Science topic

Applied Cryptography - Science topic

Explore the latest questions and answers in Applied Cryptography, and find Applied Cryptography experts.
Questions related to Applied Cryptography
• asked a question related to Applied Cryptography
Question
May you please name some good books on Blockchain technology?
Dear Jay Kamlesh Dave,
Here there are some more:
• asked a question related to Applied Cryptography
Question
I need to test CSPRNG using ENT (http://www.fourmilab.ch/random/). I produced random stream from the generator and stored it in a text file as a sequence of 0s and 1s. I've tried different samples but all of them have failed. To check whether I'm performing the test correctly or not, I look on the internet for a pretested random bit sequence and it has failed as well. Do you think the issue is with the tool or with the form of the input to the tool?
you can use Matlab easily
%MATLAB random number generator 8 bits have maximum value of 2^8=256
randomNumbers = fix(rand(1,256)*256);
randomNumbers = uint8(fix(randomNumbers));
%save data as a binary file
FID = fopen('rn.bin','w');
count = fwrite(FID, randomNumbers)
fclose(FID);
-------------------------
In ENT program use the following commands in the console
ent.exe -b rn.bin
and
ent.exe -c rn.bin
• asked a question related to Applied Cryptography
Question
In socialist millionaire problem, two millionaires learns whether their wealth are same or not without revealing detail wealth. It is a step in protocol where Qa = g^x and Qb = g^y, where x and y are wealth, g is base of the discrete logarithm. a) Is it not computational overhead on users if value of x and y are huge? b) If I want to replace x and y as string in place of numbers, then how may I do it?
Peter Breuer Thank you Dr. Peter for your answer. May you please let us know how may we replace the integer x with a string message?
• asked a question related to Applied Cryptography
Question
Today, in 2019, I see an increasing popularity of playing a Capture The Flag (CTF) by Cybersecurity students.
What are the advantages and disadvantages of playing CTF's in relation to developing the right skills for Cybersecurity students (Bachelors and Master degree)? Does it ad value to the cybersecurity skills gap? On what way it does or does not?
There are a lot of competitions online and offline. Just a few examples:
Offline: ecsc.eu (Europe), defcon.org (Americanas)
Good reads about the intersection of Cybersecurity and education (related to playing CTF's) are also welcome.
Other questions i have in mind: 1) How does playing CTF games ad an value to the quantitave and qualitative cybersecurity skills shortage worldwide? 2) Can playing CTF's be a (partial) replacement for Cybersecurity-education (under- and graduate level)? 3) The quality of a CTF strongly depends on the developer(s). Is there (some kind of) framework to measure the quality and levels of CTF's? 4) What is the future of CTF's? (Serious gaming/cybersecurity simulation environment/other) 5) How can we make CTF's more reality based / realistic? 6) The sooner students start with playing CTF's, the better?
https://doc.lagout.org/security /Packt.Kali.Linux.CTF.Blueprints.Jul.2014.ISBN.1783985984.pdf
Hello,
the CtF I have experience with have been single day events. That means the event itself is not where any learning is taking place. The important time, for participants as well as organizers, is the preparation. That is also where students learn, but the CtF at the end gives a huge boost for motivation and provides a target to define what to learn.
The topics that can be learned depend on the type of CtF you are playing. The CtF I participated in where focused on application security, very practical implementation and configuration vulnerabilities with the occasional reverse engineering of buggy protocols. It is your, assuming you are the teacher, responsibility to select a fitting curriculum beforehand. But there are plenty of challenges and writeups of historical CtF events out there.
And then CtF provide an opportunity to setup a whole setup for security monitoring and operational processes. But the focus with us normally has been on bug hunting and reverse engineering and that, in my eyes, is not sufficient to motivate a full course in IT-security.
CtF tend to require a lot of preparation and part of it is development of "sport utilities" like efficient flag-submission services or exploit automation, but given that you can engage your students deeper with the prospect of a CtF competition in the end, and the potentials to run a competitive group continuously running over many years, where knowledge and skills can be honed and taught by the experienced students makes up for all the work. And, it is, in my experiences, one of the most fun and most effective ways of standing by while students learn.
• asked a question related to Applied Cryptography
Question
Hi,
As per the definition of logic obfuscation, obfuscated circuit stays in obfuscated mode upon global reset (i.e. initial state) and generates incorrect output; upon receiving correct initialization sequence it enters into functional mode and generates intended outputs.
This is fine with respect to the design that does not connected with any further critical systems. If at all, the obfuscated logic needs to be connected to further safety critical systems, won't incorrect value generated in obfuscated mode affects the critical systems??
In such case, how to apply logic obfuscation??
You can read the literature yourself and come up with your own conclusions. It would do you good, you would sound less like a non-expert rambling about something you have very little clue about. I am done here.
• asked a question related to Applied Cryptography
Question
Suppose c=E(m,k) be the bit representation of the encrypted value of the message m with the key k. Suppose, for each t, there exist an x that has the following relation:
W(E(m,x) Xor E(m,k))=t.
In this relation, W is the weight function that represents the number of 1s. Suppose there is an algorithm that can find x for each t>1. For what values of t, this algorithm can be considered a threat to block cipher E?
As I said, m and c are fixed. Also, I know both of them.
• asked a question related to Applied Cryptography
Question
What are some examples of Multi secret sharing schemes actually being used in real-world applications?
Passwords are about the only form of authentication human beings can use, but the entropy of passwords remembered by humans is very low. Hence, dictionary attacks against passwords are very effective. Several different PAKE protocols can make network protocols safe against both passive and active attackers, but none of them can protect against server compromise - a dictionary attack can always be mounted against the authentication data the server holds.
Secret sharing is used in building secure authentication protocols with weak passwords where the leakage of a single server's data does not allow for dictionary attacks on the password. A simple form of this is used in the real world by Verisign: Server-Assisted Generation of a Strong Secret from a Password. More recent research in to the problem: Provably Secure Threshold Password-Authenticated Key Exchange.
• asked a question related to Applied Cryptography
Question
I am working on an approach to prime factorization in polynomial time using a modified AKS primality test. Do you think that the following approach will work?
