Questions tagged [group-theory]
Groups are an abstract algebraic concept based on a set and a group law (a binary function which closes the set).
351
questions
1
vote
2
answers
193
views
Why using q = (p - 1)/2 for discrete log Diffie-Hellman scalar operations and not p?
As defined in RFC 3526 the prime $p$ and generator $g$ are known. The prime $p$ defined there is a safe prime, which can also be expressed as $p=2q+1$ with $q$ prime. The amount of elements in this ...
- 121
2
votes
1
answer
121
views
Is it possible to use abstract groups to generalize DSA, ECDSA and EdDSA signature creation and verification?
It is known, that
DSA algorithm is defined as:
Bob
Creates private $x$ and public $Y=G^x\bmod p$ keys, where $G$ - generator, $p$ - group prime order
Selects random value $k$ from $1
\le k\le q-1$
$...
- 77
0
votes
1
answer
97
views
Using Sagemath, how to exactly find out what the order of a point of an elliptic curve in the twisted Edwards form is?
Simple question and I’m fully aware of the other question, but I need the answer for curves in the twisted Edwards form and I suppose converting the curve and the point to the Weierstrass form would ...
- 178
3
votes
2
answers
514
views
Is ElGamal homomorphic encryption using additive groups works only for Discrete Log ElGamal? What about EC ElGamal?
It is known that in Discrete Log ElGamal encryption, the ciphertext $E$ is encrypted as:
$a\ =\ g^k$, where $k$ - random scalar from $[0,\ p)$, $g$ - group generator
$b\ =\ (Y^k*m)\mod\ p$, where $Y$ -...
- 77
2
votes
1
answer
164
views
Is it possible to abstract an ElGamal encryption for EC and Discrete Log by using a Group Law?
ElGamal encryption for Discrete Log is defined as:
Bob side does:
$Y\ =\ (g^x)\ mod\ P$, where $g$ - generator, $x$ - random value among the group elements and $P$ - prime number, typically ultra ...
- 77
1
vote
0
answers
62
views
Is the following Inverse Computational co-Diffie-Hellman problem hard?
Let $\langle g \rangle \stackrel{\Delta}{=} \mathbb{G}$ and $\langle h \rangle \stackrel{\Delta}{=} \mathbb{H}$ be groups of prime order $p$. Given $( p, g, g^\delta, g^{\delta^{-1}}, h, h^\delta )$, ...
1
vote
1
answer
152
views
What’s the fastest known Koblitz curve addition law for FPGA that maximizes the per-LUT throughput?
The addition or multiplication laws used by large mainstream libraries achieve faster speed by using many many more operations in order to avoid larger numbers. And my problem is here: faster speeds ...
- 178
2
votes
1
answer
87
views
Small subgroup attack when using a Schnorr group for DHKE
One uses a Schnorr group both for Schnorr signature (or DSA), and for Diffie-Hellman Key Exchange. They target 128-bit security, and choose prime $q$ that's 256-bit, prime $p=q\,r+1$ that's 3072-bit, ...
- 143k
3
votes
1
answer
727
views
Is AES a group?
The question I'm wondering is whether the AES cipher is a closed cipher (which is equivalent to AES being a group). And this question interests me due to the lack of understanding of whether it is ...
- 53
2
votes
2
answers
98
views
One group element hybrid encryption for El Gamal
I am really curious about this one problem 10.12 from Katz/Lindell's book. It goes as follows:
I am quite sure we can assume that $\textsf{Enc}_k(m) \in \mathbb{G}$, as the authors devoted the whole ...
1
vote
0
answers
46
views
Grow-only set homomorphic hash function from semigroup?
I have been exploring Bellare and Micciancio's "randomize-then-combine" paradigm for deriving set homomorphic hashing functions. I am particularly interested in grow-only sets, such that ...
- 131
2
votes
1
answer
141
views
Proof of Lagrange's Theorem?
In the book Cryptography Engineering, Design Principles and Practical Applications, by Niels Ferguson, Bruce Schneier and Tadayoshi Kohno, in a section discussing multiplicative groups, the authors ...
1
vote
1
answer
117
views
Mapping two different elliptic curve on same finite field
There exist two such question but I have noticed my question is fundamentally different as it asks for mapping between two different curves, rather two different prime field like this.
Given a finite ...
- 664
0
votes
0
answers
33
views
Safe use of bilinear pairing, using one way function in the exponent
Given a generator $g$ of a cyclic group, I am trying to look for a case where I use pairing over an element that has an exponent which is a one-way function, e.g., $g^{x^2\mod n}$ (here $x$ in the ...
- 99
2
votes
1
answer
274
views
Is there an algebra group (or ring) in which computing the inverse element is hard without some trapdoor information?
Specifically, I want an algebra group $G$ (or ring $R$) features:
Given elements $g,h\in G$ (or $R$ ), computing $g\cdot h \in G$ (or $R$ ) is easy.
Given an element $g \in G$ (or $R$ ), finding the ...
- 392