Newest Questions

Ask Question
32,053 questions
Newest Active Bountied Unanswered
2 votes
0 answers
29 views

I read the ABY3 paper. First of all, I noticed that the labels for "malicious" and "semi-honest" are swapped Table 2. Additionally, I don’t understand why ABY3 achieves 4k ...
user105684's user avatar
  • 61
1 vote
0 answers
38 views

In Dan Boneh's excellent lecture about FRI, he gives the probability of a verifier accepting a vector u0 that is delta close to ...
tsknakamura's user avatar
  • 111
0 votes
0 answers
38 views

https://imgur.com/a/ErHmTPz There are more variations than the one present in the image, but the most used letters are certainly present. I tried letter frequency, word searching. The plain text ...
Radu Tudurean's user avatar
  • 1
0 votes
0 answers
37 views

Construct a public-key encryption scheme which is CPA secure but not circularly secure, relying only on the existence of public-key encryption schemes. This is a problem from my cryptography course ...
minukesis's user avatar
  • 1
0 votes
0 answers
48 views

I would like to ask for a technical review of a key-derivation construction that we developed while designing a multi-chain wallet and an E2EE identity layer. This construction is part of a broader ...
Jason's user avatar
  • 1
1 vote
0 answers
63 views

I'm trying to solve the discrete log problem in this context : I have a curve given by a short Weirstrass equation : $y^2 = x^3+ax +b$ where the point addition and scalar multiplication are done ...
Rybashka's user avatar
  • 11
0 votes
0 answers
49 views

brothers. I'm a 21-year-old college student studying security and cryptography in South Korea. When I first encountered quantum computers a few years ago, I didn't pay much attention, but seeing the ...
김경민's user avatar
  • 1
0 votes
1 answer
90 views

Given prime $p$, generator $g$ of $\mathbb Z_p^*$ and $h_1,h_2,h_3\in\mathbb Z_p^*$ is $$\log_ph_3=(\log_ph_1)(\log_ph_2)$$ where at every $i\in\{1,2,3\}\mbox{ }g^{\log_ph_i}\equiv h_i\bmod p$ holds? ...
Turbo's user avatar
  • 1,199
2 votes
2 answers
118 views

In TLS, mlkem768x25519 derives a master shared secret from a concatenation of the x25519 shared secret and the ML-KEM shared secret. The FIPS-approved hybrid PQC key agreement algorithm, ...
forest's user avatar
  • 16.2k
4 votes
1 answer
152 views

Streamlined NTRU Prime (SNTRUP) is a post-quantum KEM that achieves IND-CCA2 security. According to DJB's website, Streamlined NTRU Prime is designed to minimize the complexity of a thorough security ...
forest's user avatar
  • 16.2k
0 votes
0 answers
38 views

Consider the following problem: we have two parties: Alice and Bob Alice has some sensitive data D (for Data) that she does not want to reveal to Bob Bob has some sensitive code C (for Code) that he ...
Kaveh's user avatar
  • 189
0 votes
0 answers
27 views

I was given the following explaination, some parts of it are wrong but others looks truethefull: Here is the rigorous mathematical explanation of why this technique works. The validity of the formula $...
user2284570's user avatar
  • 283
4 votes
1 answer
444 views

I have been using lifted ElGamal for my binary choice encryption into an exponent $g^m$, where m=0 or m=1. After ciphertext aggregation and decryption I got a message as $g^{m1+m2+m3+...+mn}$ and I ...
ojacomarket's user avatar
  • 195
1 vote
1 answer
82 views

Universally composable (UC) security is defined in the ideal/real model paradigm. In this paradigm, a real protocol $\Pi$ is defined to be secure when the outputs of this protocol are ...
Apo's user avatar
  • 111
2 votes
1 answer
158 views

The reference is Algorithm 4.2 on page 40 in this document https://sqisign.org/spec/sqisign-20250707.pdf. I'm confused by lines 28-33. We have $I_{com,rsp}$ correspond to the isogeny $\varphi_{rsp}^{...
Myath's user avatar
  • 966

15 30 50 per page
1
2 3 4 5
2137