Newest Questions
32,011 questions
1
vote
1
answer
43
views
In the Fiat–Shamir transform, is it secure to derive each challenge from the previous one instead of hashing the entire transcript?
Consider a general public-coin interactive proof between a prover and a verifier. Let $x$ denote the public statement to be proved, $\alpha_i$ the message sent by the prover in round $i$, and $\beta_i$...
- 45
1
vote
1
answer
64
views
Black Box vs Non-Black Box
I find it confusing when the papers in MPC say we use the underlying protocol in the black box way or if they say we rely on the protocol in the non-black box manner. How do I myself identify if it is ...
- 759
1
vote
0
answers
26
views
Round Collapsing vs without Round Collapsing
In MPC, I have seen papers stating 2 round MPC without round collapsing. What is the difference between round collapsing compiler and without round collapsing compiler?
- 759
1
vote
0
answers
98
views
Is polynomial the answer?
Lattice, Code, MQ - these types of cryptosystems are essentially polynomial.
Lattice: degree-1, constrain on the solution, (need to have small norms)
Code, MQ: finding polynomial solutions.
...
- 11.3k
4
votes
1
answer
107
views
How many plaintext/ciphertext pairs are needed for key recovery attack on 3DES?
There is challenge/response mechanism using 1 block (64 bits) of data for challenge and 3DES algorithm for computing response (by encrypting challenge data). It is using 168-bit 3DES key.
I am trying ...
- 43
1
vote
0
answers
74
views
Secure Hash Function [closed]
We need to show $H'(x) =H_1(H_2(x))$ need not be a secure CRHF even if one of $H_1$ or $H_2$ is secure. The case when $H_2$ is insecure is clear as the pair of messages $m,m'$ given as output for $H_2$...
- 759
6
votes
2
answers
1k
views
Are most RSA integers unbalanced?
RSA integers are integers of form $N=pq$ where $p$ and $q$ are primes. It appears some of the RSA challenge numbers have unequal number of bits.
Eg: RSA-190 = ...
- 1,179
3
votes
1
answer
165
views
Is the scalar-related lattice problem hard?
The problem is described as follows.
Given a modulus $q$, a random matrix $A\in\mathbb{Z}^{m\times n}_q$, a random vector $\vec{s}\gets\mathbb{Z}^n_q$ and error distribution $\mathcal{X}_\sigma$, for ...
- 540
1
vote
0
answers
50
views
Export command to host blocked with error code 29
I am currently working on a project to migrate keys from a Thales HSM to a Futurex HSM. Given that I have a large number of keys that need to be exported and then imported using the console would be ...
- 11
0
votes
0
answers
49
views
Seeking KDF parameters for Bitpie/imToken 2023 private backup file in {"data":...} JSON format
I have a private wallet backup file from Bitpie/imToken created in June 2023. The new version of the official app no longer supports importing this format.
The file content is a JSON object in this ...
- 1
1
vote
2
answers
114
views
Can each participant do his own encrpytion and decryption with a random order
I use my key A to encrypt some plain text x and I send it(A(x)) to my friend. My friend uses ...
- 113
1
vote
2
answers
207
views
PKCS7 padding theory vs practice
I understand that pkcs7 padding pads the remaining bytes to fulfill the bloc size with bytes of the number of bytes needed. But when written in text format these bytes will output nonprintable ...
2
votes
0
answers
69
views
Twist and Shout
In the paper Twist and Shout, page 22, there is a reduction:
from what I understand, because the following equation holds:
$\mathsf{Val(k,j)} = \sum\limits_{j'<j}\mathsf{Inc}(k,j')\cdot \mathsf{LT}...
- 21
1
vote
1
answer
100
views
Vigenere understanding and clarification between modulo, key length, plaintext length, plaintext alphabet length?
For this context, let's say I am using all of the chars in python's sys.maxunicode which is 1114111.
My plaintext document that I would like to process is 3000 chars and it's in English ASCII so using ...
- 113
4
votes
2
answers
278
views
On the unfoundedness of signing as "inverse" of public-key decryption
In their book "Introduction to Modern Cryptography," Katz and Lindell wrote:
Digital signatures are often mistakenly viewed as the “inverse” of public-key
encryption, with the roles of the ...
- 204