Highest Voted Questions - Cryptography Stack Exchange

12

votes

1 answer

What Diffie-Hellman parameters should I use?

After reading this article, I started wondering how should I approach the problem of choosing p and g params in 1024-bit Diffie-Hellman key exchange. In my project, I am going to establish keys between many users. Should I create different p and g…

diffie-hellman key-exchange

asked Oct 19 '15 at 02:57

michnovka

366
1
4
10

12

votes

2 answers

Whats the point of an IV if public?

What is the point of the initialization vector in cryptographic modes like AES-CBC when it is sent in the public? Cant any attacker just listen and reverse the IV? and as such defeating its purpose? EDIT I already know what has been said here. My…

encryption initialization-vector

asked Sep 05 '15 at 18:43

user27551

121
1
3

12

votes

5 answers

Are there any simple and yet secure encryption algorithms?

Being very new to C++ and cryptography, I finally managed to implement a version of the Vinegere algorithm. I would like to try something a bit more complicated. I have looked at AES and DES and others like them, but I was wondering if there is…

encryption aes block-cipher algorithm-design

asked Jun 03 '12 at 19:04

Thomas

1,184
5
16
33

12

votes

2 answers

How does the simulator of the special-honest verifier zero-knowledge property works?

I’m a bit confused about what the simulator of the special-honest verifier zero-knowledge property of a $\Sigma$-protocol is supposed/allowed to do and how to prove that it is indeed efficient (i.e. it runs in a time polynomial in the security…

zero-knowledge-proofs

asked Aug 12 '15 at 12:17

LRM

1,406
12
24

12

votes

1 answer

CPA-security of a pseudorandom permutation encryption scheme

Let $F$ be a pseudorandom permutation, and define a fixed-length encryption scheme $(Gen, Enc, Dec)$ as follows: on input $m \in$ $\{0,1\}^{n/2}$ and key $k \in \{0,1\}^n$, algorithm $Enc$ chooses a random string $r \leftarrow \{0,1\}^{n/2}$…

provable-security chosen-plaintext-attack pseudo-random-permutation

asked Jul 27 '15 at 11:39

pa5h1nh0

541
7
17

12

votes

1 answer

Why isn't outputting only a portion of the hash state a simple defense against length extension attacks?

As I understand length extension attacks, they depend on the coincidental property of most cryptographic hash functions that the hash value is exactly the hash function state after hashing the last block of data. This enables an attacker to…

hash algorithm-design length-extension

asked Jul 14 '15 at 14:09

sehrgut

223
1
8

12

votes

1 answer

How many bits of entropy does an elliptic curve key of length n provide?

A FAQ for an open source project makes the claim: Indeed, an elliptic curve key of length n provides $n/2$ bits of security. I have two questions: What is the practical difference between "bits of entropy" and "bits of security"? How does one…

elliptic-curves entropy

asked Jul 08 '15 at 00:14

Rich Apodaca

221
1
5

12

votes

1 answer

If RSA is only used to encrypt symmetric keys which are random, what's wrong with textbook RSA?

As far as I know, IND-CPA is used to protect against frequency analysis. But if RSA is only used to encrypt symmetric keys, what's wrong with using only textbook RSA because random keys are very unlikely to repeat?

rsa public-key padding chosen-plaintext-attack

asked Jul 07 '15 at 16:49

wlad

1,259
1
13
24

12

votes

2 answers

Is standardizing a modified AES a good idea?

"Recently" the Ukraine standardized a new block cipher Kalyna, which according to the abstract of"A New Encryption Standard of Ukraine: The Kalyna Block Cipher" by Oliynykov et al. (warning: the paper contains a lot of test-vectors) is basically a…

aes rijndael standards mds kalyna

asked Jul 02 '15 at 20:59

SEJPM

46,697
9
103
214

12

votes

2 answers

How were the number of rounds for different key sizes of AES selected?

The number of AES rounds increases with the key length. Why increase the number of rounds at all, and how were these round counts chosen?

aes block-cipher

asked May 21 '12 at 14:34

user1449

12

votes

1 answer

Why isn't Rabin-Williams cryptosystem widely used?

I think we all know RSA. And of course we also know DJB (a.k.a. Daniel J. Bernstein). Now some already have noticed that he has an opinion towards cryptographic questions. In his 2008 paper ("RSA signatures and Rabin–Williams signatures: the state…

rsa signature rabin-cryptosystem

asked Jun 10 '15 at 20:32

SEJPM

46,697
9
103
214

12

votes

4 answers

Is the one-time-pad a secure system according to modern definitions?

Occasionally I hear people say that one-time pads are "useless" or even "broken". "modern cryptography knows more security definitions, under some of which the one-time pad is completely broken." -- How do we know a cryptographic primitive…

one-time-pad security-definition

asked Jun 05 '15 at 01:09

David Cary

5,744
4
22
35

12

votes

3 answers

Why can’t DSA be used for encryption?

This question at StackOverflow mentions that DSA cannot be used for encryption. But both RSA and DSA can be used to generate public and private keys, right? Then why can't I use the DSA public key to encrypt?

rsa public-key signature dsa

asked May 11 '12 at 08:40

Lunar Mushrooms

709
3
8
11

12

votes

4 answers

Is it fair to assume that SHA1 collisions won't occur on a set of <100k strings

I'm building a system that has to take file paths, and generate a unique name for each one. I'm planning on using SHA1 as the hash function. My question is: do I have to deal with possible collisions (2 different paths producing the same SHA1…

collision-resistance sha-1

asked May 11 '12 at 10:13

Denis Hennessy

223
1
2
6

12

votes

4 answers

Alice and Bob's crush

Suppose Alice and Bob both want to determine whether the other has a crush on him/her, but they only wish to share the information if the crush is mutual. Is there a cryptographic protocol that makes this possible without using trusted third…

protocol-design

asked Apr 30 '15 at 23:33

user24215

121
2

Most Popular