# Questions tagged as ['public-key']

If I understand correctly, the core of man in the middle attack is in being able to replace an exchanged variable (public key) with another.

Hence to detect a MITM one needs to check if the exchanged public key is truly same for both A and B, and to defend against MITM one needs to be able to exchange a variable without it being modified.

I'd imagine it should be possible to detect a change in varia ...

We are developing an open-source peer-to-peer app, Mapeo, designed for users with low technical experience (and no email or phone) to collect data in offline environments. We are generating their identity on the device for each project as a public-private keypair using libsodium `crypto_sign_keypair`

.

To support identity recovery in the case of device loss or switching to a new device, we want to use ...

qTesla is a signature scheme and a submission to the NIST post-quantum standardization process, which made it to the second round. It is based on the hardness of RLWE. The NIST round 2 status report says that it didn't make it to round 3 because:

the performance of the remaining parameter sets of qTESLA is not strong enough to remain competitive. In particular, the public key sizes of q-TESLA-p-I ...

I am trying to implement a cramer-shoup cryptosystem but I don't understand how to work with the plaintext I want to encrypt.

From what I understand, the plaintext needs to be converted to an element of the cyclic group G, which was generated with the key. I've checked multiple resources, from the wiki to several papers, and none of them seem to take the time to explain how to convert a plaintext ...

I am relatively new to cryptography, but I've been programming for a while. Here's a story that sets well the problem I'm trying to solve:

Alice has a digital passport that's signed with her government's private key. Each property is signed separately, and it would still be verifiable that, for example, her first name is "Alice", without saying that her last name is "Smith".

From here, knowing that ...

Why do we not define modes of operation for public-key encryption just like how they are defined for block ciphers?

I AM an amateur (for some reason, I have originaly written "I am not"... embarassing, sorry) in cryptography so this might be a very basic question.

I am interested to know if there exist ciphers such that if I encrypt a message with it and then lose first say 300 bits then I can't recover any information from the message even if I have the decryption key?

My problem is basically that I don't have a ...

IBM CEO Arvind made a talk in HBO's Axios program. It seems that there are misconceptions/misleading/flaws in reasoning etc.

**What are those!**

Some of the details of the speech is given as;

IBM says its new Eagle processor can handle 127 qubits, a measure of quantum computing power. In topping 100 qubits, IBM says it has reached a milestone that allows quantum to surpass the power of a traditional comp ...

In the paper of **" Reaction Attacks against Several Public-Key Cryptosystems"** CiteSeerX link, reaction attack is defined informally as

**"Obtaining information about the private key or plaintext by watching the reaction of someone decrypting a given ciphertext with the private key."**

Is reaction attack explicitly defined in literature? What is the difference between fault attack and reaction attack -as defin ...

Alice encrypts file using her public key and upload it to decentralised file store (some service). Bob buys access to the file. Is it possible to share decrypted file with Bob without having Alice's key? Decentralised file store doesn't store any private keys, but it knows that Bob has access to the file (e. g. from smart contract).

In the SEC#1 elliptic curve cryptography standard, the encoding of the public key involve a leading octet:

- 00h: The public key is the point at infinity.
- 02h, 03h: The public key is the compressed point.
- 04h: The public key contain both x and y coordinates.

What is (or was) the value 01h for? Had there been other values defined for ECC?

I'm building a project that is remotely controlled using LoRa and I want to ensure, that nobody can imitate my transmitter and send packets to my receiver. Just encrypting sent data is not enough since someone can receive for example packet that opens the door and sent the same one from his transmitter. How do I make it so only I can send authorized packets? Another problem is that it's really likely th ...

I found a scheme for white-box RSA. It seems to protect the input and output of modular operations.

I'm curious about how to analyze the security of this solution.

Does anybody know anything about it?

While talking about symmetric encryption schemes like AES we always have a goal of achieving confusion and diffusion. But when it comes to asymmetric encryption schemes like RSA, DH etc. we never talk about diffusion and confusion.

Is it known that modular arithmetic and prime arithmetic ensure confusion and diffusion?

Is there any literature that dives into the information theoretic analysis, in te ...

In Key Policy Attribute-based encryption if we need a targeted broadcast where the set of attributes are the same for a group of users. It means they all share the same secret key right? Or is it that every user needs to have at least 1 attribute value different from all other users.

Example: If I need to encrypt a message to everyone who is a researcher in CS then attribute= researcher dept=CS. ...

