# Questions tagged as ['encryption']

Does anyone know of a C++ homomorphic encryption library that supports addition, multiplication and logical right shift over integers? Some set of instructions that allows the implementation of logical shifts would work as well. The range should be at least sufficient to support signed 32-bit integers and the scheme should support arbitrary depth. I tried using Palisade, but found no way of implementing ...

I've came with the following problem from the **Theory and Practice** book by Stinson-Paterson. It states the following:

2.17

(a) Prove that a permutation $\pi$ in the Permutation Cipher is an involuntory kei iff (if and only if) $\pi(i) = j$ implies $\pi(j) = > i$, for all $i,j \in \{1,...,m \}$.

(b) Determine the number of involutory keys in the

Permutation Cipherfor $m = 2,3,4,5, $ and 6.

I've prove ...

- Authentication-:

I understand that authentication is basically digital signature. But what I don't understand is how it has been explained here specially the RSA key part. It is leading me to huge confusions.

In RSA encrpytion, we use public key(of whose sender or receiver?) for encrpytion and private key(of whom?) for decryption.

They say hash is encrypted using RSA. But why are we using PRIVAT ...

I think of a situation that attacker can steal data from AES encrypted table without knowing the key. I tried to search on internet but found nothing about this(may be I were not using the correct keyword), really appreciate if any one can shed some light on it.

Assuming that the table is encrypted with same key but different IV:

- Attacker signs up for a new account in an application normally.
- Application ...

I also have the python version of this problem here:

```
import json
import sys, os, itertools
sys.path.append(os.path.abspath(os.path.join('..')))
from playcrypt.tools import *
from playcrypt.new_tools import *
from playcrypt.primitives import *
from playcrypt.games.game_bind import GameBIND
from playcrypt.simulator.bind_sim import BINDSim
from playcrypt.games.game_hide impor ...
```

https://dl.acm.org/doi/10.1145/2905055.2905118

Quoting the above paper's abstract, "Biometric cryptosystem can apply fuzzy vault, fuzzy commitment, helper data and secure sketch, whereas, cancelable biometrics uses distorting transforms, Bio-Hashing, and Bio-Encoding techniques."

It differentiates between a fuzzy vault and a fuzzy commitment scheme. How are the two different? Where does fuzzy ext ...

Classic disclaimer: there may be a better place to ask this question, if so comment and I will be happy to move it.

An example I'm looking for is related to recent scrutiny over energy consumption of bitcoin, such as here although there is no math in this example.

An example similar in nature is the math behind the question, "how long would it take to crack 128 AES"? -- Example 1 -- Example 2- from this ...

I would like to build secure notes via javascript and webcrypto.

I have found the possibilities to generate strong key via `PBKDF2`

and encrypt data via `AES`

.

Here is a sample how to generate key via PBKDF2 in webcrypto, where is required salt:

```
function getKey(keyMaterial, salt) {
return window.crypto.subtle.deriveKey(
{
"name": "PBKDF2",
salt: salt,
"iterations": 10 ...
```

We are developing an open-source peer-to-peer app, Mapeo, designed for users with low technical experience (and no email or phone) to collect data in offline environments. We are generating their identity on the device for each project as a public-private keypair using libsodium `crypto_sign_keypair`

.

To support identity recovery in the case of device loss or switching to a new device, we want to use ...

### The scenario

Using AES 256 with CBC mode. (Authentication is done separately. Ignored here.)

### The goal (explained more later)

To avoid sending an unencrypted IV.

But since this is being done using .NET whose function forces us to use an IV, we can't just prepend 16 random bytes and then toss away the first 16 bytes after decryption.

### The plan

Prepend 16 random bytes ("**IV1**"), and besides that use 16 b ...

Say that 1 cipher and another are known to hold some form of correlation. Would it be possible to teach an AI one language through the training of a model and allow it to make make predictions on another?

If so, how? Has this been done before?

How feasible would it be to migrate from AES-128 to AES-256?

I'm currently working on an hardware implementation (with verilog) of PRESENT-80 for research purposes. Due to our goal to strengthen the security of PRESENT-80 with Masking and Error Detection I need to understand how the S-Box is designed.

In PRESENT: An Ultra-Lightweight Block Cipher the 4x4 S-Box is simply stated as a lookup table:

x | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

S[x] | C | 5 | 6 | B | 9 | 0 | A |

I am trying to implement a cramer-shoup cryptosystem but I don't understand how to work with the plaintext I want to encrypt.

