Pull to refresh
27.6

Cryptography *

Encryption and cryptanalysis

Show first
Rating limit
Level of difficulty

Hashing and its C++ applications

Level of difficulty Medium
Reading time 6 min
Views 3.8K

Hash, salt, SHA-1, SHA-2, std::hash.. To a non-programming person that may come up as some kind of a recipe that just does not seem to add up. In a sense, this is indeed supposed to be a gibberish to any third party and a strong, helpful mechanism for us, programmers. 

At the start of writing this article, I had one clear idea to get across the table: to finally unveil this mystery of hashing in C++ for beginners. I, a beginner myself, also wanted to solidify my knowledge in this area; so let’s get started.

Read more
Total votes 2: ↑2 and ↓0 +2
Comments 0

How to exchange a secret key over an insecure network (EC-Diffie-Hellman algorithm)

Reading time 6 min
Views 2.1K

Let’s say you want to send an encrypted message to your friend in order to avoid it being intercepted and read by a third party. You generate a random secret key and encrypt the message with it. Let’s say you use AES. But how do you let your friend know the key to decrypt it?

In this article, we will explore how the Elliptic-Curve Diffie-Hellman algorithm works under the hood. The article includes the implementation of this algorithm from scratch, written in Python.

Read more
Total votes 2: ↑2 and ↓0 +2
Comments 2

Anonymity and Authenticity

Reading time 15 min
Views 1.4K

The following text consists of two logically connected parts. The first part constructively rules out the assumption that untraceability supposes anonymity. The second part enumerates specific practical tasks in the form of various scenarios when digital signatures (DS) do not provide correct solutions to the task. It is demonstrated that a complete solution can be obtained through a special combination of DS and an interactive anonymous identification protocol.

Read more
Rating 0
Comments 0

Systematic coding and digital signature

Reading time 10 min
Views 2.6K

Once the Teacher asked the Author:

Are there methods of redundancy introducing at an informational level, other than those that are studied by the theory of error-correcting codes? Emphasizing that he is talking about information redundancy, the Teacher thus made it clear that the question does not imply various ways of energy redundancy introducing, which are well studied in communication theory. After all, the noise immunity of information transmission is traditionally assessed by means of a threshold value that is calculated as the ratio of signal energy to noise energy. It is known that the methods of the theory of error-correcting codes offer an alternative solution, allowing energy saving.

After a cogitative pause, the Author answered in the affirmative, following intuition rather than rational knowledge. Upon hearing the answer, the Teacher noticed that this is a wrong conclusion and there are no such methods.

However, over time, the Author began to suspect that the immutability of the paradigm formulated above could be questioned.

Read more
Rating 0
Comments 0

The Cryptocurrency Bandwagon

Reading time 8 min
Views 1.7K

The spread of cryptocurrencies contributed to the development of many solutions based on a distributed ledger technology (blockchain). Although the scope of these solutions varies, most of them have the same basic set of security services, i.e. confidentiality, authenticity, and integrity. These features are granted by the practical applications of public key cryptography, in particular,  digital signature (DS). But unlike many other applications of public key cryptography, cryptocurrency networks do not use public key certificates. This is the aspect that we would like to talk about.

Read more
Rating 0
Comments 2

Let’s deal with WeChat — the second most popular messenger in the world

Reading time 5 min
Views 2.3K


  • A short excursion into WeChat;
  • About the platform, the version of the application, the utilities used and the decryption of the executable file;
  • • About two protocols (old one and new one);
  • About serialization of objects;
  • Used cryptography and key exchange;
  • About headers and hash-functions;
  • About the exposures found.

Read more →
Total votes 5: ↑5 and ↓0 +5
Comments 1

On the recent vulnerability in Diebold Nixdorf ATMs

Reading time 8 min
Views 3.9K

Hi there! A while ago, Positive Technologies published the news that ATMs manufactured by Diebold Nixdorf (previously known as Wincor), or more specifically, the RM3 and CMDv5 cash dispensers, contained a vulnerability which allowed attackers to withdraw cash and upload modified (vulnerable) firmware. And since my former colleague Alexei Stennikov and I were directly involved in finding this vulnerability, I would like to share some details.

Read more
Total votes 5: ↑5 and ↓0 +5
Comments 2

Private party protocol: how to distinguish friends and foes using cryptographic tools

Reading time 12 min
Views 1.2K

ENCRY presents a new interactive identification protocol aimed at controlling the access of selected users to various resources.

