# Questions tagged as ['xor']

XOR, often written ⊕, is one of the basic operations on bits and bit-sequences. It is a building block of many cryptographic primitives (and some higher-level algorithms, like modes of operations).
Score: 4
Is there any result which states that if the output of these two functions is XOR'd, the XOR'd output is pseudorandom

Let $$\mathbb{G}$$ be a group of prime order $$p$$ with generator $$g$$. Suppose that I randomly pick $$r_1,z_1 \leftarrow \mathbb{Z}_p$$ and $$r_2, z_2 \leftarrow \mathbb{Z}_p$$ and $$c \leftarrow \mathbb{G}$$. Let $$\alpha = g^{r_1z_1}g^{c}$$ and $$\beta = g^{r_2z_2}g^c$$. By the semantic security of El-Gamal encryption, both $$\alpha$$ and $$\beta$$ are indistinguishable from random numbers ... Suppose that $$\alpha$$

Score: 0
What happens when we hash already hashed values, concatenated together?

I read on the page 16 of On the Security of Hash Function Combiners that

the classical combiner for collision-resistance simply concatenates the outputs of both hash functions $$Comb_{\mathbin\|}(M) = H_0(M) \mathbin\| H_1(M)$$ in order to ensure collision resistance as long as either of H0, H1 obeys the property.

Consider H, a secure internal hash function with 256-bit inputs and 128-bit outputs

...
Score: 1
How to show the PRF in 4.8(b) is not secure?

Let F be a PRF defined over $$F:\{0, 1\}^n \times \{0, 1\}^n \to Y$$.

1. We say that $$F$$ is XOR-malleable if $$F(k, x \oplus c) = F(k, x) \oplus c$$ for all $$k, x, c \in \{0, 1\}^n$$.

2. We say that $$F$$ is key XOR-malleable if $$F(k \oplus c, x) = F(k, x) \oplus c$$ for all $$k, x, c \in \{0, 1\}^n$$.

Clearly an XOR-malleable PRF cannot be secure: malleability lets an attacker distinguish the PRF from a random fun ...

Score: 0
Is it possible to crack cryptographic method with known input/output?

I've played around with John The Ripper before and it was able to successfully crack some personal passwords via brute force. However, in those scenarios the "unknown variable" was a password - and the known variable was the encryption method.

In the current scenario, things are a bit different. Now I have a scenario where the 2 input keys are known - and an external tool exists that can convert  ...

Score: 3
Fastest order-sensitive operations

For any $$v$$ many $$b$$-bits vectors $$(\mathbf{x}_0, \mathbf{x}_1, \ldots, \mathbf{x}_{v-1}) \in \{\{0, 1\}^b\}^v$$, what's the fastest way to combine $$\mathbf{x}_0, \mathbf{x}_1, \ldots, \mathbf{x}_{v-1}$$ into a single number, such that the operation is order-sensitive?

E.g. say that $$\hat+$$ is some method of combining numbers (not necessarily addition, but we can define it however we want). The goal is to ...

Score: 1
Is XORing a Base64-encoded string secure?

Theoretically, is it secure to first encode a string using Base64 and then XOR it with a random key or are there potential weaknesses that could be exploited?

Obviously this doesn't make any sense in practice, but I was curious whether this would be just as secure as XORing and then Base64ing.

Score: 4
Weakness of XORing random bytes with secret key

Side A generates 16 (high quality) random bytes and performs XOR with a 16-byte secret key, then data transfers to side B, where the same secret key is used to recover the original 16 random bytes.

Is there, by chance, a way to guess the secret key by intercepting the XORed data between sides?