To my understanding, the DHKE algorithm is symmetric since it only produces a shared secret, rather than public and private keys, however googling "is diffie hellman asymmetric?" results in the following:

Based on public key cryptography, the D-H algorithm is a method for securely exchanging a shared key between two parties over an untrusted network. It is an asymmetric cipher used by several protocols ...

I have read that Shamir's trick can protect RSA with CRT against fault attacks. However, it is not clear to me why the following equations $$ s_{p}^{*}=m^{d \bmod \varphi(p \cdot t)} \bmod p \cdot t \\ s_{q}^{*}=m^{d \bmod \varphi(q \cdot t)} \bmod q \cdot t $$ imply that: $$ s_{p}^{*} = s_{q}^{*} \bmod t $$

I have an hybrid encryption (RSA, AES) for a file sharing project I am working on, where I use a single public key for encryption on the sender side and corresponding private key for decryption on the recipient side. I would like for a sender to be able to send files to multiple users each having only their own unique key pair (public keys would be distributed).

I know this is possible using **GPG**

So, I kinda get the mathematics behind the ECDSA, but I can't seem to find precise information about private key generation. In other words, do we have to generate private key, each time we generate a signature? Coz, if a public key is known, then through using the discrete logarithm we can get the private key, and thus we have a problem.

I just read through the text book definition of Diffie–Hellman key exchange. And from what i understand, the public key that is shared based on the protocol is calculated from:

`g^k mod p`

where g is a generator in the multiplicative group, and p is a large prime and k is the private key.

My question is, are all public/private key generated to have this relationship? Or this way of generating the pu ...

I received a very weird question from someone. I feel there is no solution, It would be great if you guys share your views.

There are three people Alice, Bob and Sam and they all work for a high-security facility. Alice is the gatekeeper, Bob is a scientist and Sam is their manager.

Sam has issued an entry pass to Bob which is signed. Alice can verify the entry pass by using public-key cryptography ...

In the elliptic curve encryption scheme, there is a cyclic group generated by a base point $G$ on the elliptic curve.

Given a random point on the elliptic curve, is there a way to decide if the random point is in the group or not?

I've been tasked with building a Web Assembly site that implements E2EE. I was thinking of using ElGamal Encryption to encrypt the message and Diffie-Hellman to establish the key. After doing further research, I'm having trouble understanding the practical use cases of using ElGamal vs Diffie-Hellman.

If I'm understanding correctly. Diffie-Hellman and ElGamal both rely on the discrete log problem ...

Is it possible to decompose the public key into its own subgroups?
Suppose we know the order `P`

with which the public key was generated `(Qx, Qy)`

How can the public key `(Qx, Qy)`

be decomposed into subgroups of small orders?

I saw in SageMath it is possible to work with `Elliptic Curves`

```
M = EllipticCurve (GF (p), [0.7])
```

I am just getting familiar with `SageMath`

and am having a hard time working on creating a ...

Actually, I am working on a project to combine symmetric and asymmetric cryptographic algorithms.

The shared secret key for AES will be generated through the Elliptic Curve Diffie Hellman Key Exchange (ECDH) Method. I have one question that ECDH will generate a shared secret key of 256 bit or more length key. For AES-128 I need a secret key of 128 bit but ECDH is not generating the 128-bit key.

So h ...

Are there any good attack models of HMAC? Like how it can be attacked? If there are any possible attacks of HMAC I would be happy to know about it.

I noticed that the PKCS#11 supports `C_GenerateKey`

function for symmetric keys and for asymmetric there's only `C_GenerateKeyPair`

function. So from the definition, this lets us create only both `private-key/public-key pair`

. From my understanding the private key stores public key info (modulus and public exponent), which are needed for public key creation, so it can be fetched every time to generate the publ ...

As far as I can see, generating a private key from two prime numbers `p`

and `q`

, having calculated `n = pq`

, starts with calculating `λ(n) = lcm(p-1, q-1)`

. This is the detailed explanation given in the wikipedia article for RSA, it's also the implementation I've found in most Python cryptography libraries, and, searching through the openssl source code, it's also how they seem to do it, so I'd say this lo ...

In order to provide authenticity of a sent message, we use certificates as fingerprints. But how do I know that the certificate is not stolen by someone? If the certificates are made public, why cant an attacker just take someones public certificate and identify himself as someone else?