For context, I have a double degree in physics and computer science and I recently developed a basic secure password generator software made in Java using the SecureRandom class. And this made me very interested in Random Cryptography, RNG Algorithms, their variants and related topics. And I really liked it so much that I want to start studying more about this specific subject to specialize in my academic career, start publishing articles about it and maybe one day become a reference in this.

Reading a few references I found about RNG algorithms, I learned some basic concepts, (for example I saw that, as far as I know, my secure password generator software can be classified as what its called CSPRNG), and I also learned some other variations, such as TRNGs, which has its sources of entropy coming from physical phenomena of chaotic systems (which can be, for example, the movement of fluids in lava lamps like Cloudflare does, or also quantum mechanics based algorithms, or using radio noise, and much more)...

However, in my attempts to research books or materials about this to really study/learn, I noticed that it is very difficult to find books or materials specifically about that. Whenever I tried to search specifically about these things, I either found some superficial results from technology sites speaking superficially about RNGs, or Cryptography books that teachs Cryptography in general, (I mean, not specifically about Random Cryptography or RNGs)...

And, having already made secure password manager software, I know the basics of cryptography and I've already learned a lot more of things along the way, of course, cryptography in its most general form is obviously related to the subject of Random Cryptography and RNGs... But what I'm trying to say is that sometimes it can be very dense to read an entire cryptography book (that teaches cryptography in general) without much relation to Random Cryptography or RNGs, that is what I'm trying to research...

So, I come here humbly to ask:

• First, where to start? (besides doing a password generation software, because I already did)

• What good books/materials are there on Random Cryptography and RNGs Algorithms?

• What scientific papers or authors should I read on the subject?

• What types of tests are standards for metrics in the scientific papers on this subject for RNGs algorithms?

• Is there something else that I should know? Give me tips please.

​

I'm curious about a scenario with AES encryption. Imagine you:

1. Choose a random value, u.
2. Pick a random key, k.
3. Encrypt u with k using AES, resulting in I.
4. Encrypt I again with the same key k, resulting in v.

Now, given u and v, how many keys k exist that satisfy this encryption chain: E_k(u) = I and E_k(E_k(u)) = v?

• Is there necessarily only one such key k?
• Can efficient algorithms (running in polynomial time) easily find these keys?
• Is there any existing research or articles on this specific scenario?

This category is filled with insecure implementations of elliptic curve cryptography. Picking bad curves leads to broken protocols and fun puzzles, but private keys can be extracted from devices even when the curves picked are safe!

One technique to learn private information is through side channel analysis. At a high level, a system performing operations with a secret can leak information about the secret through data such as the time taken, or work done by the circuit.

Timing attacks against ECDSA signing can leak information about the nonce, which together with sophisticated attacks like LadderLeak can be lethal for the protocol. To protect against this, a lot of work has been done to make scalar multiplication of points on an elliptic curve to run in constant time.

A key component of constant time algorithms for scalar multiplication for points on elliptic curves are based on Montgomery's Ladder. In this challenge, the aim is to implement the most basic version of this: Montgomery’s binary algorithm in the group E(Fp).

Montgomery’s binary algorithm in the group E(Fp)

Input: P in E(Fp) and an l-bit integer k = Σ 2i ki where kl-1 = 1

Output: [k]P in E(Fp)

1. Set (R0, R1) to (P, [2]P)

2. for i = l - 2 down to 0 do

3. If ki = 0 then

4.  Set (R0, R1) to (\[2\]R0, R0 + R1)

5. Else:

6.  Set (R0, R1) to (R0 + R1, \[2\]R1)

7. Return R0

At a high level, notice that regardless of the bit of k, we perform both a doubling and an addition operation for each step. Compare this to the double and add algorithm we gave in the starter challenges. There are a couple obvious problems within here still: the number of steps taken leaks the bit length of k and there's an if statement, which could leak data on the bit structure of k due to branching. For the interested learner, we recommend improving your algorithm to match Alg. 8 in this resource: Montgomery curves and their arithmetic.