From what I understand, the plaintext needs to be converted to an element of the cyclic group G, which was generated with the key. I've checked multiple resources, from the wiki to several papers, and none of them seem to take the time to explain how to convert a plaintext ...

the following equation is used to prove the Shannon's theorem by showing the existence of two messages $m_0, m_1$ if $|K| < |M|$ but I'm unable to visualize/understand the probabilities. **Especially the $Pr$ over $K$ thing** doesn't get into my head. Anyone able to explain it?

- $\mathcal{K}$ is the keyspace
- $\text{Pr}$ means probability
- $m_0$ and $m_1$ are messages from the message space $M$
- $c$ i ...

When encrypting data, I want to verify that the correct key was entered without hashing it. Is it safe to decrypt the ciphertext and compare the hash of it with the stored one or can the plaintext (which could be very long) be read from the hash?

I AM an amateur (for some reason, I have originaly written "I am not"... embarassing, sorry) in cryptography so this might be a very basic question.

I am interested to know if there exist ciphers such that if I encrypt a message with it and then lose first say 300 bits then I can't recover any information from the message even if I have the decryption key?

My problem is basically that I don't have a ...

Alice encrypts file using her public key and upload it to decentralised file store (some service). Bob buys access to the file. Is it possible to share decrypted file with Bob without having Alice's key? Decentralised file store doesn't store any private keys, but it knows that Bob has access to the file (e. g. from smart contract).

Look I know AES256 is ridiculously secure but to keep aes secure even after quantum computers, I have a concern.

Using the Grovers theorem aes can be reduced from 256 to 128 bits for brute force attack which is also pretty strong but I don't want to be limited to it

Is it (atleast in theory) possible to implement aes512, aes1024, etc...

I mean what's stopping us like for 128bit aes we use 10 rounds of ...

I am searching for a simle model that can simulate the following procedure.

Suppose that $i$ and $j$ are two agents that each one obtains her state dependets signal $s_i(\omega)$ and $s_j(\omega)$. After observing their own signals with probability $1$, they do not know anything about the signal that the other agent has, but they do know the common prior $\pi$ about the signals, s.t. $\pi:\Omega\to \D ...

I'm building a project that is remotely controlled using LoRa and I want to ensure, that nobody can imitate my transmitter and send packets to my receiver. Just encrypting sent data is not enough since someone can receive for example packet that opens the door and sent the same one from his transmitter. How do I make it so only I can send authorized packets? Another problem is that it's really likely th ...

I would like to know about encryption schemes that are based in Fractal theory, while they have decent security and are pretty fast.

I am trying to choose a mode of operation for encryption which does has the lowest malleability and is specifically not vulnerable to a bit flip attack. My understanding is that PCBC is the only mode which makes the rest unreadable, therefore is the best option?

I do not want to apply any message authentication at this stage.

Thanks!

I have an hybrid encryption (RSA, AES) for a file sharing project I am working on, where I use a single public key for encryption on the sender side and corresponding private key for decryption on the recipient side. I would like for a sender to be able to send files to multiple users each having only their own unique key pair (public keys would be distributed).

I know this is possible using **GPG**

Why LFSR stream code is not suitable for encryption? Is there a special attack for LFSR?

I read a paper titled "On the entropy of LEGO", which explains how to calculate the number of ways to combine $n$ $b\times w$ LEGO blocks of the same color. For example, six $2\times4$ bricks have $915103765$ ways to combine. I wonder if could we construct a funny cipher algorithm using LEGO bricks.

Some definitions and symbols:

A $2\times4$ brick $i$ can be defined as: $b_i:=\left( \begin{array}{cc} s_0 ...

I am trying to better understand how TLS works. I understand in the normal use case you need various random values generated and used in the key exchange, to prevent some MITM reusing a previous transmission to spoof the server or the client.

However, let us assume some degenerate case where there is a single server whose single public key is already known by its clients as well as various adver ...

I just read through the text book definition of Diffie–Hellman key exchange. And from what i understand, the public key that is shared based on the protocol is calculated from:

`g^k mod p`

where g is a generator in the multiplicative group, and p is a large prime and k is the private key.

My question is, are all public/private key generated to have this relationship? Or this way of generating the pu ...

Is a truly p2p ledger possible, where there is no need for a third party (or a number of third parties) to verify ledgers.

Probably a system where the two parties who don't trust each other can verify each others ledger and then perform a transaction. If one of the parties is foul playing then the other party would not proceed with the transaction, cause that will make all his future transactions ...

I received a very weird question from someone. I feel there is no solution, It would be great if you guys share your views.

There are three people Alice, Bob and Sam and they all work for a high-security facility. Alice is the gatekeeper, Bob is a scientist and Sam is their manager.

Sam has issued an entry pass to Bob which is signed. Alice can verify the entry pass by using public-key cryptography ...