Latest Crypto related questions

Previously I thought about a pair of 8-bit uniformly distributed random numbers $(a,b) \in \{0,1\}^8$, and $X$ to be bitwise XOR, $Y$ to be 8-bit addition. But it turned out that revealing $a \text{ XOR } b, a+b \bmod{2^8}$ does reveal a lot of information bits about $a,b$.

A smart dude here mentioned "dependence" as a property. So I guess I am looking for independent operators? Or, at least, oper ...

I was reading about TLS 1.3, and noticed how session resumption was done via PSKs instead of Session IDs/Session Tickets. But from what I've understood, PSKs just seem like a combination of Session IDs and Session Tickets mechanism (the psk identity acting as session IDs and the New Session Ticket acting as the session ticket).

My question is, why has the PSK method been employed over the previou ...

I wanted to compare the performance of different cryptographic systems. There is a pretty good paper comparing the 3rd round finalists of the NIST competition.

I was wondering if there are good performance comparisons of those PQ-Protocols and modern ECC/RSA protocols (e.g. Curve25519). Sadly I couldn't find a good paper about that. Neither for comparing the number of mathematical operations nor for rea ...

I'm looking for a quantitative yet simple proof of the EUF-CMA security of a signature scheme obtained by Fiat-Shamir transform.

Recall the Fiat-Shamir transform starts from a 3-pass identification protocol with messages $(I,r,s)$, where $I$ is the prover's commitment, challenge $r$ is chosen uniformly at random in set $\Omega$ by the verifier, $s$ is the proof. It uses a hash $H$ into $\Omega$.

Genera ...

Say $a$ and $b$ are some uniform random $8$ bits so that the entropy of $a$ and $b$ is 8 bits each.

If I show you $(a+b) \bmod{256}$ and $a$ XOR $b$, then what can you tell about $a$ and $b$? Or how much of their entropy is reduced?

Given the BB-IBE scheme how can changing the hash fnc. result in the scheme no longer being IND-SID-CPA secure?

Just a question I thought of while playing an amazing game about time travel (13 sentinals aegis rim). What are the most bullet-proof cryptographic methods for proving you've come from beyond a particular year? (e.g. 2069)

My current idea goes something like this:

1. A huge trust-worthy company (e.g. Google) creates a super secret key and a public key.
2. Every year, they put out the message "Hello *current ye ...

I am reading Sec 5.8.2 in the textbook Introduction to Mathematical Cryptology (Hoffstein, Pipher and Silverman), a precursor to introducing the structure of Weil pairing. It first defines a rational function in one variable, $f(x)$ its corresponding zeroes and poles and uses that to define the $div(f(x))$. They move on to elliptic curves. They define an $E: y^2 = x^3+ax+b$ and consider a rational funct ...

The mac1 field in the WireGuard handshake messages is populated as:

msg.mac1 := Mac(Hash(Label-Mac1 || Spub_m'), msgA)    // first arg is MAC key

Label-Mac1 is a constant, Spub_m' is the static public key of the peer, and msgA is the bytes of the message before the mac1 field.

I don't understand the purpose of this, given that every part of the MAC key is public knowledge (a constant and a static pu ...

I'm reading from William Stalling's Cryptography & Network Security - 7th Edition

To me the first line suggests

$$(M^e\bmod n)\times(2^e\bmod n)=((2M)^e\bmod n)$$ which means that if we want to define a message $X$ such that when decrypted it gives $2M$ then we should consider $X=(M^e\bmod n)\times(2^e\bmod n)=C\times(2^e \bmod n)$

The book for some reason is however suggesting $X=(C\times2^e) ...

I need to store sensitive data (like customer photos) in a SQL database in the most secure way in case of security breaches. The data won't be accessed by the clients, only to internal processes that perform some validations. The customers dont have any input like passwords, they just register with us and we keep track of their data. Client side encryption is not possible in the current setup that's why ...

I'm interested in the Post Quantum Algorithms of the 3rd round of the NIST standardization competition. The algorithms for KEM are Classic McEliece, CRYSTALS-KYBER, NTRU, SABER and their 5 alternatives. The signature algorithms are CRYSTALS-DILITHIUM, FALCON, Rainbow and the 3 alternatives. I was looking for a comparison of those algorithms regarding key length (mainly for level 1 NIST security) and run ...