We will work with the following elliptic curve, and prime:

E: Y^2 = X^3 + 486662X^2 + X, p: 2^255 - 19

Using the above curve, and the generator point with G.x = 9, find the x-coordinate (decimal representation) of point Q = [0x1337c0decafe] G by implementing the above algorithm.

This curve is in Montgomery form, rather than Weierstrass like many of the curves in these challenges. Although this curve can be mapped to Weierstrass form and old doubling and addition formula can be reused, we recommend working directly with the formula for Montgomery curves: By2 = x3 + Ax2 + x. To encourage this, we give the addition and doubling formulas for the curve in affine coordinates. Please see Montgomery curves and the Montgomery ladder for a beautiful and fast set of formula in projective coordinates.

Addition formula for Montgomery Curve (Affine)

Input: P, Q in E(Fp) with P != Q

Output: R = (P + Q) in E(Fp)

α = (y2 - y1) / (x2 - x1 )

x3 = Bα2 - A - x1 - x2

y3 = α(x1 - x3) - y1

Doubling formula for Montgomery Curve (Affine)

Input: P in E(Fp)

Output: R = [2]P in E(Fp)

α = (3x1^2 + 2Ax1 + 1) / (2By1)

x3 = Bα^2 - A - 2x1

y3 = α(x1 - x3) - y1

Note that all operations are performed mod p

Hey

I was solving some Advent of Code problems. In one of the early problems from 2015, MD5 hash was needed to be computed. Out of curiosity I thought I'd implement MD5 algorithm myself using the RFC. I've mainly focused on the algorithm description and the reference implementation of the linked RFC, but I've also looked at other resources (eg Wikipedia, golang md5 implementation, etc). I'm at a point where I feel like I understand the algorithm decently well, but I must be getting some details incorrect, since my output doesn't match with md5sum output. I've tried quite a few things already and it's starting to become hard to discern incorrect changes from the correct ones. So I'm going to share the current state of the code (with some lines commented out indicating some recent changes/things I've tried). There could be multiple things I'm mixing up. For example, in the RFC there is Let the symbol "+" denote addition of words (i.e., modulo-2^32 addition), but I don't see that in the reference implementation (possible skill issue 😅). I would really appreciate some help to understand what I'm missing here.

This is the state of my current code:

#include <stdio.h>

// https://www.rfc-editor.org/rfc/rfc1321

typedef unsigned long int WORD; // 32-message_len_bits, little-endianess, uint4 (i.e. 4xBYTE=WORD)
typedef unsigned char BYTE; // 8-message_len_bits, big-endianess

WORD B2E32 = 0x100000000; // 2^32 == 16^8

BYTE PADDING[64] = {
	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21

/*
long long int power(long long a, int n) {
	long long int res = 1;
	for (;n > 0; a*=a, n>>=1) {
		if (n & 1) {
			res *= a;
		}
	}
	return res;
}
*/

size_t my_strlen(const unsigned char *s) {
	char *s_cpy = (char *)s;
	size_t n = 0;
	for (; (*s++) != '\0'; ++n) {
		;
	}
	return n;
}

void my_memcpy(unsigned char *dest, unsigned char *src, size_t len) {
	for (int i=0; i<len; ++i) {
		dest[i] = src[i];
	}
}

void my_memset(unsigned char *dest, unsigned char c, size_t len) {
	for (int i=0; i<len; ++i) {
		dest[i] = c;
	}
}

// expects: len(out) == 4*iters
// expects: len(in)==iters
void encode(unsigned char *out, WORD *in, int iters) {
	for (int i=0; i<iters; ++i) {
		out[4*i+0] = (unsigned char)((in[i] >> (8*0)) ); // & 0xff);
		out[4*i+1] = (unsigned char)((in[i] >> (8*1)) ); //  & 0xff);
		out[4*i+2] = (unsigned char)((in[i] >> (8*2)) ); //  & 0xff);
		out[4*i+3] = (unsigned char)((in[i] >> (8*3)) ); //  & 0xff);
	}
}

WORD plus(WORD a, WORD b) {
	return ((unsigned long long int)a+(unsigned long long int)b)%B2E32;
	// unsigned long long int c = (unsigned long long int)a+(unsigned long long int)b;
	// return (WORD) c%B2E32;
}

