Highest Voted Questions - Cryptography Stack Exchange

12

votes

2 answers

Why is multiplication uncommon in cryptographic primitives?

Modern computers (which crypto programs are usually run on) have a 64-bit multiply, and it only takes one cycle. It's pretty decent mixing at next to no cost. For block ciphers: Multiplication by a constant is nonlinear (when combined with other…

hash block-cipher arithmetic

asked Sep 26 '17 at 23:51

EPICI

359
2
7

12

votes

2 answers

Can RSA be used to encrypt p?

In RSA you choose $n=pq$ where $p$ and $q$ are large primes with similar length. Then you choose $e$ that is coprime with $\phi(n)$ and find $d$ that is modular multiplicative inverse of $e$ modulo $\phi(n)$, so $ed \equiv 1 \mod \phi(n)$. Then…

rsa

asked Sep 25 '17 at 06:08

desowin

163
7

12

votes

5 answers

What is the malicious potential of a key-substitution-attack?

What is the idea behind a key-substitution-attack? We start from a given pair of message $m$ and signature $s(m)$. The signature can be verified by anybody in possess of the public key $y$: $v(m, s, y)= ok$ Now, by some mathematical magic (details…

public-key signature attack

asked Jun 13 '17 at 10:21

MichaelW

1,517
1
14
26

12

votes

1 answer

XOR a set of random numbers

Basic question about XOR and entropy - given a set $S$ of pseudo-random numbers in the range $[0,b]$, will XORing them produce a new pseudo-random number in $[0,b]$ or will the operation decrease the entropy? In the case that some numbers in $S$ not…

randomness entropy xor

asked Jun 10 '17 at 01:01

avive

231
2
6

12

votes

1 answer

How to determine the multiplicative inverse modulo 64 (or other power of two)?

I am trying to determine the multiplicative inverse of $47$ modulo $64$. So I have looked for an algorithm or scheme in order to perform this. I found this wiki explaining how to find a multiplicative inverse. I tried to perform all the…

modular-arithmetic

asked May 17 '17 at 16:25

user3834282

139
1
3

12

votes

1 answer

Why does KangarooTwelve only use 12 rounds?

The initial Keccak submission used 18 rounds, which was bumped up to 24 rounds for the final version after distinguishers were found for a reduced 16 round variant. However, the Keccak team has recently released a spate of cryptographic primitives…

hash keccak

asked Apr 12 '17 at 05:36

Indolering

361
1
8

12

votes

1 answer

Does IND-CPA imply PRF?

It is well-known that a pseudorandom function (PRF) can be used to build a CPA-secure symmetric cryptosystem. My question: is PRF necessary for this, i.e., can one show something like "If there exists an IND-CPA scheme then there exist PRF?"

pseudo-random-function chosen-plaintext-attack

asked Mar 31 '17 at 15:05

Martin Hofmann

181
1
6

12

votes

2 answers

Are common (secure) stream ciphers CCA1-secure?

My latest question and especially Ricky Demer's comment on the answer got me thinking: This homomorphic tranformation of RSA is most likely IND-CPA and maybe even IND-CCA1, but if it could be IND-CCA1, so could be a stream cipher in theory. This is…

stream-cipher chosen-ciphertext-attack

asked Mar 27 '17 at 18:04

SEJPM

46,697
9
103
214

12

votes

2 answers

Different ways/algorithms for implementing AES

I have seen a couple software implementations of the Advanced Encryption Standard. They are pretty much straight forward, i.e. they are implemented exactly the same way as the AES is described. This makes an implementation of AES very easy to…

aes elliptic-curves implementation cryptographic-hardware

asked Mar 13 '17 at 09:21

jordi88

121
1
3

12

votes

1 answer

Encrypting bcrypt hashes

I've been asked by a client to give some advice on hashing and as it isn't my area I'm looking for someone who knows what they are talking about. The client is hashing 4-6 digit PINs (mostly 4 digit) with bcrypt, they have the work factor set as…

bcrypt

asked Mar 08 '17 at 10:58

Robin

123
4

12

votes

1 answer

What is a safe maximum message size limit when encrypting files to disk with AES-GCM before the need to re-generate the key or NONCE

The general limits from the NIST recommendation are as follows: Maximum Encrypted Plaintext Size ≤ 239 - 256 bits; Maximum Processed Additional Authenticated Data ≤ 264 - 1 bits; This stack overflow answer…

encryption aes authenticated-encryption gcm file-encryption

asked Feb 22 '17 at 23:01

Stan Ivanov

390
1
2
13

12

votes

1 answer

RSA with 3 primes

I was trying to understand how does RSA with 3 primes work. I have checked Wikipedia but yet I didn’t fully understand their solution. I would like to know how do you encrypt for $n=p*q*r$ How do you decrypt for it, and why is it still proven to…

rsa multi-prime-rsa

asked Feb 22 '17 at 20:47

Jeremaiha

127
1
1
7

12

votes

3 answers

Does AES-NI offer better side-channel protection compared to AES in software?

Does AES-NI offer better side-channel protection compared to AES in software? Also, it would be great of you could provide according references in your answer.

aes reference-request side-channel-attack

asked Feb 04 '17 at 09:55

RJL

177
1
7

12

votes

2 answers

Checksum vs. non-cryptographic hash

What are the differences between checksums (e.g. Fletcher, Adler, CRC), non-cryptographic hashes (e.g. xxHash, MurmurHash, CityHash) and cryptographic hashes (e.g. MD5, SHA1, SHA3)? I am familiar with checksums and how they're used to detect errors…

hash checksum

asked Feb 03 '17 at 00:12

bryc

292
4
15

12

votes

4 answers

RSA private key integrity check

I am working on a device whose OS provides an RSA Private primitive, where the inputs are the message, and the usual components of a private key. Unfortunately it is bugged so that in some cases of supplying garbage for the private key, the device…

rsa keys

asked Jan 10 '17 at 11:01

M.M

223
2
6

Most Popular