Top new questions this week:
|
|
Given a RSA modulus $n$, which is the product of two safe primes: \begin{align*} P &= 2p + 1 \quad\quad\quad Q = 2q + 1 \\ n &= P \cdot Q = 4p q + 2 p + 2 q + 1 \end{align*} The …
|
|
Suppose you have two files encrypted with AES-256. One of the two files is 5MB, the other one is over 1GB. Their passwords are reasonably strong: >12 characters, letters, numbers, upper and lower …
|
|
I’m deriving a shared secret using ECDH with Ed25519 keys. According to the specification (page 5), the shared secret then can be any valid Curve25519 public key, i.e. any valid 32 bytes. My …
|
|
Let $a_n$, and $b_n$ two sequences generated by two LFSR with connection polynomials $P$, and $Q$. How to show the sequence $(a_n \cdot b_n)$ can be generated by a LFSR wit connection polynomial of …
|
|
As we know, the Schnorr signature enjoys the linearity property, which does not exist in ECDSA. It seems the Schnorr signature is more efficient and can bring more features than ECDSA. What is the …
|
|
Let $(E:y^2=x^3+ax+b) $ on $\mathbb F_q$, with $ q \mod 2=1$. If $\gcd(3,q-1)=1$ and $a=0$, then it’s easy to find the cardinality of the curve $E$ : $|E|=q$. Are there an another conditions on $(q, …
|
|
Recently, I started looking up for details about implementing a blind signature on ed25519 cryptographic. I saw this article stan.bar/blindsig/ by Stanislaw Baranski about it. In the first …
|
Greatest hits from previous weeks:
|
|
AES has several different variants: AES-128 AES-192 AES-256 But why would someone prefer use one over another?
|
|
I’m trying to understand how the AES S-Boxes are calculated. I understand how the multiplicative inverse is calculated over $GF(2^8)$, but I’m confused by the description of the affine transformation. …
|
|
For example, in RSA, we use this for encryption: $ciphertext = (m^e \mod n)$ and for decryption. If our message is “hello world”, then what number do we have to …
|
|
WhatsApp says even the photos shared on its platform are end-to-end encrypted. When WhatsApp says encrypted I assume the data is encrypted in my device and then sent across to the recipient. When we …
|
|
In reference to this question, what are the “stronger security properties” that HMAC provides over MAC. I got that MAC requires an IV whereas HMAC doesn’t. I also understood that MAC may reveal …
|
|
Given $n=pq$ for $p,q$ known, I can calculate $\phi(n)$. $e$ is selected such that $\gcd (e,\phi(n)) = 1$. Using this, how do I calculate the RSA private key? Example: I have $n = 35$, with $(p,…
|
|
Does anyone know how to do a Diffie-Hellman or ECDH key exchange with more than two parties? I know how to do a key exchange between 2 parties, but I need to be able to have a key agreement between 3 …
|
Can you answer these questions?
|
|
Suppose I have some plaintext $M$, and I want to have some process $f$ to make ciphertext $M’:=f(M,s)$, where $s$ is some secret. The ciphertext $M’$ can be decrypted by using some decryption process $…
|
|
In the zero-knowledge cryptography nomenclature, we have multiple representations of arbitrary computation suitable for submission to various proof backends (e.g. Groth16). Two specific examples …
|
|
Suppose Alice has a verifiable (message, signature) pair from Cedric, who would not cooperate and routinely uses an algo (ecdsa, eddsa, rsa, or insert yours here) to sign messages. Alice wants to …
|