WORD rot_left(WORD a, int s) {
	return (a << s) | (a >> (32-s));
}

WORD aux_f(WORD x, WORD y, WORD z) {
	return ((x) & (y)) | ((~x) & (z));
}

WORD aux_g(WORD x, WORD y, WORD z) {
	return ((x) & (z)) | ((y) & (~z));
}

WORD aux_h(WORD x, WORD y, WORD z) {
	return (x) ^ (y) ^ (z);
}

WORD aux_i(WORD x, WORD y, WORD z) {
	return (y) ^ ((x) | (~z));
}

WORD round_1(WORD a, WORD b, WORD c, WORD d, WORD x_k, WORD t_i, int s) {
	WORD anew = aux_f(b, c, d);
	anew = plus(a, anew);
	anew = plus(anew, x_k);
	anew = plus(anew, t_i);
	anew = rot_left(anew, s);
	anew = plus(b, anew);
	return anew;
	// return b + rot_left(a + aux_f(b, c, d) + x_k + t_i, s);
}

WORD round_2(WORD a, WORD b, WORD c, WORD d, WORD x_k, WORD t_i, int s) {
	WORD anew = aux_g(b, c, d);
	anew = plus(a, anew);
	anew = plus(anew, x_k);
	anew = plus(anew, t_i);
	anew = rot_left(anew, s);
	anew = plus(b, anew);
	return anew;
	// return b + rot_left(a + aux_g(b, c, d) + x_k + t_i, s);
}

WORD round_3(WORD a, WORD b, WORD c, WORD d, WORD x_k, WORD t_i, int s) {
	WORD anew = aux_h(b, c, d);
	anew = plus(a, anew);
	anew = plus(anew, x_k);
	anew = plus(anew, t_i);
	anew = rot_left(anew, s);
	anew = plus(b, anew);
	return anew;
	// return b + rot_left(a + aux_h(b, c, d) + x_k + t_i, s);
}

WORD round_4(WORD a, WORD b, WORD c, WORD d, WORD x_k, WORD t_i, int s) {
	WORD anew = aux_i(b, c, d);
	anew = plus(a, anew);
	anew = plus(anew, x_k);
	anew = plus(anew, t_i);
	anew = rot_left(anew, s);
	anew = plus(b, anew);
	return anew;
	// return b + rot_left(a + aux_i(b, c, d) + x_k + t_i, s);
}

void printer(unsigned char *digest, size_t len) {
	for (int i=0; i<len; ++i) {
		printf("%x", digest[i]);
	}
	putchar('\n');
}

void md5(char *m) {
	unsigned char *message = m;
	size_t message_len = my_strlen((const unsigned char *)message);
	size_t padding_len = message_len%56 == 0 ? 64 : 56-message_len%56;
	unsigned char message_len_bits[8];
	my_memset(message_len_bits, 0, 8);
	WORD bits[2] = { (message_len << 3) & 0x0ffffffff, ((message_len << 3) >> 32) & 0x0ffffffff};
	encode(message_len_bits, bits, 2);

	size_t message_pp_len = message_len+padding_len+8;
	unsigned char message_pp[message_pp_len];

	my_memcpy(message_pp, message, message_len);
	my_memcpy(message_pp+message_len, PADDING, padding_len);
	my_memcpy(message_pp+message_len+padding_len, message_len_bits, 8);

	WORD state[4] = {
		0x67452301,
		0xefcdab89,
		0x98badcfe,
		0x10325476
	};

	for (int i=0; i<message_pp_len/16; ++i) {

		WORD x[16];
		my_memset((unsigned char *)x, 0, 16);
		for (int j=0; j<16; ++j) {
			// WORD x_i = message_pp[i*16+j];
			// x[j] = x_i << (8*0) | x_i << (8*1) | x_i << (8*2) | x_i << (8*3);
			x[j] = message_pp[i*16+j];
		}

