Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
12
votes
1 answer

What is U2FsdGVkX1?

Using CryptoJS 3.1 I noticed that using 3Des, the encrypted message always start with U2FsdGVkX1 Why is the first part of the encryption always the same? What information does this hold and how does that information become U2FsdGVkX1?
Thomas
  • 1,184
  • 5
  • 16
  • 33
12
votes
2 answers

Encryption scheme for social-network-like data sharing data via untrusted server?

I am thinking quite a lot lately abut the problem of secure, privacy-preserving social networking. Distributing the network among trusted, preferably self-hosted servers (like Diaspora, GNU Social etc. attempt to do) is obviously not a good solution…
Denis Washington
  • 231
  • 1
  • 5
12
votes
1 answer

Why is H(message||secret_key) not vulnerable to length-extension attack?

Given a Merkle-Damgård hash function $H$, I know that an attacker can forge a message protected by a MAC computed as $H(\textrm{secret_key}||\textrm{message})$. Why can't he perform the same extension attack on a MAC construction…
Peter
  • 123
  • 1
  • 4
12
votes
2 answers

Linkable ring signature scheme

I need an implementation of linkable ring signature, a ring signature which allows identifying whether two signatures belong to the same signer. It has important privacy-related applications, like e-voting, but unfortunately there seems to be no…
sor.rge
  • 356
  • 2
  • 7
12
votes
3 answers

Smallest possible certificate for IoT device

I'm developing an IoT system that uses small nodes connected through RF. This allows messages under 250 bytes long. You can check it at https://github.com/gmag11/EnigmaIOT. All messages are encrypted using ChaCha20+Poly with a dynamic key obtained…
gmag11
  • 121
  • 1
  • 3
12
votes
13 answers

Cryptography elements needed for a story

Note: following Maarten Bodewes's answer, I edited this post to make it clearer. I'm writing something partly driven by the need to crack a few encrypted files. This is what needs to happen in the story: There are two parties involved that are…
Nicola
  • 369
  • 2
  • 9
12
votes
3 answers

Error-correcting Code VS Lattice-based Crypto

I'm not an expert in PQ-crypto, but as I understand error-correcting code and lattice-based crypto, the cryptographic assumptions are very similar. The key difference for me is the nature of the noise. In one case, the noise is inspired by the…
Ievgeni
  • 2,653
  • 1
  • 13
  • 35
12
votes
1 answer

Why does SHA2-224 use different IV's than SHA2-256?

Given that it's otherwise just a truncation, I can guess that being able to compute the 224 value from the 256 value is an unwanted property, but that's just speculation.
hanshenrik
  • 569
  • 1
  • 5
  • 17
12
votes
2 answers

What is the sponge construction in simple terms?

I suggested to my client to use SHA3 instead of SHA2. I know that SHA3 is based on Keccak algorithm which won the NIST's competition. I want to explain the structure of sponge functions in very simple terms; does anybody have a simple explanation of…
Sam Claro
  • 121
  • 1
  • 3
12
votes
1 answer

Is this a safe way to prove the knowledge of an ECDSA Signature?

I think that I've found a good solution to prove the knowledge of an ECDSA signature without revealing it. In short terms it consists in generating an ECDSA signature using the point $R$ as generator, $s$ as private key and the result of $s*R$ as…
Jan Moritz
  • 714
  • 1
  • 6
  • 20
12
votes
3 answers

What happened to Poly1305AES? Is it obsolete?

I've been told that Poly1305AES is a great choice of MAC for constrained (embedded) environments. I'd checked out DJB's writing on it briefly, and have to say that I found its simplicity likeable, performance convincing & security proofs rigorous…
ulidtko
  • 349
  • 2
  • 11
12
votes
2 answers

Are there any signature schemes for underpowered devices (8-bit microcontroller)?

I am currently researching into a small scale home automation system, aiming for cost. The system architecture is basically one master and several slaves which are connected in parallel. Recently i've bumped into the natural question of system…
Bruno Morais
  • 223
  • 2
  • 7
12
votes
1 answer

Efficient decoding of irreducible binary Goppa codes and the role of matrix P in McEliece cryptosystem

If we assume that the support for an irreducible binary Goppa code $\gamma_1, ..., \gamma_n$ is publicly known, when is it possible to efficiently decode the code? I know it's possible if one knows the generator polynomial $g(x)$, and also, if one…
Zuzana
  • 121
  • 2
12
votes
2 answers

Are there any Secp256k1 ECDSA test examples available?

Are there any available test cases for testing elliptic curves like secp256k1 (Korblitz curves from http://www.secg.org/collateral/sec2_final.pdf)? For curves like P192 there are for example those values: http://point-at-infinity.org/ecc/nisttv…
ThePiachu
  • 1,689
  • 2
  • 18
  • 26
12
votes
3 answers

SHA3-255, one bit less

I need a SHA3-255 or 511. What if I simply truncate a standard SHA3-256 or 512? Apart from the doubled probability of hash collision, are there any other things I should be aware of? I could also truncate one byte instead of one bit, if useful. What…
ragazzojp
  • 423
  • 4
  • 8
1 2 3
99 100