119 matches found
On One-Shot Signatures, Quantum Vs Classical Binding, and Obfuscating Permutations
One-shot signatures OSS were defined by Amos, Georgiou, Kiayias, and Zhandry STOC'20. These allow for signing exactly one message, after which the signing key self-destructs, preventing a second message from ever being signed. While such an object is impossible classically, Amos et al observe tha...
A Novel APVD Steganography Technique Incorporating Pseudorandom Pixel Selection for Robust Image Security
Steganography is the process of embedding secret information discreetly within a carrier, ensuring secure exchange of confidential data. The Adaptive Pixel Value Differencing APVD steganography method, while effective, encounters certain challenges like the "unused blocks" issue. This problem can...
PrivacyGo: Privacy-Preserving Ad Measurement with Multidimensional Intersection
This paper tackles the challenging and practical problem of multi-identifier private user profile matching for privacy-preserving ad measurement, a cornerstone of modern advertising analytics. We introduce a comprehensive cryptographic framework leveraging reversed Oblivious Pseudorandom Function...
Black-Box Crypto Is Useless for Pseudorandom Codes
A pseudorandom code is a keyed error-correction scheme with the property that any polynomial number of encodings appear random to any computationally bounded adversary. We show that the pseudorandomness of any code tolerating a constant rate of random errors cannot be based on black-box reduction...
Parallel Kac'S Walk Generates PRU
Ma and Huang recently proved that the PFC construction, introduced by Metger, Poremba, Sinha and Yuen MPSY24, gives an adaptive-secure pseudorandom unitary family PRU. Their proof developed a new path recording technique MH24. In this work, we show that a linear number of sequential repetitions o...
CVE-2021-23020
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...
Lightweight Hybrid Block-Stream Cryptographic Algorithm for the Internet of Things
In this thesis, a novel lightweight hybrid encryption algorithm named SEPAR is proposed, featuring a 16-bit block length and a 128-bit initialization vector. The algorithm is designed specifically for application in Internet of Things IoT technology devices. The design concept of this algorithm i...
Standing Firm in 5G: a Single-Round, Dropout-Resilient Secure Aggregation for Federated Learning
Federated learning FL is well-suited to 5G networks, where many mobile devices generate sensitive edge data. Secure aggregation protocols enhance privacy in FL by ensuring that individual user updates reveal no information about the underlying client data. However, the dynamic and large-scale...
Near-Term Pseudorandom and Pseudoresource Quantum States
Whitepaper called Near-Term Pseudorandom And Pseudoresource Quantum States...
The vulnerability of the SSH client ssh-agent on Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. This vulnerability allows a attacker to execute a “man-in-the-middle” type attack.
The vulnerability of the SSH client ssh-agent on Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” type attack...
The vulnerability of the SSH client ssh-slave in Jenkins automation servers arises from errors in the code of the pseudorandom number generator used for generating host keys. This vulnerability allows an attacker to execute a “man-in-the-middle” type attack.
The vulnerability of the SSH client ssh-slave in Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...
Security update for ovmf
This update for ovmf fixes the following issues: CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 CVE-2023-45230: buffe...
SUSE-SU-2025:0503-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 - CVE-2023-45230:...
SUSE SLES15 / openSUSE 15 Security Update : ovmf (SUSE-SU-2025:0421-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0421-1 advisory. - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc12188...
SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0407-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0407-1 advisory. - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 -...
SUSE-SU-2025:0421-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 - CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 - CVE-2023-45231:...
SUSE-SU-2025:0407-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 - CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 - CVE-2023-45231:...
GHSA-237R-R8M4-4Q88 Guzzle OAuth Subscriber has insufficient nonce entropy
Impact Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.phpL192. This can leave servers vulnerable to replay attacks when TLS is not used. Patches Upgrade to version 0.8.1 or higher...
Fedora: Security Advisory (FEDORA-2024-d940f25a53)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-63f98f8c60)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...