		WORD a = state[0];
		WORD b = state[1];
		WORD c = state[2];
		WORD d = state[3];

		a = round_1(a, b, c, d, x[ 0], S11, 0xd76aa478);
		d = round_1(d, a, b, c, x[ 1], S12, 0xe8c7b756);
		c = round_1(c, d, a, b, x[ 2], S13, 0x242070db);
		b = round_1(b, c, d, a, x[ 3], S14, 0xc1bdceee);
		a = round_1(a, b, c, d, x[ 4], S11, 0xf57c0faf);
		d = round_1(d, a, b, c, x[ 5], S12, 0x4787c62a);
		c = round_1(c, d, a, b, x[ 6], S13, 0xa8304613);
		b = round_1(b, c, d, a, x[ 7], S14, 0xfd469501);
		a = round_1(a, b, c, d, x[ 8], S11, 0x698098d8);
		d = round_1(d, a, b, c, x[ 9], S12, 0x8b44f7af);
		c = round_1(c, d, a, b, x[10], S13, 0xffff5bb1);
		b = round_1(b, c, d, a, x[11], S14, 0x895cd7be);
		a = round_1(a, b, c, d, x[12], S11, 0x6b901122);
		d = round_1(d, a, b, c, x[13], S12, 0xfd987193);
		c = round_1(c, d, a, b, x[14], S13, 0xa679438e);
		b = round_1(b, c, d, a, x[15], S14, 0x49b40821);

		a = round_2(a, b, c, d, x[ 1], S21, 0xf61e2562);
		d = round_2(d, a, b, c, x[ 6], S22, 0xc040b340);
		c = round_2(c, d, a, b, x[11], S23, 0x265e5a51);
		b = round_2(b, c, d, a, x[ 0], S24, 0xe9b6c7aa);
		a = round_2(a, b, c, d, x[ 5], S21, 0xd62f105d);
		d = round_2(d, a, b, c, x[10], S22, 0x02441453);
		c = round_2(c, d, a, b, x[15], S23, 0xd8a1e681);
		b = round_2(b, c, d, a, x[ 4], S24, 0xe7d3fbc8);
		a = round_2(a, b, c, d, x[ 9], S21, 0x21e1cde6);
		d = round_2(d, a, b, c, x[14], S22, 0xc33707d6);
		c = round_2(c, d, a, b, x[ 3], S23, 0xf4d50d87);
		b = round_2(b, c, d, a, x[ 8], S24, 0x455a14ed);
		a = round_2(a, b, c, d, x[13], S21, 0xa9e3e905);
		d = round_2(d, a, b, c, x[ 2], S22, 0xfcefa3f8);
		c = round_2(c, d, a, b, x[ 7], S23, 0x676f02d9);
		b = round_2(b, c, d, a, x[12], S24, 0x8d2a4c8a);

		a = round_3(a, b, c, d, x[ 5], S31, 0xfffa3942);
		d = round_3(d, a, b, c, x[ 8], S32, 0x8771f681);
		c = round_3(c, d, a, b, x[11], S33, 0x6d9d6122);
		b = round_3(b, c, d, a, x[14], S34, 0xfde5380c);
		a = round_3(a, b, c, d, x[ 1], S31, 0xa4beea44);
		d = round_3(d, a, b, c, x[ 4], S32, 0x4bdecfa9);
		c = round_3(c, d, a, b, x[ 7], S33, 0xf6bb4b60);
		b = round_3(b, c, d, a, x[10], S34, 0xbebfbc70);
		a = round_3(a, b, c, d, x[13], S31, 0x289b7ec6);
		d = round_3(d, a, b, c, x[ 0], S32, 0xeaa127fa);
		c = round_3(c, d, a, b, x[ 3], S33, 0xd4ef3085);
		b = round_3(b, c, d, a, x[ 6], S34, 0x04881d05);
		a = round_3(a, b, c, d, x[ 9], S31, 0xd9d4d039);
		d = round_3(d, a, b, c, x[12], S32, 0xe6db99e5);
		c = round_3(c, d, a, b, x[15], S33, 0x1fa27cf8);
		b = round_3(b, c, d, a, x[ 2], S34, 0xc4ac5665);

