# Questions tagged as ['algorithm-design']

Design of cryptographic primitives (algorithms), like block ciphers, stream ciphers, random-number generators, hash functions, MACs, key exchanges, public-key encryption or signature schemes. Also tag with the relevant type of primitive. If you ask about a known existing algorithm, also tag with its name.
Score: 5 Can a series of triangle reflections be used for cryptography? (I guess no but why is this the case? Any way to make it possible?)

Out of a given equilateral triangle T1 (with his 3 vertices A,B,C lying in a finite Field $$\mathbb F_N^D$$) another equilateral triangle T2 can get constructed by mirroring one of the 3 vertices at the edge in between the two other vertices. This will be repeated multiple times.

Given just two random triangle T1 and T2 (and $$\mathbb F_N^ ...$$

Score: 1 Algorithmic game theory and protocol design for communication There is a field of exchanging information that combines cryptography and game theory. I am interested in understanding this field, but it's a little complex for me. To begin with there is a paper of Barany which shows that instead of having a centralized mechanism of information where a mediator can inform the players about what strategy to follow, the players instead can replace the mediator w ...

Score: 6 Can we use LEGO bricks to construct a cipher algorithm? I read a paper titled "On the entropy of LEGO", which explains how to calculate the number of ways to combine $$n$$ $$b\times w$$ LEGO blocks of the same color. For example, six $$2\times4$$ bricks have $$915103765$$ ways to combine. I wonder if could we construct a funny cipher algorithm using LEGO bricks.

Some definitions and symbols:

A $$2\times4$$ brick $$i$$ can be defined as: $$b_i:=\left( \begin{array}{cc} s_0 ...$$

Score: 0 BA protocol soundness explanation I was reading the following paper BA-made it trivial and when talking about BA agreement protocol in page 3, I didn't understand what it meant by soundness here.

A protocol P is an arbitrary-value (respectively, binary) (n, t)-Byzantine agreement (BA) protocol with soundness σ ∈ (0, 1],

so when is the soundness 1 or 0? or is the soundness true if it follows some rules?

Score: 0 Is it better to XOR rounds or just to make round by round in cipher? Let's consider we have keyed PRNG's and we want to build a cipher. What is better:

• to xor let's say ten such generators with some input as a plaintext (every generator got different key, but the same input),
• make 10 rounds, in which every generator output is new input to the next generator.

We see that usually ciphers have a round design. Is it because this is better?

Score: 0 Besides block-cipher which other methods can only be computed step-by-step even with known secret (but fast per step) and can be inverted? Depending at the cryptographic function used applying it $$i$$-times to a given input can be computed in different complexity classes (based at their input size).

$$f^i(m_0) = c_i$$

For example for most block-cipher it takes (even with knowing the secret key) about $$i$$ times the time as applying it just once (at least as far as I know). Same for $$i$$ steps backwards. Finding $$m_0$$ for given $$c_i$$ also take ...

Score: 0 How can a concatenation of $N$ block-cipher with known keys be more secure? General problem / Intro: encrypting the (computable) relation in between two random numbers which are members of a as small as possible set while anything except the order of execution is known to the adversary.
This question is about solving that problem with a concatenation of block-cipher.

Simplification:

• we only consider block-cipher which are similar to AES
• instead of $$N$$ different block-ci ...
Score: 1 Hash function producing cycles with expected max length Is there a known hash function $$H_k: X\to X$$ such that: $$\forall{x\in{X}},\exists{n\in{\mathbb{N}}}, n

=== EDIT ===

By hash function I mean that any other way of finding the preimage of $$x \in X$$ than iterating $$H_k$$ is computably unfeasible or at least significantly harder.

My motivation is using such a function as sequential POW.

Score: 2 How do we pick random elements in cryptography? While reading papers on cryptography, a lot of time I have seen that people pick random elements $$x\in \mathbb{Z}^*_q$$ to do something (like setting secret key and all). How does one randomly pick elements in reality. I mean in practical implementation, what procedure do we follow? Do we use some CSPRNG?

Score: 4 What would be the requirements for a new-age cipher standard? While nowhere near being broken, AES has known attacks like reading from the substitution table, memory-based attacks, etc.

If we keep getting better at breaking ciphers and we eventually get close to taking AES down, what would (in your opinion) be the requirements for a cipher of an era where even Rijndael isn't safe enough?

• key sizes
• data sizes
• design (stream/Feistel/PSN, or s ...
Score: 2 Hash functions, bijectiveness, and entropy For those who don't know, a bijective function is one for which each input yields one and only one output. A block cipher, for example, is guaranteed to be bijective or you could not decrypt.

When a hash function like SHA256 or SHA3 is used with an input the same length as its output, AFAIK this is not or at least should not be bijective. (Is that correct?)

If a hash is not bijective, does this mean ...

Score: 1 Is it possible to create a Dilithium Prime or Falcon Prime? In the NTRU Prime submission, principle author, the well-known DJB is adamant that

[the] primary objective [of NTRU Prime] is to eliminate unnecessary complications in security review

So much so, to the extent that the idea of pure cyclotomic ring, module, decryption errors, etc. are exterminated from the design.

I think this is good, as NTRU Prime serve as a model alternative to the other design ...

Score: 1 RC6 Integer operations in modulo 32 between two 32-bit blocks I am new to cryptography and I am trying to code the RC6 (Rivest cipher 6) algorithm. The algorithm requires addition, subtraction and multiplication in modulo 232. If I am performing these operations between two 32-bit blocks how would this work?

Any help would be appreciated because I can't seem to find any detailed explanation on this which would help me write code on how to execute these operations. ...

