Questions tagged [probability]

Questions about the branch of mathematics concerned with modeling and analyzing random phenomena.

Probability is the branch of mathematics concerning numerical descriptions of how likely an event is to occur or how likely it is that a proposition is true. The probability of an event is a number between 0 and 1, where, roughly speaking, 0 indicates the impossibility of the event, and 1 indicates certainty. The higher the probability of an event, the more likely it is that the event will occur.

Modern Cryptography has strong usage on the probability. The indistinguishability, the probability of the success of the adversary, etc.

103 questions

votes

6 answers

Is it possible that a SHA256 hash has the same hex character over and over again?

In theory, there are infinite inputs, that you can hash with SHA-256. So theoretically it would be possible that one hash string would read 0xaaaaaaaa... But would that also be possible practically, or do the algorithms check that this is not…

hash sha-256 probability

asked Apr 29 '21 at 13:11

DudeWhoWantsToLearn

votes

2 answers

Statistical closeness implies computational indistinguishability

This is so trivial that authors usually don't bother to give an explicit proof. But for me there is some vagueness. We say that two ensembles $X_n$ and $Y_n$ are statistically close, if $$ \Delta(n) = 1/2 \sum_{\alpha}|\mathbb{P}[X_n = \alpha] -…

provable-security distinguisher probability

asked Sep 06 '19 at 13:23

Kirill Tsar.

votes

1 answer

Using a hash function as a random number generator

Using MD5 or SHA1 for instance, and applying integers (as seed so to speak) to the hash function, in sequence, and only keeping, say, the first 64 bits of the resulting hash, do we always have a probability close to $1/{2^{64}}$ to have…

hash pseudo-random-generator sha-1 md5 probability

asked Jan 31 '19 at 15:43

Déjà vu

votes

2 answers

Probability conventions in cryptography

I am working on Victor Shoup's tutorial on game-based security proof and want to figure out some notions from the perspective of probability theory. Consider the following PRF advantage defined on Page 11: $$ \bigl|\,\Pr[s \leftarrow S: A^{F_s}() =…

pseudo-random-function terminology notation probability

asked Jun 21 '22 at 06:24

X. G.

votes

1 answer

Is it possible to construct a PRNG where the output numbers have a certain distribution of hamming weights?

I am in need of a non-uniform random number generator where each n-bit output has a hamming weight with a certain binomial distribution. For example, I would like a non-uniform PRNG which generates 32-bit outputs with a hamming weight whose binomial…

random-number-generator lfsr probability hamming

asked May 20 '20 at 16:57

Ollie

votes

0 answers

What is the probability equation of rotational cryptanalysis on modulo multiplication?

The answer in this question defined how to calculate the probability of rotational cryptanalysis on modulo multiplication $\odot$. This paper defined an algebraic equation of how to calculate the rotational probability of modular addition $\boxplus$…

cryptanalysis arx probability

asked May 06 '19 at 07:28

hardyrama

2,288
1
17
41

votes

3 answers

Is this probability negligible?

Let $X \in \{0,1\}^{2n}$ be a uniformly distributed random string and $Y \in \{0,1\}^{2n}$ such that $H(Y) = n$. Does this imply that $Pr(X=Y) = 2^{-n}$? If it's not, is this probability necessarily neglible in $n$? I've only been able to show that…

entropy probability

asked Feb 09 '24 at 17:29

Lourenço Abecasis

votes

1 answer

The different bounds of PRP/PRF switching lemma

The PRP/PRF switching lemma is usually denoted as follows: I understand the proof of this version of the bound $\frac{q(q-1)}{2^{n+1}}$ and the game-playing technique behind it. However, I came across a different version of this lemma recently,…

block-cipher pseudo-random-function pseudo-random-permutation probability

asked Feb 07 '22 at 11:08

Max1z

votes

3 answers

Can you have perfect secrecy with countable message/key spaces by dropping countable additivity?

This classic paper by Chor and Kushilevitz shows that if the key space and the message space are both countably infinite, then it is impossible to have a perfectly secure private-key encryption scheme. Their proof relies on the fact there exists no…

symmetric secret-sharing perfect-secrecy information-theory probability

asked Sep 13 '20 at 07:59

Keshav Srinivasan

votes

1 answer

Overwhelming implies non-negligible

Is it true that an overwhelming function should be non-negligible? Recall that a function $f$ is overwhelming if $1-f$ is negligible, and a function $g$ is negligible if there exists an $N$ such that for all $n>N$, we have $|g(n)|<\frac{1}{n^c}$ for…

probability negligible

asked Jun 30 '25 at 03:38

MathematicallyUnsound

votes

1 answer

How to Derive the Decapsulation Failure Rates for ML-KEM in PQC standards?

I am studying post-quantum key encapsulation mechanisms and came across the decapsulation failure rates for ML-KEM listed in Table 1 of a reference document(FIPS-203). The table specifies failure rates for different parameter sets as…

post-quantum-cryptography lattice-crypto probability kyber domain-parameters

asked Jan 20 '25 at 09:56

smith

votes

1 answer

What are the expected values of a particular rotational-XOR property of a sequence of random bitstrings?

Assuming that $x$ is a sequence of $l$ bits and $0 \le n < l$, let $R(x, n)$ denote the result of the left bitwise rotation of $x$ by $n$ bits. For example, if $x = 0100110001110000$, then $$\begin{array}{l} R(x,0) =…

number-theory statistical-test probability

asked Nov 09 '21 at 05:29

lyrically wicked

1,379
7
11

votes

1 answer

Laplace Inequality

I am trying to prove that if $r_i \sim Lap(0,1/\varepsilon)$ where $\varepsilon >0$ then: $$Pr[r_i \geq 1+r^*] \geq e^{-\varepsilon}Pr[r_i \geq r^{*}]$$. I know that for $r*>0$ it satisfies with equality. Even though, for $r <0$, I couldn't find…

data-privacy differential-privacy probabilistic-encryption probability

asked Jul 31 '20 at 22:08

Miguel Gutierrez

votes

1 answer

Likelihood of signature collision with EdDSA

Taking EdDSA as an example, given the length of a signature is 512-bits for a given data payload, what is the probability of a collision where there is another 512-bit value that is also a valid signature? With symmetric crypto we know there is only…

elliptic-curves signature probability eddsa

asked Jul 06 '20 at 10:07

Woodstock

1,454
1
15
26

votes

2 answers

What's the meaning of probabilities in differential privacy formula?

I don't understand what does it mean by "The probability is taken is over the coin tosses of K." Does it mean, the probability distribution is generated based on exactly same data but only the function is selected randomly? So it's the data that…

terminology data-privacy differential-privacy probability

asked Jul 29 '19 at 22:55

Patroclus

2 3 4 5 6 7 Next