		a = round_4(a, b, c, d, x[ 0], S41, 0xf4292244);
		d = round_4(d, a, b, c, x[ 7], S42, 0x432aff97);
		c = round_4(c, d, a, b, x[14], S43, 0xab9423a7);
		b = round_4(b, c, d, a, x[ 5], S44, 0xfc93a039);
		a = round_4(a, b, c, d, x[12], S41, 0x655b59c3);
		d = round_4(d, a, b, c, x[ 3], S42, 0x8f0ccc92);
		c = round_4(c, d, a, b, x[10], S43, 0xffeff47d);
		b = round_4(b, c, d, a, x[ 1], S44, 0x85845dd1);
		a = round_4(a, b, c, d, x[ 8], S41, 0x6fa87e4f);
		d = round_4(d, a, b, c, x[15], S42, 0xfe2ce6e0);
		c = round_4(c, d, a, b, x[ 6], S43, 0xa3014314);
		b = round_4(b, c, d, a, x[13], S44, 0x4e0811a1);
		a = round_4(a, b, c, d, x[ 4], S41, 0xf7537e82);
		d = round_4(d, a, b, c, x[11], S42, 0xbd3af235);
		c = round_4(c, d, a, b, x[ 2], S43, 0x2ad7d2bb);
		b = round_4(b, c, d, a, x[ 9], S44, 0xeb86d391);

		state[0] += a;
		state[1] += b;
		state[2] += c;
		state[3] += d;
	}
	unsigned char digest[16];
	encode(digest, state, 4);
	printer(digest, 16);
}

int main() {
	md5("abcdef609043"); // expected: 000001dbbfa3a5c83a2d506429c7b00e
}

Hey guys!

This PDF explains that on certain elliptic curves, there exists ZVP (Zero Value Points) that cause zero value registers during the scalar-to-point multiplication (i.e during the double operation or the add operation, one of the intermediate results will be equal to 0).

As stated in the title, I'm looking for a way to solve the polynomial (5x^4 + 2ax^2 - 4bx + a^2 = 0) over the galois field of the curve SECP256R1.
After trying out in numpy, I found the galois library which can facilitate modular arithmetic with polynomials etc... But the problem is that the root finding algorithm implemented in the library is the Chien's method, which can (and in my case is) be very computationally intensive and slow.

Even if I use the factoring methods available to me in the library (square free factorization, distinct degree factorization and Cantor-Zassenhaus algorithm) , they barely facilitate the computation...

I've been searching the internet and reading different papers on the internet to find a better solution but it seems like I can't find one... Do I have to just let my computer do its thing and wait a very long time? Or is there a way (either mathematically or coding wise) that I can take in order to speed up the process?

Anything is useful, thanks a lot for your time!

Below is the code I'm using (Python):

import galois
from tinyec import registry, ec

def turn_monic(f):
    #print(f"Polynomial before:\n  {f}")
    coefs = f.coefficients()
    #print(coefs)
    if coefs[0] != 1:
        #print(coefs/coefs[0]
        inv_coef = pow(int(coefs[0]), -1, int(p))
        f = galois.Poly((coefs*inv_coef), field=GF)
    #print(f"Polynomial after:\n  {f}")
    return f

if __name__ == '__main__':
    curve = registry.get_curve('secp256r1')
    a = curve.a
    b = curve.b
    p = curve.field.p
    n = curve.field.n
    order = int(0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551)
    
    #Initialize Field
    GF = galois.GF(p)

    #Initialize Polynomial B
    B = galois.Poly([5, 0, (2*a)%p, (-4*b)%p, (a**2)%p], field=GF)

    B_coeffs = [5, 0, (2*a)%p, (-4*b)%p, (a**2)%p]

    B_coeffs.reverse()
    
    #I thought about multi-processing/multi-threading for faster calculations but I am a completely noob to this subject... If you have any good ressources feel free to share them! :D
    #multi_thread_8(B_coeffs, p)

    #Turns B into a monic polynomial   
    B = turn_monic(B)
  
    #Factors B using the mentionned methods
    factors = B.factors()
    print(factors)
    
    #Finds the roots for each polynomials/monomials in factors
    for factor in factors[0]:
        roots = factor.roots()
        print(roots)

Hi, I am currently learning about cryptography, I consider myself to be a beginner,

Please check out my Implementation and give me your Thoughts. https://github.com/mmm12344/AES-Implementation

Thank you!

