Top new questions this week:
|
|
I hope this is not offtopic. Since NIST has rather recently announced the winners of its PQC competition I was wondering how significant this development is. Does that mean that CRYSTALS-Kyber will …
|
|
I’m troubled by a system of equations presented in the paper “Provably Secure Partially Blind Signatures” Masayuki ABE and Tatsuaki OKAMOTO. In lemma 1 the authors define $t_2=w_j-c_i$ …
|
|
Assuming there is a lattice basis $B=\{b_1,…,b_n\}$, we use $B^*=\{b_1^*,…,b_n^*\}$ to denote the Gram-Schmidt orthogonal basis, where $b_i^*=\pi_i(b_i)$ and $\pi_i(b_i)$ denotes the projection of …
|
|
I’m learning about the padding oracle and had a question about a modified padding oracle. Essentially the only difference is the length of the original message is prepended to the message as a 4 byte …
|
|
What’s the difference between UOWHF and CRHF and why are UOWHF useful? As far as I understand, Universal One-Way Hash Functions are an alternative to CRHF. While for CRHF it is hard, given randomly …
|
|
In “Memory Leakage-Resilient Encryption based on Physically Unclonable Functions” (ASIACRYPT2009), the authors use a construction based on a PUF and a Fuzzy Extractor and argue that this …
|
|
I have seen multiple sources claim that the Merkle-Damgård transform is able to build a collision-resistant Hash-function $H$ for arbitrary-length inputs from a compression function $h : \{0,1\}^n \to …
|
Greatest hits from previous weeks:
|
|
If I am using SHA-512 on a message and need to determine the padding field and length field, how do I determine the length field? I think I understand the padding, but not the length field. For …
|
|
I’m a beginner to cryptography and looking to understand in very simple terms what a cryptographic “salt” is, when I might need to use it, and why I should or should not use it. Can I get a …
|
|
Is there any reference to check the list of encryption & signing algorithms which are compliant to FIPS 140-2. After an exhaustive search I could find only “AES”. Any suggestions would be much …
|
|
Given $n=pq$ for $p,q$ known, I can calculate $\phi(n)$. $e$ is selected such that $\gcd (e,\phi(n)) = 1$. Using this, how do I calculate the RSA private key? Example: I have $n = 35$, with $(p,…
|
|
I’ve seen some posts and info online, but they are from 2009, 2010, 2011 or 2012, which is 3-6 years ago, which is a very long time. So I’m looking for an up-to-date answer about which of these is the …
|
|
Both crypto.SE and security.SE have excellent Q&As about how TLS generates session keys (I have linked some at the bottom). In reading these threads I’m having troubles with terminology since the …
|
|
Until what I have gotten is: A PRG is generator is a part of PRF that produces pseudo-random values for the function. PRF is semantically secure and has no worries of being invertible. Fine, then …
|
Can you answer these questions?
|
|
I’m trying to understand the definition of a partially blind scheme that is described with Game A presented in Abe and Okamoto paper In line 5 is $msg_0$ correct or should it be replaced by $(info_0,…
|
|
When is it generally acceptable, if ever, to generate RSA keys without encrypting the PEM output with another encryption algorithm? I am working on a CI/CD process and want to leverage asymmetric …
|
|
Hi I am trying to calculate the abs or a float number $x$, however, I want to apply this operation when $x$ is under fully homomorphic encryption (typically CKKS …
|