-----
If a test similar to AKS for divisibility can be created, which given any w,n with w <= sqrt(n) tells us whether or not n is divisible by any k:1 <=k <= w in polynomial time, we can factorize n in polynomial time. This can be achieved by constructing a binary search to find the factors of n in log(n) time. In case of w = sqrt(n), this test should become trivial AKS primality test.
-------
There is no known way to turn primality testing (or composite testing) to prime factorization effectively (in poly time), so this will be really surprising. Any polynomial time prime factorization algorithm will be most surprising results (there is no lower bound that indicates this is impossible, but the mathematical knowledge nowadays leads to sub exponential algorithms far worse than polynomial time). Side comment: The only polynomial time technique for prime factorization is a "Quantum polynomial time" method of Peter Shor (Shor's algorithm) BUT: quantum computers cannot yet be built of reasonable size to be a meaningful candidate to factor numbers that have large factors in them!!! Note that an efficient prime factorization algorithm will have extremely significant effect on modern cryptography as it is practiced!!!
• asked a question related to Applied Cryptography
Question
Dear Colleagues,
From relation:
P=ε_0 χ^((1)) E
I suppose that in an isotropic medium,  χ^((1)) is the scalar quantity, vector P and E are in the same direction, while for an anisotropic medium,  χ^((1)) is the tensor quantity, vector P and E are different in direction. However, my professor said that the above statement is not true in some special cases. Could you tell me which is the those cases?
Thank you and hoping for your insightful response.
I really appreciate your help, Prof.Thomas Mayerhöfer and Prof.Pablo Acebal !
• asked a question related to Applied Cryptography
Question
How to prove onewayness, weak collision and strong collision of Hash function. Please provide explanation about formal proof. Please attach a literature if you have.
Maybe this is what you are looking for:
In short, vast majority of today's practical hash functions (including SHA-2 family and SHA.3) do not have a strict proof reducing their properties to some widely acknowledged hard problems. Of course, their designers have some heuristic reasoning, but in practice the hash functions are expected to perform really fast, so you can not use expensive algebraic operations like modular exponentiation in their construction. On the other hand, using something like this seems unavoidable if you want to encode a hard problem somewhere in the function structure.
• asked a question related to Applied Cryptography
Question
I need a matching algorithm between a collection(Xi) and a collection(collection(Yj))
knowing that  Collection()Yj  may have elements in common
I explain with an example:
suppose we have a web service S with 3 inputs (I1,I2,I3)
I1 can be provided by services A, B, C, D
I2 can be provided by service   A,E
I3 can be provided by services F
I need an algorithm or a function to find the best combinaison between the available services to provide the input of S (I1,I2,I3)
Collection(Xi)={I1,I2,I3}
Collection(Collection(Yj))= {{A,B,C,D},{A,E},{F}}
Thank you.
Dear Majid,
Thank you for your response. I will implement your suggestion. I hope it works well
• asked a question related to Applied Cryptography
Question
Numerical example for each.
Cryptography: change the data so it is not readable. Adversary can see there is a data communicated but can’t understand it.
Steganography: hide the very existence of the data. Adversary doesn’t know of a secret communication.
Watermarking: either visible or invisible and used to identify ownership and copyright.
• asked a question related to Applied Cryptography
Question
I am looking for step by step procedure to find the crystallite size and microstrain by warren-averbach using xpowder and how can we interpret the plots. is this method able to estimate the dislocation density and is there empirical equation to estimate the dislocation density using xrd.
the attached picture is for the analysis using xpowder. in the instrumental profile, how can i find the instrumental broadening and compare it with measured pattern.
looking for help to know much about the correct procedure from your wide experience.
P.S. Can we Use the experimental sample instead of the standard one to estimate the instrumental broadening after annealing.
Hi Mohammed. It would be helpful if you include the question signs in your questions.
In order to extract the instrumental profile from your measurements you need to measure a free-of-strain sample first, with a crystalline size small enough to get a good statistic. There's a commercial sample, LaB6, you can get from NIST in the USA. It's very expensive but good to do the job. Another alternative would be preparing a powder from a single crystalline Si wafer, but it's not easy to do without applying some stress. If you can find a way to get rid of the strain in your sample, let's say, to a value below 10^-4, that could be useful as a reference for the instrumental profile.
Once you've measured your reference sample for the instrumental profile you fit the powder diffraction pattern in Xpowder and you store all the values of the reference pattern, which basically consist of the parameters of the Caglioti's formula. Then, the instrumental profile can be extracted from any other sample with a strain higher than the strain in the reference material.
If you change the set-up in the X-Ray diffractometer, the Caglioti's parameters have to be measured again.
You can't get the dislocation density from Xpowder directly. For that purpose I would suggest to take a look at an academic software developed by Mateo Leoni, in Italy. It's called PM2K. You can send an email to him to get a copy of the software.
If you want to develop your own code in Mathematica or Matlab to determine the dislocation density and crystallite size by Warren-Averbach method I can give some directions to get started, just send me an email to hf278@exeter.ac.uk
Best regards.
• asked a question related to Applied Cryptography
Question
We know that, the most classic problem was distribution key... In asymmetric cryptography algorithm this problem a little bit solved but the impact is it take it too long process, so one of solution could be used was protocol cryptography with symmetric cryptography algorithm, i just wanna ask all researcher which is the best protocol cryptography is it Thres-Pass, bit commitment protocol, secret sharing, secret splitting or else..  please give me your answer
Your question is not well defined. Differet tasks have different protocols. Authenticated key exchange is indeed a key protocol to span secret authenticated channel between clients and servers or inter servers communication (TLS/ SSL does that). In the mobile domain we have messaging protocols for end-to-ed encryption involving similar methods. All these are used billions of times per day over the Internet. The other various protocols you mention are theoretical ideas mainly (some in some level of use).
• asked a question related to Applied Cryptography
Question
Why is elliptic curve cryptography not widely used compared to RSA?
For Encryption and some related tasks ECC expands the message two times. Furthermore, some of the points (x,y) are missing in almost every ECC curve
• asked a question related to Applied Cryptography
Question
I am trying to apply cryptography for sensor data in Contiki/Cooja simulator.
Is that possible to implement in Cooja simulator?
or do we need some special tools?
Dear Ragupathy,
This document aims to show the very basics of using the Contiki Cooja simulator.
