/r/crypto

Cryptography is the art of creating mathematical assurances for who can do what with data, including but not limited to encryption of messages such that only the key-holder can read it. Cryptography lives at an intersection of math and computer science.

This is a technical subreddit covering the theory and practice of modern and *strong* cryptography.

... is the art of creating mathematical / information theoretic assurances for who can do what with data, including but not limited to the classical example of encrypting messages so that only the key-holder can read it. Cryptography lives at an intersection of math and computer science.

This subreddit is intended for links and discussions surrounding the theory and practice of modern and *strong* cryptography.

**Please note that this subreddit is technical, not political!** The focus is on the algorithms and the security of the implementations.

Because this subreddit currently is in restricted mode, you will NOT be able to post or comment before your account has been approved. Send us a reason for why you want to join via mod mail, click here and tell us why you want to discuss cryptography;

https://www.reddit.com/message/compose/?to=/r/crypto

(along with normal reddiquette)

Don't forget to read our **RULES PAGE**! The rules listed there are also used as this sub's report reasons. The quick version;

- Assume good faith and be kind. This is a friendly subreddit.
- Codes, simple ciphers, ARGs, and other such "weak crypto" don't belong here. (Rule of thumb: If a desktop computer can break a code in less than an hour, it's not strong crypto.) You're probably looking for /r/codes.
- Do not ask people to break your cryptosystem without first sharing the algorithm. Sharing just the output is like...
- "Crack this cipher" challenges also belong in /r/codes
*unless*they're based on interesting crypto implementation bugs, e.g. weak RSA keys. - Familiarize yourself with the following before posting a question about a novel cryptosystem, or else the risk is nobody will take their time to answer:

Internal:

- Our wiki pages
- Threads on starting in crypto one & two
- Thread of crypto links - older thread
- Our monthly cryptography wishlist threads!
- Our hiring threads

External:

- Cryptology ePrint archive
- Discussion site for ePrint papers
- Libera Chat's IRC:s #crypto - (IRC protocol URL)
- Metzdowd cryptography mailing list
- Randombit cryptography mailing list
- StackExchange cryptography community

**Other subreddits that may be of interest:**

Theory:

Practical:

- /r/netsec - Network Security
- /r/RNG - Randomness generation
- /r/compsec - Local computer security
- /r/websec - Security in the browser
- /r/security - General security subreddit
- /r/privacy - General privacy subreddit
- /r/compsci & /r/ComputerScience - Development and application of algorithms

Educational, hobbyist:

- /r/codes & /r/breakmycode - For cracking basic codes
- /r/gpgpractice - Learn to use GPG here
- /r/primitiveplayground - test your homebrew ciphers here
- /r/stanfordcrypto

Political and in the news:

- /r/privacypatriots/
- /r/NSAleaks - Snowden documents and more
- /r/restorethefourth

Software:

- /r/gpg (fairly empty)
- /r/bitcoin, /r/cryptocurrency - crypto applied to money

Related:

- /r/cryptography
- /r/encryption
- /r/weboftrust (fairly empty)
- /r/capabilities - A type of security model
- /r/Intelligence - Espionage

Memes and low effort submissions:

Feel free to message the moderators with suggestions for how to improve this subreddit, as well as for requesting adding links in the sidebar.

/r/crypto

5

Hello everyone! I decided to write a blog article continuing my discussion how you can write modular arithmetic programs safely. In this new blog article I discuss the following:

Outline

- Modular Arithmetic
- Modular Multiplication
- Modular Multiplicative Inverse (Its Modular Division)
- Greatest Common Divisor Algorithm
- Extended Euclidean Algorithm
- Optimized Binary Extended Euclidean Algorithm
- Constant Time Binary Extended Euclidean Algorithm

- Modular Exponentiation
- Optimized Binary Modular Exponentiation
- Square-and-Multiply Algorithm

- Primality Test Using Miller-Rabin and Trial Division
- Modular Inversion for Prime Moduli

Please let me know if you find anything missing or wrong in the article. Thanks!

12 Comments

2024/06/25

00:18 UTC

00:18 UTC

4

Welcome to /r/crypto's weekly community thread!

This thread is a place where people can freely discuss broader topics (but NO cryptocurrency spam, see the sidebar), perhaps even share some memes (but please keep the worst offenses contained to /r/shittycrypto), engage with the community, discuss meta topics regarding the subreddit itself (such as discussing the customs and subreddit rules, etc), etc.

Keep in mind that the standard reddiquette rules still apply, i.e. be friendly and constructive!

