Join Log in

Latest Crypto related questions

Score: 1
bobthebuilder avatar
Version rollback attack prevention in TLS 1.2?
cn flag
bobthebuilder

Are there any methods to prevent version rollback attack while using TLS 1.2 (apart from disabling lower versions)? I've read about how TLS 1.3 provides a downgrade protection mechanism which is embedded in the server’s random nonce. Is there any such mechanism in TLS 1.2?

Crypto tls protocol-design man-in-the-middle encoding
Score: 1
Titanlord avatar
Models and assumptions in the post quantum world
tl flag
Titanlord

I'm currently trying to get an overview of post-quantum cryptography. Now I'm struggling with correlations and adjustments of the PQ-world and the Modern-world of cryptography.

My Questions:

  1. Can you give me a brief overview of new important assumptions in the PQ-world (e.g. something similar to the factorization or discrete logarithm assumption)?

  2. Can you give me an overview about new models / adj ...

Crypto post-quantum-cryptography random-oracle-model hardness-assumptions
Score: 1
user216096 avatar
Digital signature forgery
hu flag
user216096

My understanding of digital signatures is as follows: Alice hashes a message with a one-way cryptographic hash function, the output of which is called the message digest. She then encrypts the digest with her private key and then sends both the original unhashed/unencrypted message along with the encrypted hashed version (i.e. the digital signature) to Bob. Bob uses the same hash function on the message ...

Crypto signature
Score: 2
AXX avatar
Understanding the "rewinding argument"
cm flag
AXX

I read through related questions on this SE, but I still do not understand why we can use the rewinding argument. Specifically, rewinding seems like a really strong superpower to me, and I don't understand why such strong assumption does not undermine the strength of the conclusion. Sure, the adversarial verifier learns nothing from a simulator that can manipulate time, but if some entity is so strong t ...

Crypto zero-knowledge-proofs
Score: 0
If I sign-then-encrypt a JWT, how does a 3rd party validate that the JWE message is valid?
es flag
Archimedes Trajano

Since it is preferred to sign-then-encrypt I was wondering how can another party validate that the message is valid?

The use case I had was the following...

  1. Client authenticates and gets the access token, the access token is a signed JWT from authorization server
  2. Client verifies that the JWT is signed by a key that the client recognizes
  3. Client sends requests with the JWT passed on the header as Bear ...
Crypto encryption jwt
Score: 1
phantomcraft avatar
Can Bob and Alice do an authenticated Diffie–Hellman key exchange if Bob only knows the hashsum of Alice's key?
pf flag
phantomcraft

Tor vanilla bridges look like this:

Bridge x.x.x.x:1234 9DD03662B50FEDBF6F8D5630CB86D7E8CE4F4432

It's only the IP/Port and a hash of the key.

Can Bob and Alice do an authenticated Diffie–Hellman key exchange if Bob just knows the hashsum of Alice's key?

Thinking by myself is possible, Bob receives Alice's key and verify the integrity, if a there is a different hash of the key, Bob end the connect ...

Crypto hash public-key key-exchange diffie-hellman man-in-the-middle encoding
Score: 0
Is AES GCM with PBKDF2 100k iterations still ok as of 2022?
us flag
Basj

Is using AES GCM with PBKDF2 and 100 000 iterations still considered secure as of 2022?

In our threat model, if we ignore the risks linked to quantum computing, is this secure?

Here is an example working Python implementation:

import Crypto.Random, Crypto.Protocol.KDF, Crypto.Cipher.AES
plaintext = b"hello world hello world hello world hello world hello world"
password = b"correct horse battery st ...
Crypto aes key-derivation pbkdf-2 aes-gcm
Score: 2
Novice_researcher avatar
Meta Reduction in Fiat Shamir Transformation
br flag
Novice_researcher

What is meant by meta reduction? What does it achieve and how is it different from the normal reduction technique?

Crypto fiat-shamir reduction
Score: 0
Novice_researcher avatar
Oblivious Commitment vs Normal Commitment used in Identification Scheme
br flag
Novice_researcher

How does oblivious commitment remove the active security? How is it useful over a normal commitment scheme.

Crypto commitments
Score: 2
redd avatar
Lamport Diffie One-time Signature
no flag
redd

I am going through the Lamport Diffie One-time signature. I am having a hard time understanding

  1. How can long messages (greater than 100 bits) can be mapped into short messages (100 bits) by a one way function and only the short message signed? Can someone explain this with an example?(Refer page no.13 in attached document.)

  2. "the message can be encrypted with a newly generated random key by the sig ...

Crypto public-key signature hash-signature
Score: 1
non-prime modulus for Ring-SIS
cn flag
A.Solei

Consider the Ring-SIS problem for $R_q=\mathbb{Z}_q[x]/(x^n+1)$ when $n$ is power of $2$ and $q=1 \mod 2n$. Does the modulus $q$ need to be prime? if yes, it seems that it is mainly because of the way that we prove the hardness of Ring-SIS by reducing it to a lattice-problem. This means that it might be possible to choose $q$ non-prime, is there any attack to the case that $q$ is not prime.?

Crypto sis
Score: 4
Dimitri Koshelev avatar
Do you know protocols, where it is necessary to obtain several "independent" points on the same elliptic curve?
id flag
Dimitri Koshelev

Consider an elliptic curve $E$ defined over a finite field $\mathbb{F}_{\!q}$ with a fixed non-zero $\mathbb{F}_{\!q}$-point $P$. For simplicity, let the order of the $\mathbb{F}_{\!q}$-point group $E(\mathbb{F}_{\!q})$ be prime and hence the group is generated by $P$. For the sake of security, in numerous protocols of elliptic cryptography (e.g., in a safe version of Dual_EC_DRBG) we need to generate  ...

Crypto elliptic-curves public-key protocol-design protocol-analysis elliptic-curve-generation
Score: 2
phantomcraft avatar
Authenticated Diffie-Hellman with no proofs that each one keys are the right keys. Is it possible?
pf flag
phantomcraft

Let's suppose that Bob has only Alice's IP and no more information about Alice's key, nor the digest of Alice's key.

They exchange keys and need proof that the received keys are the same keys that were sent.

How Bob and Alice can know that the key received is the right key?

Also, I read about Sigma protocol:

The general idea is that Alice and Bob do an unauthenticated Diffie-Hellman (D-H) key exc ...

Crypto authentication key-exchange zero-knowledge-proofs diffie-hellman

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.