A question about security of AES-256, which uses 128-bit state-space (maybe 133 bits considering key scheduling)... Is 256-bit key length really translatable to security if state-space of isolated blocks is 128-bits? Maybe I've missed some proofs.

What properties must an algorithm have in order to be at least as good as AES ?

Usage grows up to a limit each round? Or a large initial amount is set and used until the end?

I have a use case where I need to be able to make alphanumeric string generators which can generate unique codes that are convertible into small QR codes.

The QR should encode an identifier string and a unique random string associated with the code. When scanned, it should be possible to decipher the identifier and unique random string.

By keeping track of whether an identifier/random string combination has already been deciphered before, it should be possible to check whether the qr code has been scanned for the first time.

However, it should not be possible to generate these codes without a password, and only generators that use this password should be able to generate valid codes which encode the decipherable identifier and random string.

I know very little about cryptography- what process could I go about making such a system? Perhaps the "password" mechanism could be implemented through the form of the random string generated, where fake generators can only make malformed random strings?

In a nutshell, I need to make strings which can only be used once and be associated with an identifier, but that can be verified to have been created from a trusted/verified source.

Hey folks,

I was looking for a work that does formal analysis of PGP's security. Seems like there isn't much resources on this out there. What I found so far were tutorials, books, standards and implementations.
I'm looking for resources that concretely specify the following things:

1. A security model chosen.
2. Properties claimed.
3. Proof of the properties (under some assumptions).

I'd really appreciate if any of you could guide me to resources that do this. If there isn't anything like that for PGP, maybe there is for another protocol with similar functionality?

The first ever paper obtaining polynomial time quantum algorithms for solving the decisional shortest vector problem (GapSVP) and the shortest independent vector problem (SIVP) for all n-dimensional lattices.

Lattices are the base of FHE-based cryptography (stands for Fully Homomorphic Encryption) allowing for performing addition and multiplication on top of encrypted data (without decryption).

The resolved problems were considered being NP problems meaning that if provided with the answer, its correctness can be verified in polynomial time, but the problem from scratch can’t be solved in polynomial time.

p.s. the paper just dropped, the world is waiting for confirmation or refutation from state-of-art lattices expert

https://eprint.iacr.org/2024/555

Was just thinking of this and was wondering what the point is of having a 4-digit pin protecting and encrypted document if the encryption is only as strong as the password. I have seen numerous apps/programs claiming to be AES-256 bit encryption but will only allow you to create a 4 digit pin as the password. In that case one wouldn't need to worry about trying to break the encryption, but instead just brute force the password, correct? Or am I missing something?

let's say i have this encrypted data with key X

xxxxxxxxxxxxxxxxxxxx

and i change my key because i have a new better one Z, and overwrite some parts of the old encrypted disk like this

ZZxxxxZxxxxxxxxZZxxZ

if someone takes those x parts that used another key, can they recover it? i'm guessing they probably can, but does the salt avoid this or something?

i'm using LUKS in case that matters

I don’t quite get it, what exactly is AES? (Advanced encryption standard)

i am a believer of the imperative use need of KDFs, but i don't know at what extent it stops making sense or it starts making it

according to my calculations, if a single guess in my computer takes 12 seconds, it will take 89237191786345198273591872569183289 million iterations of the big bang to guess the password, but my computer is not the best measure anyway

i am not sure how to calculate the guesses per second that a supercomputer may do

for example, age defaults to a -in my opinion- low settings of scrypt, when using the symmetric encryption

note: i assume scrypt when talking about KDF, since it's the only one that has a package in arch linux that uses it as KDF when encrypting. i am also using argon2id with disk encryption with cryptsetup LUKS with the default settings

Hello, I am currently taking an intro to cryptography course and having a hard time with the discrete probability semantics. I am looking to hire a tutor or looking for anyone that can help me understand these concepts. Thank you

Not sure if this is the right group to ask this question. Please direct me if there's a better place. I'm trying to do this the right-est way possible. And learn.