• asked a question related to Applied Cryptography
Question
I would like to know about the encryption systems used in SMS coding (both for the purpose of transmission data security) in mobile modern phones.
I too, like Vijay Ananda and Majid Bakhtiari believed that our smss travel plain without encryption but the down votes force me to think that may be it is not the case!
WhatsApp support end to end encryption, I know (though dont know what algo is used!). Gmail uses PGP (IDEA) but, sms?????Still doubtful!
• asked a question related to Applied Cryptography
Question
HVC : Halftone Visual Cryptography
In HVC we generate halftone image then its complementary after that we embed the secret image into them. by stacking the two shares we recover the secret. my Q is when we calculate some metrics such as Recall F-measure between which images ? is between halftone image before embed the secret and after embed the secret
Ok. Now how to encode the black and white pixels?i was trying with the mayrices
1 0 0 0             1 0 0 0
1 0 0 0             0 1 0 0
1 0 0 0          0 0 1 0
1 0 0 0  and  0 0 0 1
But it is not working!
• asked a question related to Applied Cryptography
Question
Dear friends and research gate community
Can anyone suggest any recent method suited to color images?
I need a fast method with good compression ratio. Also, I would like to know if someone has an article comparing the performances such as complexity along with other achievements.
Thank you.
Best regard.
I dont think there is any standard code table available though, there are  some predefined guidelines such as, in English text, the frequency of occurrence of 'e' is highest. Vowels will be more frequent then consonants. So should be assigned with less numbers of bits.  Z, X will have minimum frequency and will fall towards the end of the symbol table etc.  When the text size is high, the variable length codes will provide high compression rate and a small symbol table can be accommodated without consuming much space (in comparison to the space we gained through the coding scheme). For image/ video compression, redundancy is even higher incomprehension to text . I presume LZW will be preferable for this case.
• asked a question related to Applied Cryptography
Question
If I apply a LSB based algorithm for hiding data in an image, how can I calculate the possibility of the data being detected in steganalysis? Or finding the data bits that are encoded?
Most LSB based techniques can be steganalyzed using generalized chi-squared attack, RS- Steganalysis, Sample pair analysis, Weighted Stego, AUMP and with rich feature classifier. Please visit: dde.binghamton.edu and visit the Downloads section for many important and useful information on steganography and steganalysis
• asked a question related to Applied Cryptography
Question
If implementation of the basic modular addition, multiplication or exponentiation is done from scratch (eg. implementation of Carry Save adders or Montgomery's multiplier), one might not be sure of its efficiency in terms of throughput or area of chip. One the other hand, if standard packages exist, then it would be a lot easier to implement.
Depending on what you want to achieve with an efficient hardware architecture in terms of resource utilization, speed, power, etc., you should first divide and conquer the whole crypto algorithm into the sub-modules and write HDL code for each sub-module. As far as I know, there is no existing library in VHDL which supports crypto primitives (possible sub-modules). You may check OpenCores http://opencores.org/ website where you can find some HDL code that may help you. I highly suggest you to read these papers [1,2] in which they show you an efficient way to implement a crypto algorithm in FPGA.
[1] At, Nuray, et al. "A Low-Area Unified Hardware Architecture for the AES and the Cryptographic Hash Function Grøstl." IACR Cryptology ePrint Archive 2012 (2012): 535. https://eprint.iacr.org/2012/535.pdf
[2] At, Nuray, et al. "Compact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA," in IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 61, no. 2, pp. 485-498, Feb. 2014.
• asked a question related to Applied Cryptography
Question
my research is about hiding secret data into ePDF, using TJ operator, i will embed the integer number of secret data to Tj operator. but now, i am confusing how to get a TJ operator of PDF and return it from TJ operator to PDF file.
i have attached the reference paper
Thank you.
A better, and free solution is using Apache PDFbox: (https://pdfbox.apache.org/) You can use this together with BouncyCastle crypto library (https://www.bouncycastle.org/) to get assistance with cryptographic manipulations.
• asked a question related to Applied Cryptography
Question
I have a question about the article “efficient and multi-level privacy-preserving communication protocol for VANET” by H. Xiong et al. I need the ID of malicious vehicle, but i could not prove how I can get its public key from the equation given in the part of OBU fast tracing on page 3. How do I prove if this equation is right?
(Ci)q.B0=pki
You're right Dr Yung. group signatures are perfectly suited for this purposeو but privacy level is not adjustable.
Tracing part is implemented in some protocols that have used ring signatures, such as "Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications" by Hu Xiong et al. It's using trusted party private key.
• asked a question related to Applied Cryptography
Question
I need to implement ECC algorithm for RFID passive chip.
taking about energy and tension ?
• asked a question related to Applied Cryptography
Question
My question is about generating reliable keys in PKI (clients generate their own keys under the supervision of CA). We have an Authority Center (CA) generating some public and private keys for each client (more than one pair for each client). One method for sending keys to client is sharing a secret key between CA and client, and then sending key pairs and certificates by symmetric key encryption (with secret key). But overhead will be high, so i need an efficient method with low message overhead and time for key pairs transmission. How can i do it?
I know it's not possible to generate multiple public keys with unique private key, so i need a method that generates multiple key pairs for a specific client that are related (e.g. they are derived from a shared secret key) and CA can found their relationship, but other clients cannot find this fact.
Thank you Dr Paillier and Dr Yung.
You're right Dr Yung, this method can be useful. but there is one small problem that should be considered before implementation. there are many clients and the CA should verify the received signatures from clients in a short period of time. So, matching the keys used in signatures increases the processing time in verification step (Depending on the number of received messages ).
• asked a question related to Applied Cryptography
Question
The inventors of the AES Rijndael state that there are no 'linear' mathematical relations between plaintext and the corresponding ciphertext when passed through Rijndael. How can you prove this statement? What is the process to prove or disprove the presence of a mathematical relation between a pair of plaintext and ciphertext of any cryptographic algorithm?
"Why is it so? How to prove it?"
If encryption were linear, by taking two plaintexts A and B as well as their ciphertexts E(A) and E(B), you would get E(A + B) = E(A) + E(B). Of course, the meaning of "+" can vary. Are we talking GF(2)-linearity (XOR), addition modulo 2^128, truncated addition of words, ...?
