Newest Questions

I get a statistically close to random matrix $A$ and a trapdoor over $\mathbb Z_q^{n \times m}$ using a trapdoor preimage sampler. Lets say I want to sample a short preimage for some other matrix $U$ ...

I have a question that needs answering. I am currently in the middle of changing careers and have some interest in the tech field. Earlier this year, I made a list of jobs/careers that I wanted to ...

I have read the Keccak team document about PRNG. When you hash with Keccak SHAKE the amount of random bytes you wish to return is unlimited, i.e. I can fetch() as ...

I'm a new student IT. I need to understand the typical digital signatures, such as DSS, DSA or other in e-commerce.

Is there a way to generate a backup of a GnuPG private key (without encryption) using any kind of Secret Sharing (like Shamir's Secret Sharing Scheme)? The idea is getting something that can be ...

"In the third step of the Schnorr protocol, the prover's response takes the form $z=r+cx$. Why can't this form $z=cr+x$ work? I found these answers 1 and 2 are related to my questions However, ...

This is a speculative question that may be hard to answer reliably. Apologies. According to a Techcrunch article linked here A stunning report in Forbes today detailed that the NSA’s rapidly ...

The intuition behind simulation-based security proofs comes from the following idea — if any party participating in a protocol or system can fully simulate the entire interaction process without ...

The 1999 paper "The Security of all RSA and Discrete Log Bits" by Hastad and Naslund here states that any block of $O(\log \log N)$ bits where $N=pq,$ of the encrypted RSA output is known to ...

I want to know what is the complexity of the lattice-reduction algorithm (used agains CKKS encryption algorithm) named Block Korkine-Zolotarev (BKZ) algorithm (Curtis et al., 2019)? ref: https://...

Luby and Rackoff have shown that a balanced Feistel scheme requires only 4 rounds and is "perfectly" secure as long as the round functions are "random enough". Has any work been ...

Consider the discrete Log Problem w.r.t. prime $p$. Given $b, p, r$ find $x$ where: $b^x\bmod p=r$. We are promised that $b^{\frac{(p-1)}2}\bmod p=p-1$. Q1: What is the complexity of calculating the ...

I'm working on a problem where an encryption scheme like OTP leaks the r-th bit of the key each query where r is a random integer. If an attacker can do an infinite number of queries before the ...

My problem is specific: basically I want to have a website that is a gallery of my photos and I want the user to be able to view them, but that is the only access the user has. If they attempt to save ...

I have a bivariate polynomial $f(x,y)\in\mathbb Z[x,y]$ of shape $$f(x,y)=ax^2+bxy+cy^2+dx+ey+f$$ where $abcdef\neq0$ $|x|<X$, $|y|<Y$, $XY<\frac{W^\frac12}{g(N)}$ where $W=\|f(xX,yY)\|_\...