Questions tagged [cryptography]
Questions on the mathematics behind cryptography, cryptanalysis, encryption and decryption, and the making and breaking of codes and ciphers.
1,920
questions
1
vote
0
answers
44
views
Conway Polynomial for p=2, n=3?
Im doing an exercise on Conway polynomials. As far as im concerned, for p=2, n=3 both
$f(x)=x^3 + x^2 + 1$
and
$g(x)=x^3 + x + 1$
satisfy every condition. According to every source i found, the latter ...
0
votes
0
answers
30
views
How can I be certain of the existence of elliptic curves of certain order when the parameter a is fixed?
My question came up while researching an attack on Elliptic Curve Cryptography (described in Computer Security - ESORICS 2015.
I'm given an elliptic curve $E$ defined by $y^2=x^3+ax+b$ over the finite ...
0
votes
1
answer
37
views
Determine Whether a Pseudorandom Generator Is Secure
Let $G: \{0, 1\}^s \to \{ 0, 1\}^n$ be a secure pseudorandom number generator (with $s$ seed bits and $n$ output bits).
I have attached a problem below that I am confused about; Which generator $G'$ ...
0
votes
0
answers
32
views
Problems about Probability Analysis of the Success Rate
I am currently reading a paper on linear cryptanalysis and I am a bit confused by the probability analysis of its success rate. I wonder if I can seek advice here?
Let $N$ be the number of given ...
1
vote
1
answer
99
views
distribution of square roots of unity $mod n$ | Factoring with inverse pair
I am writing a proof related to the RSA cryptosystem, specifically showing that given an inverse pair $d, c$ under multiplication mod $\phi(N)$, where
$$ dc \equiv 1 \pmod{\phi(N)}, $$
there exists a ...
1
vote
0
answers
28
views
Proof of Golomb's three randomness postulates for binary sequences [closed]
I want to prove that the binary sequence generated by a max-length linear feedback shift register (LFSR) satisfies Golomb's balance, run and autocorrelation postulates:
The numbers of zeros and ones ...
0
votes
0
answers
16
views
$\epsilon$-secure encryption system
Suppose the message space of a symmetric key encryption system is infinite (countable) with a probability distribution on it such that { $m \in M: Pr(m) \neq 0$ } is infinite. For a real number $\...
0
votes
1
answer
42
views
Confusion on the procedure of public-key and private-key cryptography
Procedure: $1):$ choose two distinct primes $p$ and $q$.
$2):$ calculate $n=pq.$
$3):$ compute $\phi(n)=T$.
$4):$ get $E$ from $gcd(E,T)=1.$
$5):$ get $D$ from $ED \equiv 1 \pmod{T}$
To encrypt the ...
4
votes
0
answers
127
views
Shortest vector problem as hidden subgroup problem
I posted this question on the cryptography stack exchange with a bounty, but I haven’t gotten much attention. I think part of the reason might be that I’m really interested in the use of group theory ...
1
vote
0
answers
20
views
Root finding of multivariate polynomials over the integers
TL;DR: is there any library for multivariate polynomial root finding over the integers?
I'm trying to implement an attack on RSA with known bits of p by using Coppersmith, such as shown in this paper. ...
-1
votes
2
answers
71
views
How do I solve a discrete log using pen paper for exam without bruteforcing it? [closed]
I have my Network Security finals. In elgamal cryptosystem, I am often encountering these equations like this
3 = (10^XA) mod 19
now everywhere I am finding only ...
0
votes
0
answers
15
views
Analyze the probability distribution of a specific sequence $S(x)$ with compensation mechanism
I'm developing a theoretical model for a sequence $S(x)$ equally spaced in the time dimension where each element is randomly preselected from set $\{1,2,...,L\}$, but the real selection(when it's turn)...
2
votes
1
answer
70
views
Embedding degree of an elliptic curve
I've been reading about the embedding degree of elliptic curves in Costello's "Pairings for Beginners". The following equivalent conditions are given for the embedding degree (p51):
where $...
2
votes
1
answer
144
views
Can we do any better bijective mapping of a permutation series which is only bijective for a probabilistic subset of its input domain?
So we want to bijectively map one path to another. But depending on start and target node we can only choose from a subset of all transitions. It would look like this:
We also do not know where one ...
1
vote
1
answer
80
views
RSA finding D key
Given the RSA public key find the decryption key d and decrypt the ciphertext c=5.
Known information:
n=221, p=17, q=13, e=11
$\phi(n) = (p-1)(q-1) = 16\times 12=192$
Equation for finding d:
$$ed\...