Latest Crypto related questions

I am using the NIST SP 800-22 to evaluate the performance of the Random Numer Generator.

NIST SP 800-22 has a total of 15 tests. In each test, it has a recommendation for the size of the tested sequence. For example, in the Discrete Fourier Transform (Spectral) Test : "It is recommended that each sequence to be tested consist of a minimum of 1000 bits (i.e., n ≥ 1000)." So it means, the size o ...

AES is known to be resistant against the plain text attack.

However, any idea what is the possibilities of breaking it if the input data is just the one byte, with known and unknown IV?

I have an existing RSA key pair, how to 'derive' a different key pair based on the existing one so that the encryption decryption functionality remains but the original key isn't interchangeable with the 'modified'/'derived' key?

I have been studying Wieschebrink paper "Cryptanalysis of the Niederreiter Public Key Scheme Based on GRS Codes". In the paper a cryptosystem using GRS codes is exhibited with an attack proposed to the cryptosystem, this one being the Sidelnikov-Shestakov attack (well, actually a reformulation from the original one that at least to me is easier to understand).

In the attack you try to recover the ...

I am doing an independent research in cryptography. I have designed a post-quantum secure pseudo random function.

Just constructing a PRF will not help me to publish in reputed journals. I was thinking to use the PRF I designed as a building block to build some other primitive?

Can someone suggest me something? In which direction I can proceed. What are some primitives which can be solely designed u ...

Suppose I have a 32 bit CRC function $\text{crc32}(x)$ that satisfies all the properties of a CRC. Suppose also that I am a lazy developer who wants to create a 64 bit CRC function but doesn't want to actually have to implement another CRC, so I design a function

$$ f(x)= \text{crc32}( {\tt{"}\tt{foo}\tt{"}}\ ||\ x ) \cdot 2^{32} + \text{crc32}( {\tt{"}\tt{bar}\tt{"}}\ ||\ x ) $$ Does $f$ form a CR ...

In a public key system, Alice sends Bob separate messages telling him information about the time T and place P they would meet, encrypted with Bob's public key. What is the most secured protocol:

A --> B : {T},{P}

or

A --> B : {T,P}

?

In other words, which one is most secure: sending separate messages with different encryptions, or combinig two messages in one and sending it with one encryption?  ...

I don't get it. I find all the available documentation around bip32 hardening derivation complete confusing. Could anyone explain me if this algorithm has any issues:

mnemonic = bip39.generate mnemonic
seed = menominic.seed
masterKey := bip32.newMasterKey(seed)
child1 = masterKey.newChildKey(0)
child2 = masterKey.newChildKey(1)

Alice receive child1.privatekey

Bob receive child2.privatekey

Is there ...

To be more precise, in the books I sometimes see that they just require you that the order of your elliptic curve is $|E| = fr$, where $f$ is some small integer with possible factors, but $r$ is a large prime. I know that this is ok when working with ECC since, for example, the ECDLP is as hard as the largest prime order subgroup. But why the urge to work with this? Is it in practice easier to generate su ...

I am building a encrypted messaging app over tor network and currently I'm struggling on using tor generated ed25519 private key to sign and verify any message.

Below piece of code works with a 32 bytes key however after skipping 32 header bytes of hs_ed25519_secret_key it fails to verify the signature on below cases:

1 - secret: left half of the remaining 64 bytes, public: right half
2 - secret: ...

Let $n$ be a product of two odd, distinct large primes $p$ and $q$. Define the hash function as $$ H_{F}(x)=2^{x} \bmod n $$

Is this hash function resistant to 1st/2nd preimage and collision attacks? Why/why not? Could you provide examples?

Also, given $o_\mathrm{max}$ is the maximum order of an element modulo $n$, why can we say that $o_\mathrm{max}=\operatorname{lcm}(p-1,q-1)$?

I was reading Kipnis' and Shamir's paper on Cryptanalysis of the HFE Public Key Cryptosystem by Relinearisation and I wanted to implement the example at the end in Octave without using any additional packages (e.g symbolic ...). I would like to create an algorithm that solves systems of linear equations over finite fields (q = 7 in this case) where you have more variables than equations (in this cas ...

I was just thinking about this and couldn't seem to find anything on it online.

So the idea I had was this:

Generating a random key of some length. Then hashing this key with SHA256 (or something of similar security), then looping through each byte of the hash and each byte of the text and doing an XOR operation with both of these bytes, generating a new byte. Then stringing these new bytes together ...

Suppose we are working with a cipher with the same general structure as AES.

I want to attack the cipher in the following way: suppose that the differential holds only for the first round (much higher probability than wanting it to hold for all rounds from the first to the penultimate), recover the first subkey, then proceed from there, always crafting plaintext such that the differential is like ...