So, what's on your mind? Comment below!

3 Comments

2024/06/24

10:00 UTC

10:00 UTC

7

This finding is not new, it was reported on Reini Urban's SMHasher fork, in a commit nobody probably have read. I've found a test construction (I'm the author) where a lot of hash functions fail when seeded. The failure seems minor, but it's unclear if it can be expanded into larger attacks on hashes. In any case, a fail in such a massive number of hash functions makes me think some things are not well understood on a known theoretic level. Of course, more recent hash functions are tested against this flaw, but it does not mean general understanding improved.

https://github.com/rurban/smhasher/commit/9ca488454eda4dae9ac795147696135e5cdf7dbe

The failing functions are:

```
sdbm, City32, sha1ni_32. mx3, mirhashstrict, wyhash, wyhash32low,
MUM, xxh3, xxh128, xxh128low, Crap8, JenkinsOOAT, asconhashv12*, farsh* (all),
jodyhash32, k-hash32, lookup3, mirhash* (all), nmhash32, sha1ni*, t1ha1_64*
```

11 Comments

2024/06/23

12:15 UTC

12:15 UTC

10

Hello,

I have lately been looking into a way to have decentralized communities or domain spaces using public key cryptography (digital signatures to be exact) like Schnorr.

In this method, anyone can make a decentralized community, like in nostr, and assign that to a domain space or use the fingerprint (although collisions are a concern).

Here is the basis of it, not much work has been done: Slinky-RFC

Apologies for poor quality but I think a lot of interesting stuff can be done especially when combined with a block lattice (which requires send and receive).

6 Comments

2024/06/19

17:29 UTC

17:29 UTC

5

So what are people looking into. Dilithium and Falcon are both interesting but key size is still quite large. Are there any better alternatives besides one-time keys like lamport, WOTS+?

7 Comments

2024/06/19

17:23 UTC

17:23 UTC

7

This is another installment in a series of monthly recurring cryptography wishlist threads.

The purpose is to let people freely discuss what future developments they like to see in fields related to cryptography, including things like algorithms, cryptanalysis, software and hardware implementations, usable UX, protocols and more.

So start posting what you'd like to see below!

0 Comments

2024/06/18

10:00 UTC

10:00 UTC

5

Welcome to /r/crypto's weekly community thread!

This thread is a place where people can freely discuss broader topics (but NO cryptocurrency spam, see the sidebar), perhaps even share some memes (but please keep the worst offenses contained to /r/shittycrypto), engage with the community, discuss meta topics regarding the subreddit itself (such as discussing the customs and subreddit rules, etc), etc.

Keep in mind that the standard reddiquette rules still apply, i.e. be friendly and constructive!

So, what's on your mind? Comment below!

0 Comments

2024/06/17

10:00 UTC

10:00 UTC

3

It's not a new project, and I consider it myself complete. However, I'm still looking for validation of my "security" tests. The challenge is not hard - try to reverse/find initial state of the system **after** 5 (or maybe 6) initial calls to prvhash_core64, and from any number of further XORed adjacent outputs. The project is here: https://github.com/avaneev/prvhash, but I'll copy&paste the C function here, so you do not have to read and wander much. It does look simple, but it's not a "low-effort" kind of thing, I do really can't reverse it with SAT solving, and due to its complex feedback nature I have little idea how to build a reverse formula. Seed,Hash are seed variables, can be initialized to any values (lcg is best kept zero) - so any solution is good here, if you can find breakable initial numbers, that's good too. Note that without XORing SAT solving is very fast, it's a vital part.

`static uint64_t prvhash_core64( uint64_t* const Seed0, uint64_t* const lcg0, uint64_t* const Hash0 )`

`{ uint64_t Seed = *Seed0; uint64_t lcg = *lcg0; uint64_t Hash = *Hash0;`

```
Seed *= lcg * 2 + 1;
const uint64_t rs = Seed >> 32 | Seed << 32;
Hash += rs + 0xAAAAAAAAAAAAAAAA;
lcg += Seed + 0x5555555555555555;
Seed ^= Hash;
const uint64_t out = lcg ^ rs;
*Seed0 = Seed; *lcg0 = lcg; *Hash0 = Hash;
return( out );
```

`}`

So, the basic PRNG with some, currently not formally-proven, security is as follows (XOR two adjacent outputs to produce a single "compressed" PRNG output):

```
v = prvhash_core64( &Seed, &lcg, &Hash );
v ^= prvhash_core64( &Seed, &lcg, &Hash );
```

6 Comments

2024/06/16

08:25 UTC

08:25 UTC

10

I'm currently studying FHE and I'm also really interested in algorithm optimizations. I'm willing on researching about FHE acceleration for my Master's thesis, so I want to know from you: what hardware would you prefer using for accelerating FHE schemes such as CKKS? It needs to be energy efficient and fast.

