# Questions tagged as ['symmetric']

IBM CEO Arvind made a talk in HBO's Axios program. It seems that there are misconceptions/misleading/flaws in reasoning etc.

**What are those!**

Some of the details of the speech is given as;

IBM says its new Eagle processor can handle 127 qubits, a measure of quantum computing power. In topping 100 qubits, IBM says it has reached a milestone that allows quantum to surpass the power of a traditional comp ...

I've been reading about perfect secrecy in crypto systems and I've ran across two definitions which turn out to be equivalent.

The first is Shannon secrecy:

A crypto system $(\cal K, \cal M$, $\text{Gen, Enc, Dec})$ is said to have Shannon secrecy if for all distributions $\cal D$ over $\cal M$ and for all $m\in\cal M, c\in \cal C$ $Pr_K[M=m| C=c]=Pr_K[M=m]$

where $K,M,C$ are random variables whose dist ...

From what I've read so far, nonces are random one-time values, which are sent in plaintext in addition to the ciphertext to verify identity of sender/receiver. Theoretically, if the nonce is random, an attacker E can intercept Alice's message which was designated to Bob, and impersonate as Bob by generating a random nonce, without ever communicating with Bob.

So if the request-response protocol i ...

I am trying to solve a problem that reads as follows:

Let $E_1 = (\text{Gen}_1, \text{Enc}_1, \text{Dec}_1)$ be a crypto system that has perfect secrecy. Denote the message space $\mathbb M_1$, the key space $\mathbb K_1$ and the cyphertext space $\mathbb C_1$ ($\mathbb M_1=\mathbb C_1 = \mathbb T, \mathbb K_1 = \mathbb K$). Let $E_2 = (\text{Gen}_2, \text{Enc}_2, \text{Dec}_2)$ be a crypto system ...

I would like to know about encryption schemes that are based in Fractal theory, while they have decent security and are pretty fast.

To my understanding, the DHKE algorithm is symmetric since it only produces a shared secret, rather than public and private keys, however googling "is diffie hellman asymmetric?" results in the following:

Based on public key cryptography, the D-H algorithm is a method for securely exchanging a shared key between two parties over an untrusted network. It is an asymmetric cipher used by several protocols ...

In the cryptography course, the professor said that:

these days for symmetric key encryption, instead of sending out the key, Alice sends the seed to Bob, and then based on that Bob can get the key.

I didn't actually understand the role of the seed, besides, if Bob can generate the key based on the seed so Eve can do the same, right?

Suppose we have a block cipher $$E:\{0,1\}^k \text{ x } \{0,1\}^{2k} \rightarrow \{0,1\}^{2n} \quad \text{ with } \quad k,n\geq128$$ K is the key generation algorithm that returns a random k-bit key. Let SE = (K,Enc,Dec) be the symmetric encryption scheme with encryption and decryption algorithms as described below in the code. The message input to Enc is an n-bit string, and the ciphertext input ...

Consider that an online shop subscribes an embedded external service for their customers. This external webpage is accessible through a clickable banner on the online shop.

On the subscription area of this external service, the registration form asks about the base url domains where the banner will be published:

```
companya.com
companyb.org
companyc.net
```

The purpose is to create a query string dynamically f ...

I am thinking about CPA-security for symmetric encryption.

So $A$ gets access to an encryption oracle, and it can keep asking queries (training phase). In this training phase, he asks $m_i$ and receives back $y_i$. He can also check if he can find a key which decrypts to the same message he encrypted, just check if $\Pi.\mathsf{Dec}(k, y_i) = m_i$ for some $k$ that $A$ guesses. He can also do the sam ...

In developing an app I have a simple use case in where I want to encrypt/cipher a string (it could also be a couple of bytes because it's essentially just an IP-Address). On the output I think it would be best to have a hex-string (thinking of the old md5-hashes). No one who hasn't the private key shouldn't be able to decrypt/decipher the IP-Address.

The flow is as follows: I have a string (IP-Ad ...

## Fernet symmetric-key encryption

To encrypt and provide data — e.g. JSON strings in a database — using Python I'm wondering what is a good approach (package) for symmetric-key encryption.

The Python standard modules are only about hashes and secure random numbers: https://docs.python.org/3/library/crypto.html, so I started with https://github.com/pyca/cryptography as https://github.com/pycrypto/pycry ...

Actually, I am working on a project to combine symmetric and asymmetric cryptographic algorithms.

The shared secret key for AES will be generated through the Elliptic Curve Diffie Hellman Key Exchange (ECDH) Method. I have one question that ECDH will generate a shared secret key of 256 bit or more length key. For AES-128 I need a secret key of 128 bit but ECDH is not generating the 128-bit key.

So h ...

Why is there so little response (e.g. implementation in crypto libraries, programs...) after the end of the CAESAR competition? As far as I can see, there is no shift from AES-GCM to any of the CAESAR algorithms. The response to the Password Hashing Competition, for example, was greater, at least in my perception. Is there a reason for that?