This cannot be true with AES (or any other secure blockcipher), because otherwise you would get the key trivially with just 1 plaintext-ciphertext pair, encrypting 0 would always give 0, etc.
• asked a question related to Applied Cryptography
Question
I have to send the encrypted data to more than one cloud storage.I have a same question as Neetha Sharma do. Where can I insert my code in a simulation program example. First of all, Which example can I take for my project?
If you take the risk and opt for end-to-end-encryption in order to save your ciphertext data in a cloud, I strongly recommend that you scrutinize your exerted crypto suite for undeliberate and especially deliberate security leaks. It is commonly known that crook intelligencies embed weaknesses in crypto suites to reveal private data for their own purposes.
• asked a question related to Applied Cryptography
Question
In generic secure computation protocols, garbling have to be followed with the oblivious transfer. Can anyone suggest me the best two-party OT protocol? Implementation details will also be appreciated.
I don't know what you mean "best" but one of the most elegant and simplest I've seen is this: Tung Chou and Claudio Orlandi: "The Simplest Protocol for Oblivious Transfer"
The implementation is far too simple to discuss it.
• asked a question related to Applied Cryptography
Question
Hi All,
I have designed a simple method to synthesize 8x8 Substitution-box based on the concept of chaos function and search theory. I am asked to define equivalence classes to test number of S-boxes can be generated from the method. Please let me know how to determine and define the equivalent classes of 8x8 S-box.
A S-box random generated is dangereous. because it may contain weaknesses. Then a differential or linear cryptanalysis can be used to find session keys. See analysis of old encryption systems (DES for example). The construction of S-boxes for AES is based on the algebraic structure: GF(2^8). Here equivalence means a choice of a polynomial generator. There is somewhere a (public) paper with all these polynomial, but I have not its coordinates in this moment.
• asked a question related to Applied Cryptography
Question
I am trying to implement the video watermarking based on visual cryptography. I have created two share of a image in '.bmp' formats. How these two shares will be embedding  in the video while using the frequency domain.
I have divided the video into parts ( Suppose the video consisting 300 frames. In this way each part is having 150 frames each) to embed these share in two different parts. I have extracted the Y component of each part of the video. On which I had applied the DWT. Extract the HH Band. Apply SVD. And get the singular matrix.
How could I process the two share of transparencies in order to embed into the singular value obtained of these two parts of video as indicated above. Also requested to please tell me the extraction process of these two transparencies from watermarked video ?
You are most welcomed to informed me about any other method to implement the visual cryptography based video watermarking.
• asked a question related to Applied Cryptography
Question
what is the purpose to prove security in this way?
I am talking about game based definition for CCA and ID-CCA
Start with a solid book like Katz Lindel (new version) then go to papers like Shoup, Pointcheval, etc.
• asked a question related to Applied Cryptography
Question
It could be thought this question as a different approach if it is compared with research recently.
It would be great to work together or with other researchers who have desire to work together.
• asked a question related to Applied Cryptography
Question
The AES algorithm uses the irreducible polynomial x^8+x^4+x^3+x+1 for multiplying with MDS and inverse MDS matrix for encryption and decryption, respectively.
Can we change this polynomial with another one?
Should we redesign the MDS matrix if polynomial is changed?
Yes you can. The poly must be irreducible. Any irreducible poly can be used. After changing it you have to change MDS matrix.
• asked a question related to Applied Cryptography
Question
The modern Enigma encryption machines have same gear sizes, so the encryption can be a 1-to-1 function. I am trying to fin a way the encryption could work with different gear size, but apparently there is no way because if the proportion is altered then the encrytion values for some letters wont be the same.
I use the online gear generator for implementation: http://geargenerator.com/
There has to be a way. Let's say that, in a non-mechanical encryption algorithm, we use a product rather than an XOR operation (using whole numbers). Multiply the plaintext by a secret number (or secret string of numbers, one per plaintext character). The product is the ciphertext.
In the decryption step, we use division. If the divisor is secret (or the stream of divisors is secret), the dividend is the ciphertext, and the reconstructed plaintext is the quotient. If the secret divisor (or divisor string) is correct, identical to the secret number(s) used in the multiplication step previously, and if the ciphertext was unchanged in transit, the quotient in the decryption step will result in whole numbers always, and must correspond to the original plaintext values.
By the way, I have done this, and it does work.
Is this not possible with gears too? With unequal size gears, the cipher would have more potential values than the plaintext. But if the ciphertext received is identical to the transmitted string, and the gear ratios used in decryption are the same as those used in encryption, then the decryption should reconstruct the plaintext.
This type of cipher creates longer ciphertext than plaintext. So you might say "not fair," because the enigma machine only used the letters of the Roman alphabet in the ciphertext. It didn't have a large number of extra characters. So I'll respond that this would be a "more modern" enigma machine.
• asked a question related to Applied Cryptography
Question
I'm asking for the most efficient and secure
Cramer Damgard Schoonmakers Crypto 94 proceedings, or DeSantis, Di Crescenzo, Persiano and Yung FOCS 94 deal with the or proofs etc. that may be useful (can be viewed as extending the so called sigma-protocols techniques).
• asked a question related to Applied Cryptography
Question
Which encryption approach is better especially over a network. Cryptography or Steganography?
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. In contrast with this in Cryptograpy a file, message, image, or video is keyed transformed in order to hide information.
Steganography requires a carrier/payload in order to carry Obfuscated information.
Because of this Steganographed payload size is way larger then the Obfuscated information.
But in Cryptography sizes are same for Encrypted Data(Payload) and Data that has being encrypted.
Thus in a network scenario where bandwidth efficiency is an important stack holder, Cryptography is definitely is a winner because of its smaller Payload overheads.
Data (size x) --->   Steganography ---> Steganographed data (size y)
observation:  x << y
Data (size x) --->   Cryptography ---> Encrypted data (size y)
observation:  x = y
• asked a question related to Applied Cryptography
Question
I am looking for a performance analysis of Craig Gentry scheme. I am interesting to know how large is the ciphertext of a single bit after encryption? How much it takes to encrypt a bit, decrypt a bit and perform (addition, multiplication) operations between two bits?
Can any one help me to find these information?
Thank you.
A preliminary report is available in the link below with all the numbers you need, you may also want to follow some derivative works and improvements.
