Questions tagged [reference-request]
A reference request is a request to be provided with a source from documentation, official papers, and specs related to one or more specific algorithms or cryptographic procedures. Open ended literature recommendation requests are off topic! Also: Crypto.SE is not an optimal replacement for a search engine. The reference-request tag is not something that provides a base to replace research efforts.
432 questions
1
vote
0
answers
98
views
Various X-based proofs in cryptography [duplicate]
I have read quite a lot about ZKPs, so I THINK to know what a simulation-based proof is (of course I have extensively meet them regarding zero-knowledge-ness), but I often also hear about game-based ...
- 800
1
vote
0
answers
85
views
Are ID protocols functionally equivalent to digital signatures?
In PKC, it's common knowledge that key exchange and public-key encryption are functionally equivalent, and you can get one from the other. Barring semantic security definition difference of course.
...
- 11.5k
0
votes
0
answers
25
views
k- out of N oblivious transfer based on "blindable" one-more assumptions?
I was thinking about one paper I was writing and suddenly it occurred to me that I can build k-out of n oblivious transfer using any of the blindable one-more type problems (One more RSA-inversion, ...
- 671
2
votes
0
answers
49
views
Reference request: 256-byte digital signature metadata block format
Newer digital signature designs incorporates pure/pre-hashing metadata, as well as context string intended as a basic form of domain separation for signatures created for different purposes under the ...
- 11.5k
2
votes
0
answers
60
views
How is the salt/seed generated in Cisco IOS password encryption type 7?
So the Cisco IOS password "encryption" type 7 uses the 4 bit salt/seed to decide which part of the static key to start encrypting from, but I can't find any details on how this salt is ...
- 1,124
3
votes
1
answer
270
views
ECDSA signature allowing unambiguous public key recovery, somewhat as in Ethereum
An ECDSA signature encodes the $(r,s)$ integers each in $[1,n)$, where $n$ is the order of the (sub)group generator. For a standard 256-bit prime curve one standard byte form for such signature is 64-...
- 151k
1
vote
0
answers
80
views
How is an oblivious stack integrated in garbled circuits?
I read a paper in which a tree search algorithm (specifically a DPLL SAT solver) is implemented with garbled circuits. In this tree search algorithm, we have (obviously) the typical 'forward' steps ...
- 83
3
votes
2
answers
173
views
Block cipher design resources? [duplicate]
As someone with a PhD in theoretical crypto, block ciphers are usually just assumed to be some perfect mathematical object, which is used in various proofs... I feel like I should educate myself on ...
- 255
2
votes
0
answers
89
views
Does the supposed domain separation make it safe to reuse Ed25519 public key for Curve25519 key establishment?
The "Similar Questions" section under my title suggest several similar questions on this, but none touched on that explicitly.
Because Montgomery curves have birationally equivalent Edwards ...
- 11.5k
0
votes
0
answers
100
views
What is the message inflation ratio in ring-LWE?
I've been learning and implementing standard ring-LWE over $R_t = \mathbb{Z}_t[x]/(x^N+1)$ [1]. In my implementation [2] the inflation ratio is ~192 (it takes 192 bytes to encrypt 1 byte). My ...
- 131
1
vote
1
answer
104
views
Noncommutative generalizations of NTRU
I recently learned and implemented NTRU Encrypt successfully in Python/SageMath. The key players are the polynomial rings $R = \mathbb{Z}[x]/(x^N-1)$ and reduction $R_p = \mathbb{Z}_p[x]/(x^N-1)$.
One ...
- 131
-1
votes
1
answer
161
views
Rust implementation of ChaCha20/Poly1305 or AES-GCM that uses GPU?
Do you know of any Rust implementation of ChaCha20/Poly1305 or AES-GCM that uses the GPU (especially CUDA) for encryption?
- 11
2
votes
1
answer
150
views
Number field embeddings for homomorphic encryption
Suppose Alice chooses a number field $K$ and a polynomial $f(x) \in K[x]$. She computes the splitting field $L$ along with an embedding $\varphi: K \rightarrow L$. In SageMath,
...
- 131
1
vote
0
answers
56
views
Vulnerability of key exchange arising from interoperability of implementations
I remember that I read a paper a long time ago that makes a claim of the following kind:
Although TLS (or perhaps another protocol) is secure in theory, different implementations of it could interpret ...
- 358
2
votes
0
answers
116
views
Fully homomorphic encryption textbook suggestion
I am looking for mathematics textbooks which include a rigorous introduction to fully homomorphic encryption and especially CKKS / TFHE algorithms at the level of Boneh and Shoup's A Graduate Course ...
- 171