Thanks for any assistance.

Overview

I have some data I want to encrypt/decrypt and hold very securely such that the database in rogue hands is essentially worthless.

My basic question is: Can I use the same data to create a hash that I use as an index in a database as I use as the key to encrypt/decrypt the secret data if I just re-order data?

More details:

I don't want to store or maintain a key. I'm bless in that I have a myriad user-specific data I have available I can use to calculate a key dynamically as needed.

I have two database tables:

• one with user data
• one with the secret

I do not want the secrets associatable with the user data so I hash that user data. Thus, I use that hash as a lookup value into the secrets table.

Description of the basic data (examples):

Account info:
   name
   birthday
   birth place

Secret:
   secret: 16 - 512 bytes in length

Description of the two Database Tables:

Account Info Table:
   name
   birthday
   birth place
   salt - calculated and saved during the hash creation

Secrets Table:
   hash - created dynamically from data in account info table (See details below).
   secret - *** How do I encrypt this? ***

How I create the hash and salt:

account_info = Using the Account Info Table, concat( name + birthday + birth place )
salt = if not passed into the function, create with random 16 bytes
save the salt into the Account Info Table for use to recalculate the hash later
hash = use PBKDF2HMAC with the salt with SHA256 at 100,000 iterations on account_info
use hash value as the index in the Secrets table so that we can find the secret that's tied to the Account Info

How I currently encrypt the secret:

Using AES CBC via the cryptography python library
Using a key - *** This is where my question is ***

Question:

If I generate the hash (index into the secrets table), like so:

hash = concat( name, birthday, birth place) + random( 16 ) bytes

Can I safely rearrange the details and use that for the key for the encryption, like so?:

encryption key = concat( birth place, birthday, name )

Basically, I want to create a hash that will only be generated on a given system, and if run on a different computer, or if the computer changes in a meaningful way, then you'd get a different hash output.

I'm not really familiar with TPM (if available) or other means to do this, but assuming there likely is some form of library that either uses it, or uses hardware details if one isn't available as a secret seed as part of a hashing algorithm.

The reasoning for this, is thinking about malware that will slurp up browser cookies to impersonate sessions on other systems. If the cookie database was using hashed keys (for the domain name) that only a given system would use... a known value can be checked at startup and if it doesn't have a matching entry, then the db is dumped with a fresh one. This would make it much more difficult, though still not impossible to simply clone a cookie database and use on another system.

Issues would likely be containerized browsers, such as snap or flatpak, which wouldn't necessarily be able to make a distinction, though maybe still possible, I don't know.

Any thoughts on this approach or suggestions?

So, I have these two PRFs, F over X,K,Y is known to be secure.

1. Prove that F2(k, x) := F (F (k, 0^(n,) x) is a secure PRF.
2. Prove that F3(k, x) := F (F (k, 0^(n,) x) ⊕ F (k, x) is an insecure PRF

My 1st Proof:

Base case: n = 0
F(k,O^(O) ) => F(k,E) = y (where y is a constant in this case)
F2(k, x) := F(y,x) (secure based on the description)

Induction:
n = m
F(k,O^(m) )= y (secure)
F2(k, x) := F(y,x) (secure, but does this mean F(y,x) = y?)

n = m + 1 (I am so unsure what to do there)
F(k,O^(m+1) )=> F(F(k,O^(m) )0)=> F(y,0)
F2(k, x) := F(F(y,0),x)

And since the 2nd one is using the 1st, I am not sure on how to prove that is it insecure.

Hello all,
I have some knowledge in the field of cryptography, but there's this thing that I don't entirely understand (especially when asked to explain and justify it, as I am a teacher).

So I know that for fairly simple encryption algorithms, like a straightforward stream cipher that XORs the plaintext with a key stream, there's a real danger of an attacker being able to modify the message even if they cannot decypt it.

However, for an algorithm like AES, as far as I understand, it's practically impossible for an attacker to alter it without breaking the key - it will decrypt into total nonsense. So why not just add a timestamp or something to prevent replay attacks, and forego signing?