• asked a question related to Applied Cryptography
Question
Integer factorization is very important for defining the security level of public key cryptography. What are the factorization methods available to factor a large integer  greater than 1024 binary bits ?
Is it possible to factor such large integer ?
• asked a question related to Applied Cryptography
Question
We know that LFSR are used in the design of stream ciphers. Block ciphers with modes of operation such as counter are also used in the design of stream ciphers. What other things are available to design stream ciphers ?
SEAL developped in 1993 by IBM (Don Coppersmith) and RC4 (1987 - Ron Rivest)) from RSA Security are very known streamciphers which are not based on LFSRs.
• asked a question related to Applied Cryptography
Question
I am looking for 16x16 MDS (Maximum Distance Separable) and involution matrix. Involution matrix is a special matrix where multiplication with itself results in unitary matrix.
Pls go through Page nos 6,7,8 on below link for details on how to construct 16x16 MDS involution matrix
• asked a question related to Applied Cryptography
Question
I have a new method, so the comparison among methods play a crucial role in improving this method.
What about Pollard's Rho method and its parallelized?  it may be more efficient and fast.
• asked a question related to Applied Cryptography
Question
We need new cryptographic algorithms and information security techniques to rise our life security in the future.
Generally,once a cryptographic approach meets a PQC requirement, I think that will be fine. Or new PQC-Post Quantum Cryptographic approaches are welcomed.
• asked a question related to Applied Cryptography
Question
Hi,
I need a clarification regarding domain of hash functions. I have defined a bilinear pairing based system as follows:
Let G1 and G2 be cyclic multiplicative groups of prime order p generated by g1 and g2 for which there exists an isomorphism phi: G2 -> G1 such that phi(g2) = g1. Let GT be a cyclic multiplicative group with the same order p where e : G1 x G2 -> GT is a bilinear pairing.
Now, I have some computation for hash functions:
1) H1=H(t, r, d) where r = g1^x, t is timestamp say belongs to Zp*, x belongs to Zp*, d belongs to Zp*. Now, domain for H1 would be:
H1: {0, 1}* x G1 -> G1
2) H2=H(t, f), where f=e(g1, g2). The domain of H2 would be:
H2: {0, 1}* x GT ->Zp*
3) H3=H(f). The domain of H3 would be:
H3: G1 x G2 -> GT
4) H4=H(g2^s), where s belongs to Zp*. The domain of H4 would be:
H4: G2 -> G2.
5) Can I use {0, 1}* and Zp* interchangeable?
It would be nice, if some one could help me.
Thanks.
Dear Neetesh,
Try this. This may facilitate your research. all the best
• asked a question related to Applied Cryptography
Question
Many references do define them, but I require the key differences between them and how they can be practiced.
In choosing plain text attack, after receiving the cipher text of a message, you need some of the plain text of the same encrypted message that was received. and then using a technique, depending of the cryptosystem, to match the cipher text with its identical plain text to get the part of key which help to find the hole key or break the algorithm.
in choosing cipher text attack, the cryptanalysis depend only on the cipher text of the received message to recover the key or break the algorithm by using for example statistical tests.
Simple example, to attack a message that encrypted using simple substitution .
The letter frequency of encrypted message is calculated. And depending on the previous information about English letters, letter E is high frequency. So the letter with most frequency with replace with letter E as plain text and so on.
• asked a question related to Applied Cryptography
Question
1)Asymptotically the cost of finite field multiplication is same as field squaring. How to measure their ratio accurately on a machine?
2)Similarly, the asymptotic cost of finite field multiplication is same as field inversion. So how to measure their ratio accurately on a machine?
By Asymptotic I mean the Asymptotic complexity or Theta notation, tight bound, for the rate of growth of the function.
• asked a question related to Applied Cryptography
Question
I performed 2 level 2D DWT on the cover image (gray) and performed 1 level 2D DWT on the secret image. On the lowest LL2 subband of cover I hide the LL1 subband of message using an encryption algorithm but I am having problem performing the inverse DWT operation. After the inverse operation I am not getting the proper image back. I am getting an image lost in noise. So how can I get proper recovered image?
I think you used the floating point arithmetic for your DWT transform. Then in this case, even if you didn't carry out any encryption, the inverse transform will not got the exactly image back. But only guarantees that the information loss is invisible to our eyes (you may check it by calculate the PSNR). When you embed the encryption to part of the transform coefficients, then the encrypted result may suffer other arithmetic problems, for example, the ciphertext is out the range of the original data.
• asked a question related to Applied Cryptography
Question
I am new in Steganalysis side. Can anyone guide me implementation of RS analysis (Fridrich 2001), paper implementation, or have any reference code?
Finally i developed RS steganalysis code by myself with the help of
Thanks
• asked a question related to Applied Cryptography
Question
I am planning to do a Master's project on Forensics (actually anti forensics) and I have chosen steganography as my area of interest.
I would like to focus on how steganography has related to forensics over time and whether it can be used together with cryptography to enhance information hiding and obscuring. I would like to hear from anyone who has done (or is currently doing) research in this area to share information.
(Combining methods are always being asked in conjunction with crypto, typically: encryption, compression, error correction, etc.)
You can combine in many ways, take Gunter's two ways and you can also iterate.
However, the more you combine the more you pay in performance, of course! (and this was noted above). So combination is often not practical.
Also, if your cipher is good why embed the message in a file first and then encrypt it rather then encrypting the message directly? It is a technique but does it make sense (ciphertext entropy will always reveal it is an encryption, and will defeat the basic trait of stego.)?
The main advantage of stego is its subliminal nature (hiding without being noticed), thus "encryption then stego" has some meaning (if your stego is broken [say by file dif] your message is still protected), while encrypting after stego has less use.
• asked a question related to Applied Cryptography
Question
Which one is better among public key cryptography key exchange and Zero-knowledge password proof? Which one is more popular, powerful or useful? Which one is used more in daily life or products which are used quite often? Can you give me some good examples?
How can you compare different functions? For each function there is a protocol, and one should not compare apples to oranges!
ZK password proof is for user authentication (this user knows the password without revealing it) suitable for user auth. to a server.
Key exchange is for the two parties to share a key privately for whatever they want to use it for, and they better authenticate themselves to prevent Man-in-the-Middle attacks.