2 Comments

2024/06/14

01:14 UTC

01:14 UTC

3

someone please enlighten me about pki subtleties.

my idea is to use the pki for signing documents that can be verified later. the goal would be to ease the task of the verifier, not using some arcane formats, but something you can check with standard tools.

what i don't get is that certs expire. will the signature be meaningful after many years? assuming many items on the cert chain are now expired or revoked. the question is: was it valid at the time.

also, are there any tools to easily verify a document? something i can trust an average IT guy can do. it appears to me that openssl can do it in some steps, which is kinda acceptable.

is this even a good idea?

12 Comments

2024/06/13

11:47 UTC

11:47 UTC

10

I'm interested in learning about cryptography and I found a great course on coursera called Cryptography I by Dan Boneh. From what I have found online, this course is a part 1 of 2. Any links provided that are supposed to take me to Cryptography II by Dan Boneh, lead me to a course not found page. Searching for it on the website does not show it.

Does anyone know where I can find this course?

10 Comments

2024/06/13

09:21 UTC

09:21 UTC

0

Hello, want to share the FAQ and Forum info for the encryption application Spot-On at Reddit with you, if you may like to join too:

https://www.reddit.com/r/Spot_On_Encryption/

Spot-On is an open-source Encrpytion Suite for secure Chat & E-Mail, File Transfer and also Websearch in a F2F distributed URL-Database.

Means: Spot-On is a Messaging and File-Transfer Application. With RSS you can import, read, search and distribute your feeds f2f to your friends over encrypted connections.

Enhanced encryption processes have been invented and improved for implementation in Spot-On: such as McEliece-Messaging (Linux), Cryptographic Calling, Zero-Knowledge-Proofs, AutoCrypt via REPLEO and EPKS, Fiasco Forwarding, POPTASTIC-Messaging over E-Mail-Servers, Chipher-Text conversion tools like Rosetta Crypto Pad, Socialist-Millionaire-Security and many more.

Spot-On utilized the Echo-Protocol for the network, it provids end-to-end encryption (and therefore utilizes not a web-of-trust, which is only point-to-point encryption). Spot-On is in the groupchat and for servers compatible with Smoke Crypto Chat Messenger from F-Droid.org

0 Comments

2024/06/12

09:44 UTC

09:44 UTC

0

Hello everyone!

If you are interested in learning how to program modular arithmetic useful for cryptography I have started a series of blog posts starting with this one here.

In it I discuss the following topics:

Introduction to Programming Modular Arithmetic for Cryptography (Part 1)

- Why I Chose C++ as The Programming Language for Language Exercises
- How to Compile Sample Programs in the C++23 Standard
- Definition of Modulus Operation: What Is It?
- Integer Safe Program of Modulus Operation Without Risk of Integer Overflow/Underflow
- Modular Arithmetic
- Why Are We Learning To Code This?
- Integer Safe Modular Addition
- Integer Safe Modular Subtraction

My blog post comes complete with exercises and solutions for you to test your understanding. Please let me know if you believe anything is missing in the blog or is factually wrong. Thanks!

0 Comments

2024/06/10

18:47 UTC

18:47 UTC

9

The vast majority of Cryptographic libraries are still written in C--a language infamous for being unsafe. Why is it that we are still using this language that is known to be difficult to write secure programs in when there are other options that are less vulnerable?

9 Comments

2024/06/10

18:41 UTC

18:41 UTC

3

Welcome to /r/crypto's weekly community thread!

This thread is a place where people can freely discuss broader topics (but NO cryptocurrency spam, see the sidebar), perhaps even share some memes (but please keep the worst offenses contained to /r/shittycrypto), engage with the community, discuss meta topics regarding the subreddit itself (such as discussing the customs and subreddit rules, etc), etc.

Keep in mind that the standard reddiquette rules still apply, i.e. be friendly and constructive!

So, what's on your mind? Comment below!

0 Comments

2024/06/10

10:00 UTC

10:00 UTC

5

Hi! I want to become a cryptographer but I do not know where to start. I already know python, does someone have recommendations of websites or books to start my journey in cryptography?

2 Comments

2024/06/09

07:40 UTC

07:40 UTC