Close your eyes and imagine Nice, a luxurious estate whose extravagant owner throws epic parties with jazz and fireworks every weekend.

To attend such a party is a lot of the elite. Invitations are sent out in advance, and guests do not know the names of other invited persons. The owner of the estate, the mysterious Jay Gatsby, an eager luxury-lover, values ​​privacy so much that he is not ready to entrust the list of invitees to anyone, not even his buttress. Moreover, the owner of the estate would like the guests not to reveal their names when entering the property. After all, there may be the mayor of the city, or the chief prosecutor among them, and they would like to keep their visit secret. Unfortunately, the owner of the estate himself is so busy that he cannot independently check each guest at the entrance, especially since there are several access roads to his house. How could he solve this problem?

Read more
Total votes 2: ↑2 and ↓0 +2
Comments 0

5 Thought-Provoking Use Cases Of Blockchain In Diverse Industries

Reading time 2 min
Views 1.2K

Blockchain is a decentralized technology that maintains a record of all transactions occurring over a peer-to-peer network. Due to Blockchain's several different high-level use cases, numerous industries described Blockchain as the 'magic beans.' 

Blockchains store the record in a decentralized system that is interconnected. This technology lessens vulnerability and enhances transparency in all industrial sectors as information is stored digitally, and it does not have any centralized point to carry out the transactions.

Do You Know?

Read more
Total votes 1: ↑0 and ↓1 -1
Comments 1

How to develop and publish a smart-contract in the Telegram Open Network (TON)

Reading time 27 min
Views 6.2K

What is this article about?


In this article, I will tell about my participation in the first (out of two so far) Telegram blockchain contest. I didn't win any prize. However, decided to combine and share the unique experience I have had from the start to finish line, so my observations could help anyone who is interested.


Since I didn't want to write some abstract code, instead make something useful. I created instant lottery smart-contract and website which shows smart-contract data directly from Telegram Open Network (TON) avoiding any middle storage layers.


The article will be particularly useful for those, who want to write their first smart-contract for TON but don't know where to start.


Using the lottery as an example, I will go from setting up the environment to publishing a smart contract, interacting with it. Moreover, I will create a website that will show smart-contract data.

Read more →
Rating 0
Comments 3

Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras

Reading time 6 min
Views 91K

This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
Read more →
Total votes 19: ↑18 and ↓1 +17
Comments 15

9 Key Benefits Of Blockchain Technology In Sports Software

Reading time 8 min
Views 2.1K
image

There are numerous benefits provided by blockchain technology for sports betting software. The nine key benefits are detailed below.

Security of Blockchain

When this technology is integrated into sports betting software, there is a permanent and unchangeable record in the transaction ledger providing transparency. Sportsbooks must be certain their betting data is delivered safely with all bets resolved correctly and quickly. This technology provides significantly better protection through the use of smart contracts. Decentralized actors handle the wagers with the smart contracts being executed automatically. Publicly written data cannot be altered. The complex system of the past is simplified and performed for much less than the traditional costs. Blockchain Development Services, Blockchain Solutions are paramount not only in sports betting but every aspect of the new business world. Blockchain technology experts integrate cryptocurrency payment solutions, program smart contracts, and engineer blockchain networks and apps.

This provides better protection, flawless bet execution, enhanced data security, and complete information transparency. The use of cryptocurrency significantly decreases the fees for payment processing. This reduces the margins for the sportsbook while offering players an increased chance to win. Once the bets have been resolved with a smart contract, the funds will be in the wallet of the better for almost immediate withdrawal. Any issues for even larger amounts are eliminated due to cryptocurrency payouts.

Read more →
Rating 0
Comments 0

How elliptic curve cryptography works in TLS 1.3

Reading time 20 min
Views 20K
image

A couple of reader alerts:

In order to (somewhat) simplify the description process and tighten the volume of the article we are going to write, it is essential to make a significant remark and state the primary constraint right away — everything we are going to tell you today on the practical side of the problematics is viable only in terms of TLS 1.3. Meaning that while your ECDSA certificate would still work in TLS 1.2 if you wish it worked, providing backwards compatibility, the description of the actual handshake process, cipher suits and client-server benchmarks covers TLS 1.3 only. Of course, this does not relate to the mathematical description of algorithms behind modern encryption systems.

