret) key in DL (discrete logarithm) based algorithms is uniformly selected from the group Zq*. This private key is then used to compute the public key. Could the opposite be done, for instance, select the public key uniformly from Zq* and then compute the private key?

For example, Alice and Bob have two numbers $a$ and $b$, respectively. They want to calculate the multiplication $a\cdot b$ without Alice knowing $b$ or Bob knowing $a$ and send this multiplication $a\cdot b$ to Carol. Carol will use this $a\cdot b$ to do further application. Carol will not collude with Alice or Bob. Are there any ways and libraries/tools in Golang to achieve this? Thank you!

I'm having difficulty understanding this.

Consider two messages are encrypted using the same cyclic group of order $q$, generator $g$, private key $x$, and random parameter $y$. The attacker knows a plaintext $m_1$ and its corresponding ciphertext $c_1=(r_1,s_1)$.

I was told that, under these circumstances, if an attacker also knows the ciphertext $c_2=(r_2,s_2)$ of another message $m_2$, they can recove ...

I'm having difficulty understanding this.

Consider two messages are encrypted using the same cyclic group order $q$, generator $g$, private key $x$, and random parameter $y$. The attacker knows a plaintext $m_1$ and its corresponding ciphertext $c_1=\left(r_1,s_1\right)$.

I was told that, under these circumstances, if an attacker also knows the ciphertext $c_2=\left(r_2,s_2\right)$ of another message ...

Suppose for $sk = x$, $pk = g^x$ we encrypt message $m$ with ElGamal encryption as $(g^r,m\cdot pk^r)$. My goal is to prove that I performed the encryption correctly, i.e. that the same $r$ is used across $g^r$ and $m\cdot pk^r$.

I thought of a simple $\Sigma$-protocol to show this as follows:

1. Prover samples $q_1,q_2$, computes $R_1 = q_1\cdot pk^{q_2}$ and $R_2 = g^{q_2}$ and sends $R_1, R_2$ to Veri ...