• asked a question related to Applied Cryptography
Question
steganalysis is sicence that detect secret data that hided in cover medias. so I am searching about softwares abouth this method, specially about steganalysis methods in image cover. Can anyone help me?
Hi,
In the website of Prof. Jessica Fridich you can fin some useful tools:
With best regards,
David
• asked a question related to Applied Cryptography
Question
In claim 3 how prove and what symbols in this claim mean?
Dear Amal,
Salam,
In the attached file, the formulas precisely prove why Pr[ no E3] >=1/2. E3 is an event based on which the adversary A guesses the bit b'. If the attack applied by A is succeeded, its advantage is not negligible, means that
|Pr[b=b']-1/2| >= epsilon.       (1)
Since the guess of b' is made according to the event E3 (described in the previous pages of the attached file), we can use of Total Probability Theorem to write
Pr[b=b'] = Pr[b=b'|E3]Pr[E3] + Pr[b=b'|no E3]Pr[no E3]      (2)
Since the value of the term "Pr[b=b'|no E3]" is between 0 and 1, then
Pr[b=b'|no E3]Pr[no E3] =< Pr[no E3]
Thus, we can write the equation (2) as
Pr[b=b'] =< Pr[b=b'|E3]Pr[E3] + Pr[no E3]      (3)
besides, when the event E3 is occurred, the adversary A have to guess b' completely random which its probability is 1/2. Thus, Pr[b=b'|E3] = 1/2. Now, we can rewrite the equation (3) as
Pr[b=b'] =< 1/2Pr[E3] + Pr[no E3]        (4)
if we replace Pr[E3] by "1-Pr[no E3]", we have
Pr[b=b'] =< 1/2 - 1/2Pr[no E3] + Pr[no E3] = 1/2 + 1/2Pr[no E3]
Eventually, we find
Pr[b=b'] =< 1/2 + 1/2Pr[no E3]     (5)
The above equation can be written as
Pr[b=b']  - 1/2 =< 1/2Pr[no E3]      (6)
On the other hand, we can consider the equation (2) by the second term "Pr[b=b'|no E3]Pr[no E3]". This term is an probability function which is between 0 and 1. Thus we can rewrite the equation (2) as
Pr[b=b'] >= Pr[b=b'|E3]Pr[E3]         (7)
as mentioned above, Pr[b=b'|E3] = 1/2. Thus thus we can rewrite the equation (7) as
Pr[b=b'] >= 1/2Pr[E3]         (8)
if we replace Pr[E3] by "1-Pr[no E3]", we have
Pr[b=b'] >= 1/2 - 1/2Pr[no E3]      (9)
The above equation can be written as
Pr[b=b'] - 1/2 >= -1/2Pr[no E3]       (10)
From the equations (6) and (10) we have
|Pr[b=b'] - 1/2| =< 1/2Pr[no E3]         (11)
By combining the equations (1) and (11) we have
epsilon =< |Pr[b=b'] - 1/2| =< 1/2Pr[no E3]                (12)
As our goal was to find a lower bound for Pr[no E3], we obtain from the equation (12) that
epsilon =< 1/2Pr[no E3]
and then
2epsilon =< Pr[no E3]
that is the end of our proof to find a lower bound for Pr[no E3].
• asked a question related to Applied Cryptography
Question
in H1 list w refer to word and h refer to hash of w and c refer to random coin but what about "a"?
yes i mean this paper but A here not mean Alice public key it choose rondom
• asked a question related to Applied Cryptography
Question
How can I implement Elliptic curve through Fingerprint after finding its minute poits and also ECC parameter ?
I have an array that contains all Minuate points of Fingerprint.With the help of that array I want to generate ECC curve
Kindly help me
I just want to say that the Ruben Arias answer is a good example of a good professor which can do real knowledge to students.
To the question: read the chapter 3 of the book: Hyperelliptic curve  encryption theory
• asked a question related to Applied Cryptography
Question
I am doing a research on prediction analysis of encrypted data. And would like to find out what latest developments (algorithms, tools, methods, practical applications etc.) have been done in this area.
Dear Ighoroje,
You are right, but I am not totally agree. Homomorphic encryption guarantees you that the operations you perform on the ciphetext domanin are equivalent to operations in the plaintext domain. This is very useful when you store your data on non-trusted cloud servers, since you can ask the server to compute your encrypted data without decrypting it. Nevertheless, I am not sure in this case you are, in strict sense, perfoming prediction on encrypted data. In the end, if I am not wrong, you have to use the secret key in order to get the result of the computation you have perfomed in the ciphertext domain.
Regarding privacy, I think that in the current technology state maybe it is better to go for techniques as k-anonymity, l-diversity or statistical disclosure of information (SDC). Of course, in the next future FHE can and should be an option (which is clearly pinpointed in the paper you mention, but even further highlighted in the papers of Raluca Popa: http://web.mit.edu/ralucap/www/mylar.pdf). Recently I have read this very interesting manuscript:
In any case, if you are interested on working with the encrypted data, you could use the set of tools in NIST randomness test package (http://csrc.nist.gov/groups/ST/toolkit/rng/index.html), the Diehard suite (http://www.stat.fsu.edu/pub/diehard/), but also tools for generating markov models from time series (http://vserver1.cscs.lsa.umich.edu/~crshalizi/CSSR/ ) and those for string comparison (http://cran.r-project.org/web/packages/stringdist/stringdist.pdf).
With best regards,
David
• asked a question related to Applied Cryptography
Question
A series of my compounds based on triazoles seem to like to crystallise from hot MeCN but they do in very thin needles forming kind of pompoms.
Anyone have any tips? Tried vapor diffusion, layering and so on with several solvents but the best still seems to be crystallisation from MeCN.
Cheers
I think you will need to change your solvent system from CH3CN, it is hopeful that it is trying to crystallize but it is not giving you decent shape or size crystals. You could try a mixture of solvents, what about BuCN or maybe THF? It looks like if its only going into CH3CN hot then its not too soluble in that so its coming out rather qickly on cooling, you could try and slow down the cooling rate maybe suspend flask in a water bath and slowly reduce the temperature of the bath, sometimes I leave it on a warm hot plate stirrer and switch off the stirrer. The other thing you could try is varying the shape of the flask, NMR tubes are particularly good at affording crystals. There is no simple answer to your question but good luck with it.