I am always hearing the term "mainstream cryptography", I am looking forward to more clarification on this concept.

What I the mainstream cryptography?

Is its definition subjective?

Is symmetric cryptography within the mainstream cryptography?

Are there good cryptography out of the mainstream? (Aside: If so, how can we judge snake-oil cryptography being out of the mainstream?)

Suppose that $F:K\times X\rightarrow X$ is a function. If $k\in K$, then let $F_{k}:X\rightarrow X$ be the mapping defined by letting $F_{k}(x)=F(k,x)$ for each $x\in X$. Then we shall call $F$ a block cipher round function if $F_{k}$ is a bijection for each $k\in K$.

The group $\text{Aut}(F)$ is the collection of all pairs $(\phi,\psi)$ such that $\phi\in\text{Sym}(K)$, $\psi\in\text{Sym}(X)$, and

The key size for AES is chosen as 256 because that's considered the minimum keysize which can protect against a brute force attack - i.e. $2^{256}$ tries.

However, in practice, for a lot of applications, a user chosen password is used to derive the 256 size key using a KDF. Let's say the application mandates a 8 character password - that's a 64 bit password - so the brute force reduces to $2^{64}$

**Context:** an encryption game from overthewire (the link to it: https://overthewire.org/wargames/krypton/krypton6.html, also good for more info) where given the ciphertext, one must obtain the plaintext.

On this level, we have access to a binary that encrypts any file by stream cipher, using a key from a file we do not have access (keyfile.dat) and a random number. We also have a hint: 8 bit LFSR.

My qu ...

Is the following cryptosystem possible:

There is an encryption function:

encrypt (k1, k2, T1, T2) = M, where

T1, T2 - two plain texts, with the same number of characters, k1, k2 - encryption keys of the same length, M - cipher text, the length of which is equal to the length of the input text. The length of the key is generally much less than the length of the input text

and accordingly the decryption fun ...

I have devices which need to communicate with a server over a mutually authenticated and encrypted channel. Authenticating the server is relatively easy, since I can embed the CA certificate in the device firmware and check the signature of the server's certificate. The problem is to authenticate the device to the server.

Normally I could sign the device's certificate as well, but there is no tru ...

We are currently designing a simple Challenge-Response Authentication Mechanism (CRAM) protocol based on symmetric cryptography that would be used on the constrained embedded devices that would operate in a closed short-range network.

Mutual authentication is desired. The security capabilities offered by the devices are for now unknown. Hence, we are focusing primarily on only using the AES proto ...

I read about an encryption cipher that needs the changing of the "main" key for the encryption of each plaintext. Sometimes this change depends on the plaintext and is done automatically.

Question: Is it practical to build a symmetric encryption cipher that needs the changing of the "main" key for each plaintext?

[Edit] Some ciphers take some aspects of the plaintext and include it into the key, tha ...

Suppose that $F:K\times X\rightarrow X$ is a function such that for each $k\in K$, the mapping $F_{k}:X\rightarrow X$ defined by letting $F_{k}(x)=F(k,x)$ is a bijection. Suppose that $F$ is the round function for some cryptographic function such as a block cipher or cryptographic hash function. Let $V_{X}$ be the complex vector space consisting of all tuples $(\alpha_{x})_{x\in X}$ such that $\sum_{x\ ...

In the picture below, for the text underlined in red color: 7X(MOD 11) = 72(MOD 11) =49(MOD 11)

My questions are:

(1) obviously there is no equal relationship between 72(MOD 11) and 49 (MOD 11), and where does 49 come from?

(2) X and Y are picked up randomly, are 7 and 7 in 7X and 11 in MOD 11 also picked up randomly, or is it some algorithm？ there is no any explanation in the textbook I have

(3) in the ...

I have a device that needs to communicate with another host and exchange fixed-length messages. All traffic should be encrypted and authenticated, and it should be resistant to replay attacks. Unfortunately relying on TLS is not an option, so I need to implement some custom protocol. I have control of both devices so I can securely generate and distribute a shared key $k$.

I thought to use AEAD with ...

In an answer of here someone mentions:

if you have a hash-function-with-oracle-powers, then it is rather easy to generate a pseudo random stream from a secret key, by hashing K||n where K is the secret key and n is a counter. By XORing this key-dependent pseudo-random stream with the data to encrypt, you have a stream cipher.

In the same post there is also this part regarding using cryptographic has ...

Let $K,X$ be sets and let $F:K\times X\rightarrow X$ be a function. For each $k\in K$, let $f_{k}:X\rightarrow X$ be the function where $f_{k}(x)=F(k,x)$ whenever $k\in K,x\in X$. Assume that each $f_{k}$ is a bijection.

Suppose that $F$ is the round function for some cryptographic function such as AES-128 or some cryptographic function.

If $F$ is a cryptographic function, then I do not expect for

is $F_{k_{1}}(m)||F_{k_{2}}(F_{k_{1}}(m))$ always a PRF? when F is a PRF

As an intuition it seems to me that the answer is "NO" as the two halves of the output depends on each other