Top new questions this week:
|
|
For encryption, we want identical plain-text’s to encrypt to unique ciphers, also called Semantic Security. For Signatures, the plain-text (i.e. message hash) is not a secret. The plain-text, if you …
|
|
Assume a standard ECC curve in a prime field $\mathbb F_p$ with $p\equiv3\pmod 4$, such as secp256k1; and code turning a bytestring for a compressed ECC public key into an Elliptic Curve point, that …
|
|
I am interested in a polynomial form of the lattice problem Closest Vector Problem (C.V.P), or in other words if C.V.P. can be ”transferred” to Ring-LWE. My idea about this question is that a …
|
|
While reading A Graduate Course in Applied Cryptography by Dan Boneh and Victor Shoup. There was the next exercise (Ex. 4.2 (b)), let $F$ be a secure PRF over $(K,X,Y)$ where $Y := \{0,1\}^n$ and $|X|$…
|
|
As an amateur, my first encounter with commitments has been in the form of an hash of the committed value, then I have learnt about seeding the hash as blinding technique. Going on I have discovered …
|
|
Here’s a modification of the textbook RSA scheme, in an attempt to achieve semantic security. Key generation: chooses public key $pk = (N,e)$ and secret key $sk = d$ as in any RSA-based encryption …
|
|
ECDSA works by computing the hash of a message and then computing the signature for it. ECDSA uses the signature: $$s = k^{-1}(h + rp_{pr})\,\textrm{mod } n,$$ where $n$ is the order of the group, $k$ …
|
Greatest hits from previous weeks:
|
|
In AES we use some padded bytes at end of message to fit 128/256 byte blocks. But as RSA is not a block cipher why is padding used? Can the message size be any byte length (is the encrypting agent …
|
|
Can anyone provide an extended (and well explained) proof of correctness of the RSA Algorithm? And why is it needed? I can’t say that this or this helped me much, I’d like a more detailed and newbie …
|
|
When choosing the public exponent e, it is stressed that $e$ must be coprime to $\phi(n)$, i.e. $\gcd(\phi(n), e) = 1$. I know that a common choice is to have $e = 3$ (which requires a good padding …
|
|
Given $n=pq$ for $p,q$ known, I can calculate $\phi(n)$. $e$ is selected such that $\gcd (e,\phi(n)) = 1$. Using this, how do I calculate the RSA private key? Example: I have $n = 35$, with $(p,…
|
|
Most of the time, when some data must be encrypted, it must also be protected with a MAC, because encryption protects only against passive attackers. There are some nifty encryption modes which …
|
|
I read that A typical stream cipher encrypts plaintext one byte at a time, although a stream cipher may be designed to operate on one bit at a time or on units larger than a byte at a time. (…
|
|
I have general questions regarding rolling codes. Basically there is a sender and a receiver. Both have a sequence generator. The receiver checks if the received sequence matches the newly generated. …
|
Can you answer these questions?
|
|
Let us say that we have 3 entities: an Issuer I , a user/prover P and a verifier V. …
|
|
I want to encrypt a private key $sk$ (it’s actually an RSA private key in PKCS#8 format) with another person’s (and/or my) public key $pk_A$ for secure storage. With JWE, it is possible to use hybrid …
|
|
Suppose the highest level is $L$. There are 2 ciphertexts from 2 different messages under the same secret key but in different level, one is in level $\ell$: $\mathsf{ct}(\pmb{m})\in\mathcal{R}_{Q_{\…
|