• asked a question related to Applied Cryptography
Question
Let S = {n.1, n.2, ..., n.n} = n{1,2,...,n}. A (cycliclly) permutation of S has the property:
each ordered pair of S^2 occurs in the permutation with distance 1 (adjacent) exactly once; and occurs with distance 2 exactly once.
For detail: Suppose the permutation is s_0, s_1, s_2, ..., s_{n^2-1}, then
{(s_{i}, s_{i+1}) : i=0, 1, ..., n^2-2}U{(s_{n^2-1},s_0)}=S^2;
{(s_{i}, s_{i+2}) : i=0, 1, ..., n^2-3}U{(s_{n^2-2},s_0), (s_{n^2-1, s_1})}=S^2.
I think the permutation with the above property does not exist, but I don't know how to prove it.
G(n) is a DiGraph with vertex set S={1,2,…,n} and arc set A=SxS, i.e., for every ordered (x,y) in SxS, there is an arc xy (directed edge from x to y; when x=y the arc is a cycle). Is there a Euler circuit C of G(n) such that for each ordered pair (x,y) there is a directed path from x to y with length 2 in C?
• asked a question related to Applied Cryptography
Question
IBE was first introduced by Adi Shamir on 1984 to provide easier method of public key encryption. Ever since, it has always been an area of research. What are its vulnerabilities? What are the design problems of establishing such a system? Why has it been an open problem for the last 30 years?
IBE is affected by key escrow problem, and based on cryptographic primitives making it less performant than other encryption schemes.
• asked a question related to Applied Cryptography
Question
Homomorphic encryption based on standard LWE.
i suggest you to read "multiparty computation with low communication, computation, and interaction via threshold FHE" and "on-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption". It concludes re-linearization, dimension modulus reduction and bootstrapping techniques used in LWE.
• asked a question related to Applied Cryptography
Question
I think we prefer Public-key Cryptography, because of its computationally hardness, over Private-key Cryptography. Is this the only reason or?
First, asymmetric cryptography takes two forms: authentication and confidentiality
For message confidentiality, the message is encrypted with the receiver's public key and only the authentic receiver who has the corresponding private key can successfully decrypt it.
For message authentication, it is the other way around, encryption is done with the sender's private key and any receiver who holds the corresponding public key can decrypt the message. A successful decryption indicates that this message is from the claimed sender.
The choice over public or private key cryptography would depend highly on the exact place of non-interactive application you have in mind and how would (or did) you implement it.
For example, suppose you would like to control the access of you application that only you would like to use. You may prefer a symmetric cryptography (private key) to achieve this (although a conventional method is to use a digest function like MD5).
But, if you would like to selectively lock a specific functionality of an application that you would like to distribute (to customers), you may want to create a configuration file and encrypt it. If this is done with a symmetric key, then one way or another, the application must include the symmetric key along with it to decrypt the config. file for use - a simple reverse engineering attempt can locate the key within the application.
The solution thus lies in public key cryptography. You can encrypt your config. file in your own system with your private key, then store the public key along with the application to decrypt it for its use. You can encode the config. file to include the MAC address of the system or the disk ID for an integrity check for the machine it is entitled to operate in. This is what I did for my ERP application, it works just fine.
• asked a question related to Applied Cryptography
Question
I'd like to research on the available cryptanalysis tools for algorithms such as AES, DES, RSA, RC4, Blowfish and the like.
As far as I know, there's no universal automatic cryptanalysis tool to tell you "how secure this algorithm is". Especially, you have mentioned several types of cipher: AES/DES (Block), RSA(Public Key) and RC4(stream). Blowfish is also a block cipher, but due to the key-dependent S-boxes, many attacks on block cipher may not work on Blowfish.
There's one thing that's universal---brute force attack. You don't need tools for this; just take a look at the key length, and make sure brute force search is infeasible.
You might be interested in this site, which provide several cryptanalysis in a platform. However, this is mainly for e-learning purpose; it doesn't contain much cutting edge technology.
• asked a question related to Applied Cryptography
Question
"Intelligence agencies hire lots of mathematicians, but would-be employees must realise that their work is misused to snoop on everyone, says Tom Leinster"
New Scientist has published an article recently, where Tom Leinster asks mathematicians to stay away from supporting NSA, CIA, GCHQ, (former) KGB and all the other organizations that spy on us. I even don't know the name of their Chinese colleagues' organization.
What are your thoughts on this?
I agree with Professor Drossos that the work of mathematicians on whole-population surveillance is dangerous. Not only does such widespread surveillance destroy the possibility of privacy and private communications, it also tends calls into question the amount oversight required to prevent misuse of garnered information by government agencies.
• asked a question related to Applied Cryptography
Question
Currently I am working on my project work related to Cobalt Oxides systems (CoO and Co3O4). I required surface energies values for different planes (111,110,100) for my project work.
CoO presents an absorption band at 550cm-1 strongly overlapped with Co3O4 signals as indicated by FTIR measurement.
• asked a question related to Applied Cryptography
Question
Everyone seems to quote 'market cap' (price*total volume) but this seems to be of pretty limited value, particularly if you want to have a measure of the relative utility or use of a cryptocurrency. Can anyone suggest some alternative metrics? It seems that there's an entire field here yet to be developed.
At this stage in the (very limited) maturity of cryptocurrencies, I usually look at exchange volume. Obviously, a CC isn't much use unless it's liquid. One thing that makes me uncomfortable about this approach is that I don't really understand why people are buying the CC they are (in the sense that every femto-satoshi exchanged has both a seller and a buyer.) Market Cap doesn't have much functional meaning, and is distorted by pre-mined CC.
The trade-volume approach leads one to think Bitcoin and probably Litecoin (about 1/4 of Btc volume) are viable, but Dogecoin is way down (usually around 1/10 of Ltc) , and past that it's all noise.
Until the regulatory environment is figured out, all CC are going to be volatile.
Since blockchains are public, there are some interesting *data* mining opportunities, though it doesn't seem like there's been much sustained or academic interest in this so far.