Score: 0 Is there any link between group signature and multi-signature Are both of these concepts related in someway. Can a group signature scheme be transformed into a multi-signature scheme?

Score: 0 Understanding non-linearity in Salsa20 over various rings In his design of Salsa20, Bernstein writes to ensure non-linearity he chose

32-bit addition (breaking linearity over $$Z/2$$), 32-bit xor (breaking linearity over \$Z/2^32), and constant-distance 32-bit rotation (diffusing changes from high bits to low bits).

Can you help me understand this? A linear function is one such that $$f(ax+by) = af(x) + bf(y)$$. It sounds like whether addition and xor are linea ...

Score: 3 How are the instantiations of RSAES-OAEP and SHA*WithRSAEncryption different in practice? For the spare-time project I had been working on, I'm evaluating the PKCS#1 padded RSA schemes for implementation.

For PKCS#1 v1.5, encryption doesn't seem to require a hash function, and the signature doesn't need additional mask-generating function (MGF) beyond a digest algorithm for hashing the message.

For PKCS#1 v2.x, both encryption and signature are instantiated with a MGF, a hash function, a ...

Score: 1 Encryption of data with multiple possible decryption keys I'm new to the Cryptography Stack Exchange, so my question might be very naive.

What encryption algorithms are out there that will allow different decryption keys to decrypt the same piece of encrypted data?

For example : If the data that I'm encrypting is just a simple string : "Test"

Then applying the encryption algorithm changes it to this : "532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F ...

Score: 1 Extracting genome from a Ciphertext Is it Probable to extract the ciphertext's genome and Visualizing it ?

Converting this:

60AD5A78FB4A4030EC542C8974CD15F55384E836554CEDD9A322D5F4135C6267
A9D20970C54E6651070B0144D43844C899320DD8FA7819F7EBC6A7715287332E
9CF31BFB66F816F319D0B7E430A5F2891553986E003720261C7E9022C0D9F11F


To this: Encryption is like grinding the meat, once yo ...

Score: 17 How Unique is a "NeuralHash"? I was doing some reading today about a major tech company planning to implement a new system for automatically detecting and reporting CSAM in users' photos. Overall, the system as described in their 12-page technical summary seems to be designed quite well, and may be as close as you can get to true privacy, while still allowing for content surveillance.

That being said, the hacker in me can't h ...

Score: 3 Recognize whether two random values are raised to the same power Alice selects two random numbers from a finite field $$Z_p$$ : $$a$$ and $$b$$.

Bob does one of the two following steps randomly (sometimes he does step 1; sometimes step 2):

1. He chooses a random number $$r$$ from $$Z_p$$ and calculates $$a^r\;mod\;p$$ and $$b^r\;mod\;p$$ and gives these two values to Alice
2. He chooses two different random numbers $$r$$ and $$r'$$ from $$Z_p$$ and calculates $$a^r\;mod\;p$$ and $$b^{r'}\;mo ...$$
Score: 1 How do we say that one cryptographic primitive is stronger than another? Can anyone help me understand this: How do we say that one cryptographic primitive is stronger than another?

Score: 2 What motivated CCM's monstrous design? The formatting function in Appendix A of NIST-SP-800-38C is a monster enabling CCM to support variable-length nonce from 7-13 bytes, variable-length encoding of the length of the payload. Also, the tag length is encoded in the formatting function making naive truncating of the MAC tag potentially incompatible with ciphertext instances with specific parameters.

The GCM mode and ChaCha20-Poly1305 are much  ...

Score: 0 Are there any block ciphers (like AES) which are (or can be) commutative under composition for different keys? Let $$BC$$ be a block cipher with similar security as AES (in ECB mode). This $$BC$$ is applied to a message $$m$$ of same bit size. The result is a cipher $$c$$.

e.g.;

$$BC(key_A,m) = c_A$$ $$BC(key_B,m) = c_B$$

I'm looking for a $$BC$$ with: $$BC(key_A,c_B) = c_{BA}$$ $$BC(key_B,c_A) = c_{AB}$$ where $$c_{AB}=c_{BA}$$ but for the majority: $$c_{A}\not=c_{B}$$

Is there any way to construct keys $$key_A, k ...$$

Score: -1  In MD5, if M=100, how can we perform padding on it and how many blocks are needed in each round?

These are general questions for understanding padding and rounds.

Score: 3 Can you create an encryption algorithm from a signing algorithm, or vice versa? I remember reading, a few years ago, that you couldn't prohibit encryption without prohibiting signing, as you can always make a public key encryption algorithm from a signing algorithm.

(It might be that you can always make a signing algorithm from a public key encryption algorithm.)

Furthermore I remember than this operated bitwise, so that each bit needed to be signed in some manner in order to e ...

Score: 1 Encryption algorithm by a vectored key and the error is Proportional to the difference between input key and real key I want to find an encryption algorithm which provides the functionality described below.

Given a key (a vector Vkey) and a data (an image), use this key to encrypt the image; the encrypted image can not be identified afer encryption.

When decrypt, if:

1. use a key = Vkey to decrypt, the decoded image is the same as original one without error.
2. use a key = Vkey_1, and diff(Vkey, Vkey_1) < threshold, ...
Score: 1 Key stream instead of key schedule Let's consider a block cipher in CTR mode. And let's consider a keyed PRNG or just a good PRNG with a seed as the key. The PRNG has to be very fast.

Is it a good idea to put away the key schedule and do "infinite" key scheduling by generating a keystream? Then every block in the cipher will be encrypted with a different key.

Of course, even a fast PRNG needs some time to generate a few 128 -bit keys ...