Questions tagged [public-key]
An asymmetric cipher is an encryption scheme using a pair of keys, one to encrypt and a second to decrypt a message. This way the encrypting key need not be kept secret to ensure a private communication. Similarly in public key authentication, the verification key can be public and the signing key private.
2,389 questions
-1
votes
0
answers
21
views
Developing data mining system with vb using VS 2012 [closed]
How to Go about it From start to finish in a Day
1
vote
1
answer
132
views
How to complete security definition
I am a beginner and I am constructing a security model for the public key scheme I built. I have only come into contact with classic models such as IND-CPA or IND-CCA.
My scheme cannot reach IND, so ...
- 151
1
vote
1
answer
67
views
Is it secure to store only the aggregated BLS public key in a smart contract for signature verification?
I have a question regarding BLS signatures and aggregate signature verification in smart contracts.
Let’s say I have 3 honest signers, each with their own private key. They all sign the same message, ...
- 13
2
votes
2
answers
73
views
Can signer identity be recovered from a signature in ML-DSA (FIPS 204)? If not, is there any PQC signature scheme that supports this?
I have been reviewing the FIPS 204 draft specification for the ML-DSA (Module-Lattice-based Digital Signature Algorithm), which is part of NIST’s Post-Quantum Cryptography (PQC) standardization effort....
- 21
2
votes
0
answers
33
views
Can ElGamal public key be reused for Pedersen commitment's key?
I encrypt data using ElGamal public key $y=g^x$, so nobody knows $x$, being a private key. Also during my service lifetime I perform many Pedersen commitment operations. It is known that Pedersen ...
- 33
4
votes
2
answers
130
views
Does PreHash-ML-DSA really allow for more collision attacks than Pure-ML-DSA, when used for PKIX/X.509 certificates?
I recently had a look at the latest Lamps drafts for Dilithium signatures in Pkix and Cms, and I was a bit surprised that the WG had moved towards not permitting PreHash-ML-DSA keys in certificates, ...
- 10.5k
0
votes
2
answers
67
views
Is there any sense to execute the Diffie-Hellman key exchange protocol many times (with a short delay) between the same parties $A$ and $B$?
Is there any sense to execute the Diffie-Hellman key exchange protocol many times (with a short delay) between the same parties $A$ and $B$? What if I know how to generate simultaneously many ...
- 485
5
votes
1
answer
189
views
"Key encapsulation mechanism"?
I noticed that NIST's page for their Post-Quantum Cryptography Standardization competition speaks of "key encapsulation mechanisms" and doesn't mention "public key encryption" much ...
- 3,905
4
votes
0
answers
73
views
Why does sequential encryption for PKEs break IND-CCA but not IND-CPA
In my lecture script there is the following task:
Sequential encryption of multiple messages extends the message set of a PKE from $M$ to $M^*$ (and cipher set to $C^*$).
Proof that this construction ...
- 41
2
votes
2
answers
325
views
RSA PKCS 1.5 Implicit rejection
I'm struggling to understand the concept of implicit rejection in RSA over PKCS #1 v1.5. After reading the draft-irtf-cfrg-rsa-guidance, specifically Appendix B (Test Vectors), I see multiple test ...
- 101
2
votes
1
answer
61
views
What is the difference between a selective model and a full (adaptive) model in Functional Encryption?
What is the difference between simulation-based proofs?
What is special about the simulation by declaring the challenge
information in advance during simulation?
Selective Security: The attacker needs ...
- 151
0
votes
0
answers
22
views
Why should challenge information be embedded in public parameters during security protocol?
When I read this paper Functional Encryption for Regular
Languages,I don't quite understand
this sentence in the proof.
How to embed instances of difficult problems into simulations? I find
that I don’...
- 151
1
vote
0
answers
47
views
Why dual-system encryption can achieve full security (adaptive security)?
Does selective security mean declaring challenge information in advance during simulation?
- 151
0
votes
1
answer
63
views
Nonce (r) Reuse and Private Key Security: A Risk for P2PKH Addresses?
I have a question regarding nonce (r) reuse in ECDSA signatures and the potential risk of private key leakage. Specifically, I'm looking into transactions using P2PKH addresses and whether reusing the ...
0
votes
0
answers
29
views
What are Selective Security Model and Fully Secure Model? What are their similarities and differences?
My understanding of these concepts is very vague, so I read the paper and understand the process of the solution, but I don’t understand the paper thoroughly enough.
What are Selective Security Model ...
- 151