• asked a question related to Applied Cryptography
Question
Suppose we are considering only confidentiality and for now just ignoring the active attacks. So we encrypt the email with the secret key generated by online trusted third party and then send both the ticket and encrypted email to the receiver. By ignoring the problems and drawbacks of the online trusted third party. So what are the problems with this mechanism? Also for each email/session we are using a new key.
Who is the threat in your question? If I am reading it correctly you are excluding the trusted third party as a threat, and you are excluding any active attackers. The rough answer to your question is that if there are no threats you could send the email in clear text and be just fine. Encryption is only necessary if you are protecting yourself from something.
Alternatively, you may be viewing passive network monitors as threats. For example, systems that are scanning email for keywords at the boarder of an organization. However, most passive monitors can be easily handled by even XORing the bits, a complex security protocol is only needed in the presence of an active attack on the email in question.
Finally, if you are assuming that there are no active attackers, and you actually have a trusted third party, you would be much better served by using stenography than public/private key encryption. Passive monitors are likely looking for odd things to flag for further scrutiny, a hidden email is more likely to pass unnoticed than an encrypted one.
• asked a question related to Applied Cryptography
Question
The correlation attack is one of the most important attacks that attacks stream cipher. Can someone share an illustrative example of a simple application process for this attack.
Regards,
Llanos
• asked a question related to Applied Cryptography
Question
Any working example of a projection map to any two groups (two cyclic groups)?
A systematic transformation of the latitudes and longitudes of locations on the surface of a sphere or an ellipsoid into locations on a plane
• asked a question related to Applied Cryptography
Question
We have a theorem that if the the connection polynomial of LFSR is primitive, then the period of the output keystream will be maximal i.e 2^n - 1.
if an irreducible n-degree polynomial f(x) is not primitive, then f(x) divides x ^ k - 1 for some positive k less than 2 ^ n - 1 (over GF[2]; analogous results hold for other finite fields), so its roots do not generate the full multiplicative group of GF[2 ^ n], and the period of the LFSR is the smallest such k
we still have k divides 2 ^ n - 1, so the periodic sequences generated by f(x) partition the space into disjoint cycles
and there are cases in which all irreducible f(x) are primitive (3, 7, 31, other mersenne primes), but that is a rare situation
there are lots of other algebraic things to consider for other prime bases
• asked a question related to Applied Cryptography
Question
In stream cipher encryption
you may use a complex Permutation Generator,
• asked a question related to Applied Cryptography
Question
Why are 2^48 false alarms expected in double Des (Man in Middle attack)?
First thing to realize: a double-DES algorithm wiht two different keys has a keyspace of 2^112 bits. A brute force approach takes effort O(2^112) which is currently not feasible.
Second: the Meet-in-the-Middle attack allows you to decrease this effort to about O(2^57), which IS feasible.
How does it work?
Suppose you have two pairs of plaintext and cyphertext, namely, (P1, C1) and (P2, C2).
You want to find keys K1, K2 such that:
Enc(K2, Enc(K1,Pi)) = Ci, i = 1,2. In schematic form, this is
P -----> X, by function Enc(K1,.)
X -----> C, by function Enc(K2,.)
But you also know that
Dec(K2, Ci) = Enc(K1, Pi)
P -----> X, by function Enc(K1,.)
X <----- C, by function Dec(K2,.)
So you can proceed by making an array of 2^56 positions with all possible encryptions P1 under the 2^56 possible values for K1.
To select which of these may be possible keys, you now decrypt C1 under all possible 2^56 and stored the corresponding values. Now, you have two ways to reach your middle point X. And since you must arrive at the same value by both directions, you now filter the lists you have to keep only those elements that appear on both.
Now, it is possible that there are several pairs of keys that handle (P1,C1). So you still likely can not make a decision on which one is the right key.
But if you join another pair (P2,C2), the number of key pairs that actually encrypt (P2,C2) as well as (P1,C1) should be much reduced. I'm not sure two plaintext/ciphertext pairs are enough to identify exactly one key, but surely every new pair will decrease the number of possible key pairs dramatically.
• asked a question related to Applied Cryptography
Question
I have been mainly using Shoup's NTL library, openssl, and Stanford's PBC library for most of my implementation of research work. All three of them are quite easy to use and stable. I would like to know what other libraries you use and your experience with them.
I had good experiences with FlexiProvider (www.flexiprovider.de) - it is suitable for JCA (Java Cryptography Architecture). Once I found a bug in an implemented algorithm, they reacted very fast!
• asked a question related to Applied Cryptography
Question
It is very difficult to know the exact origins of mathematics. I would like to know about new number systems which are under research. New number systems can be used for cryptography.
I don't understand what you mean by "dimension zero" of a number system.
If you are looking for a "new number system" you may want to see the paper Z₂-graded Number Theory" (By Regev, Henke and myself)
where we investigate the arithmetic/algebraic properties of a number system that extends the integers (that I prefer to call the "superintegers"). I don't know if it can be any use in cryptography. The main motivation to study their arithmetic properties is that they are convenient as index sets for grading superalgebras, and for indexing characters of the symmetric group, as their arithmetic operations are related to "hook numbers" of young diagrams related to characters, so they do encode some not entirely trivial combinatorics in their arithmetics.
• asked a question related to Applied Cryptography
Question
As above.
Are you asking for references for prototype or you need real time scenarios to know where it is used.
• asked a question related to Applied Cryptography
Question
In this question G is an cyclic additive group, Zn* is the set of integers from 1 to (n-1) and {0, 1} is the message passed to hash function in elliptic-curve cryptography.
This hash function have call value as: H1(message,(x1,y1),(x2,y2))---> Zn*
where Zn*={1,2,3,4,.........,n-1} and n is a prime number. What are the methods to perform this operation?
I have used cantor to map to a single integer and in the message part I have converted to their ascii value and mapped into co-ordinates through koblitz and perform additive cycling. Does I'm going in right direction or not???
• asked a question related to Applied Cryptography
Question
I want to encrypt the image of thumb which will be taken from the thumb scanner and store in database.
Can anyone suggest a better cryptographic code in matlab for performing this process?
yes hash is not the ideal choice for longer run. My previous suggestion is not against Kerckhoff's principle. Instead of using available encryption, it is suggested to write own code to understand the concepts.
• asked a question related to Applied Cryptography
Question