Latest Crypto related questions

I understand the theory behind Hastad's broadcast attack.

Namely if we have three encrypted messages with the exponent e=3:

c1 = m1 mod n1,
c2 = m2 mod n2,
c3 = m3 mod n3

Then we can use the Chinese Remainder Theorem to find

c = c1 mod n1,
c = c2 mod n2,
c = c3 mod n3,
c = m^3 mod n1*n2*n3

and since n1 * n2 * n3 is too large, we simply have c = m^3

I only find explanations for smaller numbers bu ...

I was playing a game on cryptography where I encountered this problem:

Hashed Value of password: 24 109 76 35 22 94 83 25 106 104 73 87 56 38 56 50 10 92 58 84 44 88 24 112 125 121 125 43 122 55 106 54

The password is made of letters between 'f' and 'u'. The password is in alphabetical order. For hashing, the password is viewed as a sequence of numbers $x_1$, $x_2$, ..., $x_m$ in the field $F_{127 ...

I'd like to be able to better define the security of a BIP-39 algorithm where I just consider the process of giving me a "seed phrase".

Imagining a scenario where a hacker would try to gain access to existing crypto wallets using the seed phrase as a basis to go through the PK algorithm and obtain the hash of access to the targets' wallets, where the targets could be any user on the network with  ...

Or more general each member can be part of up to three 2D locally euclidean planes of 2 different dimensions each.

(each of those planes is cyclic in two orthogonal directions, like a torus)

Given just one member it could look like a node network:
(just one node with some neighborhood displayed here. Those neighbors have again neighbors not displayed here)
(left: 1 plane, right intersection of 2 p ...

Okay so I've got an assignment for cyberlaw and this could be irrelevant to the question. But I have a situation where someone signed a a will using an advanced electronic signature, but this signature was separate from the will itself. So two different documents: (1) signature.txt and (2)FinalTestament.txt. If these two documents' SHA256 matches, can I assume that there was no interference with the Wil ...

This is from a past exam paper. The question is as follows:

A protocol designer uses signature to simplify, and hopefully correct, NSPK:

1. $A → B$ : $sign(sk_A, encrypt(pk_B, N_A))$
2. $B → A$ : $sign(sk_B, encrypt(pk_A,(N_A, k)))$

where $N_A$ is a fresh random nonce created by $A$, $k$ is a fresh session key created by $B$, and the sign and encrypt operations use the public key cryptosystem t ...

What is the difference in key generation with commands below?

openssl genpkey -algorithm RSA -out key1.pem

key1.pem content:

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

openssl genrsa -out key2.pem 

key2.pem content:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

I believe I have found insecure usage of AES-CFB8 in an application I am working on and would hope someone could explain how and why this is insecure and what an attacker could do such as key recovery as that would be the worse result for this protocol.

Basically AES-CFB8(explicitly without padding) is used to encrypt a stream of data and the IV/key are reused between the server and client stream ...

In Schnorr signature (R, s), R is used. But in ECDSA signature (r, s), r is used, which is the x-coordinate of R. Why the difference?

I am trying to understand the noise growth due to multiplication in BFV encryption.

As explained in section 4 and equation 3 of this paper: https://eprint.iacr.org/2012/144.pdf.

I couldn't follow what is $r_a$ and $r_r$ is in their equations.

Also how they are bounding the values of all rounding errors?

Also is there are simpler explanation?