Questions tagged [reference-request]
A reference request is a request to be provided with a source from documentation, official papers, and specs related to one or more specific algorithms or cryptographic procedures. Open ended literature recommendation requests are off topic! Also: Crypto.SE is not an optimal replacement for a search engine. The reference-request tag is not something that provides a base to replace research efforts.
432 questions
1
vote
0
answers
101
views
Various X-based proofs in cryptography [duplicate]
I have read quite a lot about ZKPs, so I THINK to know what a simulation-based proof is (of course I have extensively meet them regarding zero-knowledge-ness), but I often also hear about game-based ...
- 830
1
vote
0
answers
92
views
Are ID protocols functionally equivalent to digital signatures?
In PKC, it's common knowledge that key exchange and public-key encryption are functionally equivalent, and you can get one from the other. Barring semantic security definition difference of course.
...
- 11.7k
0
votes
0
answers
30
views
k- out of N oblivious transfer based on "blindable" one-more assumptions?
I was thinking about one paper I was writing and suddenly it occurred to me that I can build k-out of n oblivious transfer using any of the blindable one-more type problems (One more RSA-inversion, ...
- 671
2
votes
0
answers
54
views
Reference request: 256-byte digital signature metadata block format
Newer digital signature designs incorporates pure/pre-hashing metadata, as well as context string intended as a basic form of domain separation for signatures created for different purposes under the ...
- 11.7k
2
votes
0
answers
74
views
How is the salt/seed generated in Cisco IOS password encryption type 7?
So the Cisco IOS password "encryption" type 7 uses the 4 bit salt/seed to decide which part of the static key to start encrypting from, but I can't find any details on how this salt is ...
- 1,124
3
votes
1
answer
317
views
ECDSA signature allowing unambiguous public key recovery, somewhat as in Ethereum
An ECDSA signature encodes the $(r,s)$ integers each in $[1,n)$, where $n$ is the order of the (sub)group generator. For a standard 256-bit prime curve one standard byte form for such signature is 64-...
- 151k
1
vote
0
answers
81
views
How is an oblivious stack integrated in garbled circuits?
I read a paper in which a tree search algorithm (specifically a DPLL SAT solver) is implemented with garbled circuits. In this tree search algorithm, we have (obviously) the typical 'forward' steps ...
- 83
3
votes
2
answers
184
views
Block cipher design resources? [duplicate]
As someone with a PhD in theoretical crypto, block ciphers are usually just assumed to be some perfect mathematical object, which is used in various proofs... I feel like I should educate myself on ...
- 305
2
votes
0
answers
93
views
Does the supposed domain separation make it safe to reuse Ed25519 public key for Curve25519 key establishment?
The "Similar Questions" section under my title suggest several similar questions on this, but none touched on that explicitly.
Because Montgomery curves have birationally equivalent Edwards ...
- 11.7k
0
votes
0
answers
105
views
What is the message inflation ratio in ring-LWE?
I've been learning and implementing standard ring-LWE over $R_t = \mathbb{Z}_t[x]/(x^N+1)$ [1]. In my implementation [2] the inflation ratio is ~192 (it takes 192 bytes to encrypt 1 byte). My ...
- 131
1
vote
1
answer
117
views
Noncommutative generalizations of NTRU
I recently learned and implemented NTRU Encrypt successfully in Python/SageMath. The key players are the polynomial rings $R = \mathbb{Z}[x]/(x^N-1)$ and reduction $R_p = \mathbb{Z}_p[x]/(x^N-1)$.
One ...
- 131
-1
votes
1
answer
213
views
Rust implementation of ChaCha20/Poly1305 or AES-GCM that uses GPU?
Do you know of any Rust implementation of ChaCha20/Poly1305 or AES-GCM that uses the GPU (especially CUDA) for encryption?
- 11
2
votes
1
answer
151
views
Number field embeddings for homomorphic encryption
Suppose Alice chooses a number field $K$ and a polynomial $f(x) \in K[x]$. She computes the splitting field $L$ along with an embedding $\varphi: K \rightarrow L$. In SageMath,
...
- 131
1
vote
0
answers
57
views
Vulnerability of key exchange arising from interoperability of implementations
I remember that I read a paper a long time ago that makes a claim of the following kind:
Although TLS (or perhaps another protocol) is secure in theory, different implementations of it could interpret ...
- 358
2
votes
0
answers
127
views
Fully homomorphic encryption textbook suggestion
I am looking for mathematics textbooks which include a rigorous introduction to fully homomorphic encryption and especially CKKS / TFHE algorithms at the level of Boneh and Shoup's A Graduate Course ...
- 171