Cryptography Telegram’s New Passport Service is not End-to-End at all

---

• Telegram’s New Passport Service is not End-to-End at all
• CER’S INVESTIGATION ON FAKE VOLUMES #2: THE BIGONE “SUCCESS” CASE • r/hacken
• Is this signature scheme secure?
• Loop creating False point Python
• Authenticating unauthenticated ECDH question
• [Linux] zinc: Introduce minimal cryptography library
• Modelling Blockchain via Message Board
• Did is some way to check when website becomed fully safe (i mean encrypted without any mixed content etc.)for first time?

Telegram’s New Passport Service is not End-to-End at all Posted: 02 Aug 2018 07:01 AM PDT submitted by /u/Qtilla [link] [comments]

CER’S INVESTIGATION ON FAKE VOLUMES #2: THE BIGONE “SUCCESS” CASE • r/hacken Posted: 03 Aug 2018 02:02 AM PDT submitted by /u/Seemlysptrk75 [link] [comments]

Is this signature scheme secure? Posted: 02 Aug 2018 12:58 PM PDT I am trying to implement a signature scheme using bilinear groups and am wondering if it is secure. I have described the standard scheme and my scheme below. Any help would be greatly appreciated! We have groups G1 and G2 (and GT) of order Q. Element g1 generates group G1 and element g2 generates group G2. We have a function e such that for all a, b < Q, e(g1^a , g2^b) = e(g1, g2)^ab (which is in GT). Given g1^x, we cannot compute x. The standard scheme requires a hash function to G1. However, this is difficult to implement so I am hoping to avoid it. The standard scheme is as follows: Hash the message to group G1 H(m) = g1^x (x is unknown) Sign a message by computing H(m)^s = g1^x^s = g1^xs where s is the secret key Verify a signature as follows: e(H(m)^s, g2) ?= e(H(m), g2^s) where g2^s is the public key Here is my scheme: Assume there are two public constants K = g1^k J = g1^j note that k and j are secret Hash the message and split it in two: hash(m) = h1 || h2 Then H(m) = K^h1 * J^h2 Signing and verifying then work as they do in the standard scheme: H(m)^s = K^h1^s * J^h2^s = g1^(h1ks) * g1^(h2js) = g1^(h1ks + h2js) e(H(m)^s , g2) ?= e(H(m), g2^s) where g2^s is the public key I am wondering if this is secure, e.g. is there any way to find s or k or j or any way to forge signatures otherwise. Note that you cannot provide the hash and obtain a signature on the hash -- you can only provide the message. If you could obtain a signature on any hash of your choosing, an attack would be to set h1 = 1 and h2 = 0, then obtain the signature H(m)^s = K^s, and obtain another signature H(m)^s = J^s by setting h1 = 0 and h2 = 1. Then, you could forge any signature you want: H(m)^s = K^h1^s * J^h2^s = K^s^h1 * J^s^h2, which you can compute if you have K^s and J^s. EDIT: This is insecure (see comments). Would appreciate if anyone knows a signature scheme that would work without requiring a hash function to G1. submitted by /u/TheBonoboMonkey [link] [comments]

