Newest Questions
31,737 questions
0
votes
0
answers
3
views
Performing Point Addition on secp256k1 using only the x-coordinate of a point
I am trying to understand how Point Addition works on the secp256k1 elliptic curve.
Let’s say I have the following points, where $G$ is the base point on the curve:
$P = 2 \cdot G$
$Q = 3 \cdot G$
...
- 11
0
votes
0
answers
5
views
Add/remove dealers
Initial set up for a t out of n threshold signature scheme:
1..N dealers that hold a secret each (s_1, s_2 .. s_n)
Each dealer ...
- 111
0
votes
0
answers
10
views
Is traditional cryptography still being developed?
I have read that the Royal Navy is now teaching Morse code and semiphore again; the German security services are using typewirters again becuase they can't be hacked. Does this mean there will be a ...
- 21
1
vote
0
answers
19
views
What are the design-level constraints in TLS 1.3 for post-quantum adoption?
To be more specific: How do the structural design choices in TLS 1.3 (such as message flow, handshake compression, and record layer framing) interfere with or limit the integration of large post-...
- 18.1k
1
vote
0
answers
15
views
Performing scalar multiplication on secp256k1 using only the x-coordinate of a point [duplicate]
I am trying to understand how scalar multiplication works on the secp256k1 elliptic curve.
Let’s say I have the following points, where $G$ is the base point on the curve:
$P = 8 \cdot G$
$Q = 16 \...
- 11
1
vote
1
answer
22
views
Is it possible to perform a usefull weil descent against an elliptic curve defined over $F_q^2$?
Normally a curve using large characteristics is already secure by being prime, but in my case, I saw a system relying of the hardness of the discrete logarithm of an elliptic curve defined over a ...
- 321
0
votes
0
answers
18
views
Difference between non-collusion and single-party corruption assumptions
In the context of secure multi-party computation (MPC), I often see different assumptions about the adversary.
What is the difference between the non-colluding assumption and the assumption that the ...
- 73
1
vote
1
answer
173
views
"Key agreement" versus "key exchange" versus "key establishment"
I haven't seen anyone ask how these things differ, so I'm just posting this question now. Are there any differences between the three things in the title? If so, how do they differ? What algorithms ...
- 3,935
2
votes
1
answer
63
views
A Question on Weil, Tate and other Pairings of Elliptic Curves
My knowledge of elliptic curves is not very thorough, I have to say. I am aware of Tate parings, for example, however I am not sure how restrictive they are. Can they be practically computed for any ...
- 87
0
votes
0
answers
29
views
How to blind a Pedersen signature?
I am trying to transform a group signature into a blind signature. However, the RSA unblinding processes did not allow me to get an appropriate signature.
Can somebody show me how to blind and ...
0
votes
1
answer
35
views
Biometrics + password scheme
First of all I am illiterate on this field, please do not assume too much knowledge.
I am aware that fuzzy extractors can be used to encrypt securely without having hardware assumptions (by hardware ...
- 51
1
vote
1
answer
67
views
Lwe with large error range
When dealing with LWE $(A,As+e \pmod q)$ there are plenty of attacks, which use the fact that the error terms are small enough, therefore some SVP-like techniques could be applied. Imagine we have ...
- 153
4
votes
1
answer
73
views
Confused about converting Ed25519 public key to X25519 public key
I'm writing an application where the users communicating know each others' ED25519 public keys, but are using ECDH to do the encryption handshake, and therefore are receiving an X25519 public key as ...
- 81
4
votes
2
answers
148
views
Can wave-phase recurrence reveal structure in RNGs that pass all entropy tests?
I've been developing a diagnostic framework called NAVSYS that analyzes RNG behavior by tracking the timing and phase of number recurrence—not just frequency or independence.
Core Idea:
NAVSYS maps ...
9
votes
2
answers
3k
views
Why do encryption algorithms not consider the length of the message to be encrypted as sensitive information?
When you encrypt a specific message e.g. via sodium_crypto_secretbox, if you do it twice with:
the same (symmetric) encryption key
any random nonce, different per encryption, but of same length
once ...
- 205