Cryptography Stack Exchange
123 FOLLOWERS
Cryptography Stack Exchange is a question-and-answer site for software developers, mathematicians, and others interested in cryptography. Explore questions related to encryption, hash, cryptanalysis, block-cipher, Deffie-hellman algorithm, and more.
Cryptography Stack Exchange
4h ago
Can I calculate below equation?
e(g1^a, g2^(b)) / e(g1^a, g2^(b+c)) / e(g1^a, g2^c) = 1
'/' means divide.
I think it works, but there is no evidence to prove it ..read more
Cryptography Stack Exchange
4h ago
I'm reading the well-known IKNP protocol for OT extension. In section 3.1, they give proofs for malicious Sender and semi-honest Receiver. I'm very confused about the proof for malicious Sender($S^*$). They say:
It is easy to verify that the joint distribution of $(\rho; s^*;Q)$, the values $(y_{j,0}; y_{j,1})$ and all values of $H$ queried by $S^*$ in the ideal process is identical to the corresponding distribution in the real process.
I have no idea why it's identical. So in my opinion, what they do in Simulator is choosing some random $(\rho; s^*;Q)$ and just feeding them to $S^*$. But I ..read more
Cryptography Stack Exchange
4h ago
By a substitution cipher I mean one where each character is replaced by another. By confusion my definition is that to solve the question, find key k such that Ek(m) = c, should be difficult and diffusion is where non-uniformities in the message are distributed by the encryption function to make it more uniform. So is it possible for a substitution cipher to achieve both. I believe it can't achieve diffusion since it treats each character independently but it may be able to achieve confusion (Possibly the mono-alphabetic substitution cipher ..read more
Cryptography Stack Exchange
4h ago
I'm proposing a cryptosystem as defined below:
Private Key: $(R, A, R^{-1})$, where $R = \left(\mathbf{r_1}, \cdots, \mathbf{r_n}\right)$ is full-rank, with $n \geq 4$, even; $A = \left(a_1\mathbf{e_1}, \cdots, a_n\mathbf{e_n} \right)$ and $a_i \neq 0$;
Public Key: $B = RAR^{-1}$;
Plaintext: $P \in \mathbb{F}_p^{n\times n}$ represents an ordered basis over $\mathbb{F}_p^n$;
Ciphertext: $C = PBP^{-1}$;
Decription: $VR^{-1}$, where $V = \left(\mathbf{v_1}, \cdots, \mathbf{v_n}\right)$, where $C\mathbf{v_i} = a_i\mathbf{v_i}$;
Document: $d \in \mathbb{F}_p$;
Signature: $s = \Pi_{i = 1}^{n/2} (x ..read more
Cryptography Stack Exchange
4h ago
Hello im got stuck with this ECC Problem at CTF Crypto chall, so basicly this challenge will generate random ECC Curve & point, with given parameters like p,a,b,and x, first the chall will ask what is the number of y, after that the chall will generate another random Curve and & point and ask what is the number of a, after that the chall will generate random Curve and & point and ask the number of b,after that the chall will generate Curve and & point and ask for a & b, with with given parameters like p,x,y,x1,y1. Is there any chance to solve it? Here's the question source ..read more
Cryptography Stack Exchange
4h ago
I'm currently implementing the "distinguished points" collision finding algorithm on SHA-3 reduced to a lower number of bits. Let's say I'm going to find one collision on SHA-3-256bits reduced to first n=72 bits (meaning the higher 72 bits should be same). I'm choosing the number of bits d=14 for distinguished points, meaning if the lower 14 bits in those 72 bits are all 0, then this will be considered as a distinguished point(DP). My understanding and implementation can be divided by these steps:
Create a number of threads. For each thread, random generate a starting point $x_0$. Create an e ..read more
Cryptography Stack Exchange
4h ago
Is semantic security equivalent to IND-CPA?
If a PKE scheme like ElGamal is semantically secure, can we say it is IND-CPA?
What's the relationship between semantic security and IND-CPA ..read more
Cryptography Stack Exchange
4h ago
Is it reasonable that using public data and private ML model to generate a ZK-proof which shows that I truly train this model? I don't know it can use the same scheme in ezkl. I really need some help ..read more
Cryptography Stack Exchange
4h ago
I am reading the "Handbook of Applied Cryptography" by Menezes et al. (hashed) ElGamal Signature verification in this book talks about verification of $1\leq r\leq p-1$. Subsequently, this book also provides a justification for this verification step. I attach a picture of the verification description and corresponding justification of the check $1\leq r\leq p-1$ which is marked by $(iv)$. I fail to see how this check is stopping an adversary from just following through the steps mentioned under $(iv)$. Can somebody clarify please ..read more
Cryptography Stack Exchange
4h ago
I have noticed a slight change in the standard documentation of FIPS-202 and ISO/IEC 10118-3 documents for algorithm 5:rc(t) as below:
ISO/IEC 10118-3
Algorithm 5: rc(t)
Input: integer t
Output: bit rc(t)
Steps:
a)If t mod 255 = 0, return 1.
c)For i from 1 to t mod 255, let:
b) Let R = 10 000 000.
1) R = 0 || R;
2) R[0] = R[0] ⊕ R[8];
3) R[6] = R[6] ⊕ R[8];
4) R[3] = R[3] ⊕ R[8];
5) R[2] = R[2] ⊕ R[8];
6) R = Trunc8
FIPS-202
Algorithm 5: rc(t)
Input:
integer t.
Output:
bit rc(t).
Steps:
1. If t mod 255 = 0, return 1.
2. Let R = 10000000.
3. For i from 1 to t mod 255, let:
a. R = 0 || R;
b ..read more