This article was written by neither a mathematician nor an engineer — although those helped to find a way around scary math and reviewed this article. Many thanks to Qrator Labs employees.

(Elliptic Curve) Diffie-Hellman (Ephemeral)

The Diffie–Hellman legacy in the 21 century

Of course, this has started with neither Diffie nor Hellman. But to provide a correct timeline, we need to point out main dates and events.

There were several major personas in the development of modern cryptography. Most notably, Alan Turing and Claud Shannon both laid an incredible amount of work over the field of theory of computation and information theory as well as general cryptanalysis, and both Diffie and Hellman, are officially credited for coming up with the idea of public-key (or so-called asymmetric) cryptography (although it is known that in the UK there were made serious advances in cryptography that stayed under secrecy for a very long time), making those two gentlemen pioneers.

In what exactly?
Read more →
Total votes 21: ↑21 and ↓0 +21
Comments 0

PKI Decentralization: Proposed Approaches to Security Improvement

Reading time 7 min
Views 2.5K
The practical means of applying public key cryptography to secure network communications were introduced by Loren Kohnfelder in his MIT S.B. (BSCSE) thesis written in May 1978. After that, the public key infrastructure (PKI) has gone through several iterations of changes and updates, but it still preserves its traditional methodology. PKI requires implicit trust from a single entity or entities chain called a certificate authority (CA). This approach has led to a breakdown in confidence. However, through the years, having one root entity to control the way public key certificates are issued has shown that it can cause major complications with transparency and security.

In this article, we will once again dive deeper into the problems of PKI and consider the solutions being developed that can overcome existing shortcomings.
Read more →
Total votes 3: ↑3 and ↓0 +3
Comments 0

How to Write a Smart Contract with Python on Ontology? Part 4: Native API

Reading time 4 min
Views 1.7K
image

Earlier, I have introduced the Ontology Smart Contract in
Part 1: Blockchain & Block API and
Part 2: Storage API
Part 3: Runtime API
Today, let’s talk about how to invoke an Ontology native smart contract through the Native API. One of the most typical functions of invoking native contract is asset transfer.
Read more →
Total votes 5: ↑5 and ↓0 +5
Comments 0

How to Write a Smart Contract with Python on Ontology? Part 3: Runtime API

Reading time 3 min
Views 1.3K
image

Introduction


Earlier, I have introduced the Ontology Smart Contract in
Part 1: Blockchain & Block API and
Part 2: Storage API
Now when you have an idea about how to call the relevant API for persistent storage when developing Python smart contract on Ontology, let’s go on to Runtime API (Contract Execution API). The Runtime API has 8 related APIs that provide common interfaces for contract execution and help developers get, convert, and validate data. Here’s a brief description of these 8 APIs:
Read more →
Rating 0
Comments 0

DPKI: Addressing the Disadvantages of Centralized PKI by Means of Blockchain

Reading time 15 min
Views 2.9K


Digital certificates are one of the most commonly known auxiliary tools that help protect data across public networks. However, the key disadvantage of this technology is also commonly known: users are forced to implicitly trust certification authorities which issue digital certificates. Andrey Chmora, Technology and Innovations Director at ENCRY, suggested a new approach for building a Public Key Infrastructure (PKI) to eliminate the existing disadvantages using the distributed ledger (blockchain) technology.
Let's begin with the basics.
Read more →
Total votes 4: ↑3 and ↓1 +2
Comments 0

Blockchain RSA-based random

Reading time 5 min
Views 1.8K
There’s a problem we needed to address in the course of developing our games. It’s complicated to generate a random number in a distributed network. Almost all blockchains have already faced this issue. Indeed, in networks where there is no trust between anyone, the creation of a random number solves a wide range of problems.

In this article, we explain how we solved this problem for our games. The first of these was Waves Xmas Tree.



Read more →
Total votes 13: ↑13 and ↓0 +13
Comments 0

The Data Structures of the Plasma Cash Blockchain's State

Reading time 7 min
Views 1.5K


Hello, dear Habr users! This article is about Web 3.0 — the decentralized Internet. Web 3.0 introduces the concept of decentralization as the foundation of the modern Internet. Many computer systems and networks require security and decentralization features to meet their needs. A distributed registry using blockchain technology provides efficient solutions for decentralization.
Read more →
Total votes 9: ↑9 and ↓0 +9
Comments 0
1

Authors' contribution