I am an undergrad Electronics and Telecom student, currently taking a course in Cryptography Theory which taught some basic encryption methods (Ceaser, Autokey, Des, ...).

I was assigned to read this paper (https://www.nature.com/articles/s41598-021-90055-3#Sec8) . I tried to grasp some basic things before start but after a day all I know is QKD help secure the key exchanging process, and alert if there is any eavesdropper by statistical analysis comparing mismatch in the way Alice and Bob chose to measure qubits.

I'm so lost reading this, I have no background in quantum mechanics, only know C/C++, MATLAB, some basic electronics. What should I study to quickly fill the background needed to read this paper?

Basically the title. I’ve got a custom zero knowledge proof system and I’m trying to probe it for statistical weakness. Information around proof soundness or completeness would be awesome but I’m especially looking for methods for proving something is zero knowledge(adversary learns nothing from the proof other than it is correct).

Currently, I’m using the simulator method, generating N proofs on a set of N messages using consistent valid secrets, and generating N forgery attempts on the same set of messages with new keys. Then I check the two sets of proofs(real and random forgeries) against eachother and see if they are distinguishable.

Are there alternative methodologies? Best statistical tests? Ideal sample size? Any resources to teach myself?

Please be gentile, i only know foundational statistics and this is the first time attempting to apply this voodoo “math” to cryptography. I’m looking for resources and advice. Thanks!

There's many posts of this on this sub, and many have very intelligent answers. But the end result, is.. Due to many of my own life problems and serious disorders (and meds), I am not intelligent. In fact, I can barely read a paragraph without much of a problem -- Which I understand is slightly hypocritical, seeing as I'm writing one right now. However, as much as I understand I may not be able to understand them currently, I do have one singular question for you guys, if you could answer concisely, if possible, please.

My computer and NAS are both encrypted for reasons I do not wish to get into -- are the chances that they'll be broken into due to this post-quantum cryptography any higher? And if so, how much higher? To what factor do they change? These are all questions I'd like to know the answers to, if you don't mind doing this disabled adult a favor. I appreciate any responses, even if it may be word-of-mouth about this subject.

Hey everyone,

I'm a Computer Science Bsc student who is trying to make a proof of concept about the use of FHE in e-voting. Can you guys suggest me some FHE libraries in Python? I've tried working with TenSEAL, but pip doesn't seem to find it, and I've been stuck in an installational nightmare ever since. Apparently this has been a running problem for many machines with Windows, so I'm trying to find an alternative.

I'm specifically looking for an FHE library, and not an HE one. Anything else doesn't really matter, though I'd prefer if it could be used by simply importing the library to the python file.

While reverse engineering ransomware, I could get the RSA Public key 2048 which is written hardcoded inside the malware. The decryption process depends on getting a random 16-byte key generated for each file which is encrypted using the RSA Public key and appended inside that file. Theoretically, the encryption is done without accessing the internet, so it's possible to decrypt it, but I don't know how.

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDhAkjz9GllcG2a/Migh
DXmQuzazCghfrC/zR+xWcKGzSgoH7n8GKqEzvwZYpn+mgGs1qufX46tgX6HxJSrZ
vxm6Ki+oPKv5t7ktU2SicB8Ftu55iTWPDI5gec97hDb1un65qt5TSVBWcfQ19qu0
ctjEowpP723beQgUUTNdQTJoB6SItyjWOrIMXV2wrz861jqxCU/xwxV6TS09Rrwz
Rxxmzyv1Xcei2DMyEhoP9BVHeaABQbnQ7wGqIXevdUpRqJ8AYvXHLB6Lno3IJ3Bo
UMRDTNKY8JHMxg/b6l9vT6X1PH3qD29lk2SGpwW+5JvK6OUn5+Bncv0KmQj4HuXT
awIDAQAB
-----END PUBLIC KEY-----

Cryptohack Modular Binomials challenge : i already found the solution online but i don't understood why the q is the gcd of the difference ; the link of the solution : https://www.ctfrecipes.com/cryptography/general-knowledge/maths/modular-arithmetic/modular-binomial