Highest Voted Questions - Cryptography Stack Exchange

35

votes

2 answers

Why is MixColumns omitted from the last round of AES?

All rounds of AES (and Rijndael) have a MixColumns step, save the last round which omits it. DES has a similar feature where the last round differs slightly. The rationale, if I recall correctly, was to "make the cipher appear similar in reverse…

aes block-cipher des

asked Nov 28 '11 at 23:10

Fixee

4,258
3
26
39

35

votes

4 answers

What is so special about elliptic curves?

There seems to be sources like this, this also, and some introductions that discuss elliptic curves in general and how they're used. But what I'd like to know is why these particular curves are so important in cryptography as opposed to, let's say,…

elliptic-curves discrete-logarithm finite-field

asked Nov 05 '13 at 01:02

stackuser

583
4
7

34

votes

8 answers

Have any cryptographic breaks been executed in the real world since World War II?

Have there been any publicly known exploits of a cryptographic break in a widely used cryptographic system to actually read encrypted information (or falsely authenticate) since the Ultra program in World War II? I want to define my terms as…

history enigma

asked Feb 22 '22 at 02:04

Very Tiny Brain

451
1
4
7

34

votes

1 answer

Proof for the SHA3 claim that 256 bit security is "post-quantum sufficient"?

On page 14 of "Keccak and the SHA-3 Standardization" (February 6, 2013) it says: Instantiation of a sponge function the permutation KECCAK-f 7 permutations: b → {25,50,100,200,400,800,1600} Security-speed trade-offs using the same permutation,…

hash cryptanalysis algorithm-design post-quantum-cryptography sha-3

asked Aug 01 '13 at 13:04

Mike Edward Moras

18,161
12
87
240

34

votes

2 answers

Is HMAC-MD5 considered secure for authenticating encrypted data?

I've read something to the effect that the HMAC construct is able to lessen the problem of collisions in the underlying hash. Does that mean that something like HMAC-MD5 still might be considered safe for authenticating encrypted data?

hmac md5

asked Jul 20 '13 at 12:02

Nuoji

813
1
7
21

34

votes

8 answers

Why do some people believe that humans are "bad at" generating random numbers/characters like this?

I'm not even sure if they are serious, but I've heard many times that some people refuse to not only trust their computer to generate a random string (which is understandable) but also don't trust themselves to do it. So, instead of simply…

random-number-generator provable-security passwords randomness pseudo-random-generator

asked Feb 04 '21 at 02:21

K. B.

373
1
4
4

34

votes

2 answers

What is a Pedersen commitment?

I couldn't find any answer providing a high-level overview on what Pedersen commitments are or what they are used for.

terminology commitments

asked Nov 30 '18 at 12:25

Paul Razvan Berg

557
1
4
14

34

votes

1 answer

Does the generator size matter in Diffie-Hellman?

For the Diffie-Hellman protocol I've heard that the generator 3 is as safe as any other generator. Yet, 32-bit or 256-bit exponents are sometimes used as generators. What is the benefit of using these very large generators if they are just as safe…

key-exchange diffie-hellman

asked Jun 13 '11 at 12:04

jnm2

582
5
11

34

votes

3 answers

What is bignum-free RSA?

I recently saw a claim that BearSSL has a bignum-free implementation of RSA. What does this mean? I don't see how one could implement RSA without bignum arithmetic.

rsa arithmetic

asked Jun 07 '18 at 07:30

Elias

4,933
1
16
32

34

votes

5 answers

Is it bad to expose the public key?

I am studying about blockchain and have been focusing on encryption protocols that allow authentication. The digital signature of public and private key seems solid, I have focused on the algorithm ED25519. But in some places, some people say about…

hash public-key signature ed25519

asked Jun 18 '17 at 11:44

Victor França

459
1
5
6

34

votes

1 answer

What do the signature security abbreviations like EUF-CMA mean?

From time to time, one stumbles across formal security definitions. This includes security definitions for signature schemes. The most common ones are the *UF-* ones, advertising security against specific classes of attackers. Now these notions may…

provable-security terminology chosen-plaintext-attack known-plaintext-attack security-definition

asked Feb 25 '17 at 16:15

SEJPM

46,697
9
103
214

34

votes

2 answers

What does "birational equivalence" mean in a cryptographic context?

In a recent question on using the same curve for signing and ECDH it was noted for the Ed25519 curve and Curve25519: Nitpick: the curves are birationally equivalent, not isomorphic. Now this term shows up quite often in cryptography, especially…

elliptic-curves terminology

asked Jan 16 '17 at 16:05

SEJPM

46,697
9
103
214

34

votes

3 answers

How many KDF rounds for an SSH key?

What is the best practice on choosing how many key derivation function (KDF) rounds/iterations when generating an SSH key pair with ssh-keygen? Am I correct in saying that it is unnecessary if the passphrase is strong enough? Is there some kind of…

public-key passwords key-derivation brute-force-attack ssh

asked Sep 29 '16 at 03:36

Peter Tseng

443
1
4
6

34

votes

1 answer

What is a ratchet?

while reading Whatsapp's Security Whitepaper I found the term "ratchet". What does it mean in cryptography? The Message Key is derived from a sender’s Chain Key that “ratchets” forward with every message sent. Additionally, a new ECDH agreement…

hash diffie-hellman

asked Sep 03 '16 at 16:38

M-elman

1,278
3
16
24

34

votes

3 answers

Possible ways to crack simple hand ciphers?

We had a quiz in class today where we had to break the ciphertext with the key given, but not the algorithm. Suffice to say that I wasn't able to decrypt it within the allotted time of 12 mins and will probably get a 0% score on the quiz. So, I was…

cryptanalysis classical-cipher substitution-cipher pen-and-paper

asked Sep 18 '12 at 23:49

GamingX

647
2
7
9

Most Popular