Questions tagged [algorithm-design]
Design of cryptographic primitives (algorithms), like block ciphers, stream ciphers, random-number generators, hash functions, MACs, key exchanges, public-key encryption or signature schemes. Also tag with the relevant type of primitive. If you ask about a known existing algorithm, also tag with its name.
938 questions
1
vote
2
answers
160
views
Error Correcting Codes: Codeword indistinguishability from random
Note: ECC = Error Correcting Code(s)
Is it possible to have a codeword from an ECC be indistinguishable from random?
If there is a shared secret between the sender and receiver then it's not a ...
0
votes
0
answers
63
views
Is there any structural attack on quadratic prime-gap commitments?
Consider the following construction based on an exact quadratic gap between two primes.
Let 𝑝 be a public prime. A valid private structure consists of:
• a prime 𝑞 such that 𝑞 > 𝑝;
• a ...
4
votes
1
answer
382
views
Is low Hamming weight problem comparably difficult as SIS?
Lattice-based schemes sometimes base their difficulty on the intractability of finding short solutions in under-determined linear systems. This assumes of course the underlying ring element is not bit-...
- 11.7k
0
votes
0
answers
79
views
Seeking KDF parameters for Bitpie/imToken 2023 private backup file in {"data":...} JSON format
I have a private wallet backup file from Bitpie/imToken created in June 2023. The new version of the official app no longer supports importing this format.
The file content is a JSON object in this ...
- 1
3
votes
1
answer
153
views
Is this type of column parity mixer necessarily invertible?
In this question, the term “word” implies a binary word, i.e., a sequence of bits.
Let $x \oplus y$ denote a result of the bitwise “exclusive or” operation for two words $(x, y)$ of the same length. ...
- 1,478
0
votes
1
answer
111
views
Finding an efficient covering map secp256k1 (genus 1) to the Jacobian of a higher genus curve
Has there been any significant Research and findings on secp256k1 (genus 1) to the Jacobian of a higher genus curve, so efficient Index Calculus Algorithms can be built
- 1
6
votes
1
answer
140
views
Cryptographic primitives that currently can be realized only in the Random Oracle Model
Are there cryptographic primitives for which, according to the current state of the art, the only known constructions are proven to be secure in the random oracle model but have no security proof in ...
- 204
9
votes
2
answers
2k
views
Non-committing? Have we been using *deniable* authenticated encryption all along?
Committing security is growing in importance as a set of properties for authenticated encryption in symmetric settings. This notion is defined by Bellare, Hoang, and Wu as:
$\underline{\small \textrm{...
- 1,324
2
votes
1
answer
158
views
What types of cryptanalysis should I apply to evaluate a new Morse-code–based encryption algorithm?
I am a student working on cryptography and have designed a custom Morse-code–based symmetric encryption algorithm.
It converts file data into Morse-coded form, applies key-dependent transformations, ...
1
vote
0
answers
47
views
Vector-Based Invertible Neural Networks for Experimental PQC [closed]
Summary
This is an experimental exploration of using high-dimensional vector spaces and invertible neural networks (INNs) to harden classical encryption against potential post-quantum attacks. The ...
- 11
3
votes
2
answers
146
views
Formal name for time-limited challenge-response using hash of IV and memory contents
I understand there is a time-bounded challenge in which a message is sent, a computation must be performed, and the result returned within a strict time limit.
For example, a random IV (initialization ...
- 131
3
votes
0
answers
56
views
Given a basis for a lattice A of order $n\times n$ and a trapdoor $T_A$. Can i generate another independent trapdoor for $A'=AU$, $U$ is unimodular
Given a lattice $\Lambda(A)$ and we know the trapdoor for this, say $T_A$. Now can we generate another independent trapdoor $T_{A'}$ for $A'=AU$, for a unimodular matrix $U$?
Also I want to ask, is ...
2
votes
0
answers
108
views
Is it possible to have a homomorphically encrypted Von Neumann machine?
Imagine Merlin delivers Arthur a blob of data representing a virtual machine state, encrypted via fully homomorphic encryption. This means that Arthur can compute arbitrary boolean circuits on this ...
- 229
6
votes
2
answers
1k
views
Do any standalone MACs exist?
Title is the question. Plus: what examples are there?
I'm not referring to generalized MAC constructions that plug in a block cipher (CBC-MAC) or a hash function (HMAC, KMAC), nor am I referring to ...
- 4,338
3
votes
2
answers
423
views
In the RSA(SSA)-PSS signature scheme, why does the message need to be hashed twice and why is masking the "salt" needed?
I'm trying to understand the design of RSA(SSA)-PSS, as shown here:
https://upload.wikimedia.org/wikipedia/commons/5/53/RSASSA-PSS_PSS-encode.png
Two things I don't really understand:
Why does the ...