Loop creating False point Python Posted: 02 Aug 2018 04:25 PM PDT Hey there folks, I'm having a bit of trouble writing a python script trying to imitate the math behind bitcoin. (I used this paper as my reference https://www.coindesk.com/chinas-government-censorship-agency-is-hiring-a-crypto-expert/) But when I get to the point where I try to split up my k*G in order to determine the order in which to perform point doubling and point addition my loop is outputting the wrong coordinate pairs after the third iteration (42,21 instead of 21,42). The loop is in lines like 80-105. It should break up the scalar k based on the next lowest value that log base 2 will fit into it. Haha that was hard to say! But basically for 13G, log base 2 of 13 is 3, so you'd do point doubling, save those values, then 2^3=8, 13-8=5, so were left with 5G, log base 2 of 5 is 2, perform 2 more point doubling and be left with a remainder of 1. Thus the last point you just doubled would then use point addition with the base point and the result from that would be added to the first point. (I think you have to add the last point to the base point before adding the points together) The problem is it doesn't work past the third iteration and I'm not sure why. Also this has to work for anything not just 13 :( 13G =8G+5G =3(2G)+(2(2G)+G) =(G)+(G+G) =G+(G) =G Please help!! Thank you :) import random import sys import math def test_prime(n): if n == 1: return False elif n == 2: return True else: for x in range(2, n): if (n % x == 0): return False return True def point_doubling(mod, a, px, py): check = ((3 * px ** 2) + a) / (2 * py) # print(check) if not float(check).is_integer(): #checking to see if NOT an integer ie a fraction and you need to find the mod inverse den_inv = pow((2 * py), mod - 2, mod) c = (((3 * px ** 2) + a) * den_inv) % mod # print(c) else: c = ((3 * px ** 2) + a) % mod new_rx = (c ** 2 - (2 * px)) % mod new_ry = (c * (px - new_rx) - py) % mod return {new_rx, new_ry} def point_addition(mod, a, px, py, qx, qy): check = (qy - py) / (qx - px) if not float(check).is_integer(): den_inv = pow((qx - px), mod - 2, mod) c = ((qy - py) * den_inv) % mod else: c = check % mod new_rx = (c ** 2 - px - qx) % mod new_ry = (c * (px - new_rx) - py) % mod return {new_rx, new_ry} def calculate_signature_pair(z, mod, n, d, a, px, py): #k = random.randint(1, n - 1) print("k = ", k) #print check to see if this is odd or even, to see if this even go through if statement or odd go through else if not test_prime(d): # testing to make sure that the private key is prime print("Please make sure all your numbers are entered correctly. (Some should be prime!)") sys.exit() elif not test_prime(mod): # testing to make sure that the module is prime print("Please make sure all your numbers are entered correctly. (Some should be prime!)") sys.exit() else: # using log base 2 to determine how to split up stuff rem = [] #remainder to log low_b = [] #lower bound of 2 exponent rem_val = k #keep track of the remainder of what else needs to be dealt with while True: lower_bound = math.floor(math.log(rem_val,2)) rem_val = rem_val - pow(2, lower_bound) low_b.append(lower_bound) rem.append(rem_val) if rem_val == 1: break elif rem_val == 0: break print("rem, {}".format(rem)) print("low_b, {}".format(low_b)) i = len(low_b) #how many times I need to run point doubling #print(i) rem_valx = rem[-1] #print(rem_valx) rx = px ry = py rx_i = [] ry_i = [] #print(low_b) #stopping_point = low_b for j in range(0, i): for m in range(0, low_b[j]): rx, ry = point_doubling(mod, a, rx, ry) print("rx is {}, ry is {}".format(rx, ry)) rx_i.append(rx) ry_i.append(ry) sum_x = rx_i[i - 1] sum_y = ry_i[i - 1] if rem_valx == 1: sum_x, sum_y = point_addition(mod, a, px, py, sum_x, sum_y) if i > 1: for f in range(0, i-2): sum_x, sum_y = point_addition(mod, a, rx_i[f], ry_i[f], sum_x, sum_y) #print(sum_y) #print(sum_x) r = sum_x % n print("the value of r is: {}".format(r)) if r == 0: print("r=0 Please start again!") sys.exit() else: s_check = ((z + r * d) / k) if not float(s_check).is_integer(): k_inv = pow(k, mod - 2, mod) s = ((z + r * d) * k_inv) % n s = int(s) if s == 0: print("s=0 Please start again!") sys.exit() else: print("The signature pair is ({},{})".format(r, s)) else: s = ((z + r * d) / k) % n s = int(s) if s == 0: print("s=0 Please start again!") sys.exit() else: print("The signature pair is ({},{})".format(r, s)) return {r, s} def main(): # print("Crypto Program") z = 17 # int(input("Please enter the data value: ")) # Data number #17 mod = 67 # int(input("Please enter the module divisor you would like to use: ")) # order #67 n = 79 # int(input("Please enter the order: ")) # order #79 d = 2 # int(input("Please enter the private Key: ")) # private key #2 a = 0 # int(input("Please enter the value for a: ")) # intercept ellipse equation #0 px = 2 # int(input("Please enter the x coordinate of the base point: ")) # base point x point #2 py = 22 # int(input("Please enter the y coordinate of the base point: ")) # base point y point #22 calculate_signature_pair(z, mod, n, d, a, px, py) if __name__ == "__main__": main() submitted by /u/beach_me_out [link] [comments]

Authenticating unauthenticated ECDH question Posted: 02 Aug 2018 11:44 AM PDT Let's say I have two devices communicating over an insecure network but I have an out of band channel (the devices are next to each other and they have the same user) and I wish to come up with a shared key that they can communicate with, does the following hold? (All using the ECDH methods of the web cryptography API) Each device generates a key pair and sends the public key to the other device. Each device uses its private key and the received public key to derive a shared key. This shared key (or something derived from it) is then displayed to the user, who verifies that it is the same on both devices. If they are both the same, then I am saying that they each correctly received the other's public key, that there can be no MITM and that the shared key can only be known to the two devices in question. I am trying to avoid having to manually enter the other's public key into one of the devices, if possible. If this isn't a good way to go about this, then what would you suggest? submitted by /u/mcal275 [link] [comments]

[Linux] zinc: Introduce minimal cryptography library Posted: 02 Aug 2018 04:33 AM PDT submitted by /u/anonyymi [link] [comments]

Modelling Blockchain via Message Board Posted: 02 Aug 2018 11:01 AM PDT Hi All, I'm teaching a cryptography class next semester and I'd like to implement a class cryptocurrency via a Proof of Work blockchain but I'd like to do it in a "manual" way, where things are done by "hand" (minimal programming knowledge needed). I am looking for some feedback as to what may/may not work. I was thinking of the following to mimic PoW validation: Each user posts a transaction to a message board (done anonymously), they include a message verification using public/private keys. After a specified time frame the transactions are gathered into a block and students will mine for a number that will give some number of zeros when all the messages and the number are input into some has function (probably will use a SHA256 calculator online). I intend for them to do this relatively "manually" so the number of zeros won't be too big. Students will verify that blocks are valid (no overspending, signatures match, hash is correct) before continuing with the next block. I wanted to make this a semester long activity so students can really get a feel for what is going on with blockchains. I also want to make it intentionally "breakable" by students who want to attack the system. I also want to mess with them by posting fake transactions and doing various other nefarious things (any suggestions?). One immediate problem I see is that with a message board we already have a centralized forum, which negates one of the core concepts of a block chain as being decentralized. I am wondering if anyone here has any ideas as to how I can succesfully mimic a blockchain in a simplistic and easy to use (and even easy to attack) way. Thanks! -Teach submitted by /u/BlackBeardTeach [link] [comments]

Did is some way to check when website becomed fully safe (i mean encrypted without any mixed content etc.)for first time? Posted: 02 Aug 2018 05:34 AM PDT submitted by /u/Witwac307 [link] [comments]

You are subscribed to email updates from Cryptography news and discussions. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States