Highest Voted Questions - Cryptography Stack Exchange

11

votes

9 answers

Physical analogue for MACs

What would be a good analogue with which to describe Message Authentication Codes to a person who has little to no understanding of cryptography? For instance, a vault is a reasonable analogue for symmetric authenticated encryption: anyone with the…

mac

asked Jul 09 '13 at 01:27

Stephen Touset

11,162
1
39
53

11

votes

1 answer

Relation between attack and attack model for signatures

What is the relationship between an attack and an attack model? For example, let $\Pi$ be the Lamport signature scheme. This signature has its security based on any one-way function. The Grover algorithm, an attack, inverts this function with…

signature provable-security attack adversarial-model

asked Jul 05 '13 at 23:40

juaninf

2,781
3
21
29

11

votes

2 answers

Random data CBC padding scheme?

When using AES in CBC mode, padding is required when the last plaintext block has not the length required by the cipher. Let's say $k$ mode bytes would be required to fill the block. My idea was to pad the last block with $k-1$ random bytes followed…

aes cbc padding

asked May 23 '21 at 13:00

HerpDerpington

245
2
7

11

votes

3 answers

Is double SHA-256 the best choice for Bitcoin?

So I was just curious. I really look up to Blockchain technology and I have read that Bitcoin uses double SHA-256 for hashing. ( from what I understood, double sha256 is essentially $\operatorname{SHA-256}(\operatorname{SHA256}(value))$ ). Is double…

hash sha-256 cryptocurrency

asked Jan 08 '21 at 21:09

Pinkovai Krisztian

121
1
6

11

votes

5 answers

Radioactive Decay, Gaussian or Uniform?

I'm trying to understand the nature of true randomness. I'm building an RNG using a radioactive source. Basically, I'm measuring the time between consecutive decays which in theory should be unpredictable. The distribution of these time measurements…

random-number-generator randomness

asked Jan 05 '21 at 19:55

rdkylp

111
1
5

11

votes

2 answers

How do zero knowledge protocol with vertex-3-coloring work?

I'm currently not sure if I understood how the zero knowledge protocol with vertex-3-coloring works. I'll describe what I think I've understood and I'll write my questions in bold. Zero-knowledge-protocols in general What are they good for? What is…

zero-knowledge-proofs

asked Jun 14 '13 at 13:40

Martin Thoma

239
2
8

11

votes

1 answer

ECIES vs. RSA + AES

I am confused about the distinction between RSA and ECC (Elliptic curve) regarding encryption and would appreciate it if someone could confirm whether my understanding is correct. To encrypt a large file using RSA: Generate a random symmetric…

rsa aes elliptic-curves diffie-hellman ecies

asked Dec 03 '20 at 04:16

Vlad

579
1
4
13

11

votes

1 answer

Why use $(r,s)$ instead of $(r,s^{-1})$ as DSA signature?

A DSA signature consists of two scalars $(r,s)$. When signing $s$ is generated as: $s=k^{-1}(H(m)+xr) \mod q$ The signature is $(r,s)$ When verifying $s$ is only used to compute $w = s^{-1}$. So why does DSA store $s$ in the signature instead of…

dsa

asked Jun 05 '13 at 13:49

CodesInChaos

25,121
2
90
129

11

votes

2 answers

Why are bitwise rotations used in cryptography?

Any understanding I have of cryptography stops right around the cipher level. As such, I'm just curious as to why bit shifts and moreover circular bit shift are so prevalent in cryptography.

cryptanalysis

asked Jun 02 '13 at 01:53

Jeff

263
2
8

11

votes

4 answers

Fast cryptographic hash function for short inputs

I am looking for a cryptographic hash function optimized for speed on short inputs, in order to implement a pseudorandom generator with expansion factor 2 (e.g. takes 16 bytes of input and outputs 32 pseudorandom bytes). Here are some natural…

hash implementation pseudo-random-generator

asked Oct 09 '20 at 14:30

d1v

113
1
7

11

votes

2 answers

Is 512 bits a more secure hashing than 256 bits?

I know that 512 bit hashing is more secure, but I don't really know why. I hope someone can help me to better understand it in more detail.

encryption hash pseudo-random-function

asked Aug 02 '20 at 07:04

Hinton Zsh

361
3
10

11

votes

2 answers

Combining LFSRs for Stream Ciphers: Why do we need high non-linearity?

Linear Feedback Shift Registers (LFSRs) can be excellent (efficient, fast, and with good statistial properties) pseudo-random generators. Many stream ciphers are based on LFSRs and one of the possible designs of such stream ciphers is combining…

stream-cipher lfsr linear-cryptanalysis

asked May 10 '13 at 20:04

geo909

387
3
11

11

votes

1 answer

Should I use self generated or predefined RFC 7919 DH groups?

On a wiki page, archived by now, Mozilla switched from recommending self generated DH groups to the ones predefinded in RFC 7919. The recommendation was accompanied by the statement These groups are audited and may be more resistant to attacks…

diffie-hellman

asked Jul 20 '20 at 14:13

wedi

211
1
6

11

votes

1 answer

What is this problem called and is it hard? given $g^x$ output ($g^y, xy$)

Assume that $G$ is any cyclic group where the discrete log problem is hard, such as the elliptic curve group. Let $g$ be some generator of $G$. The problem is as follows: Given $(g, g^x)$ for unknown $x$, output any pair of the form $(g^y, xy)$ for…

diffie-hellman discrete-logarithm hardness-assumptions

asked Jul 07 '20 at 19:58

Jus12

1,679
1
12
21

11

votes

4 answers

One round of AES-128

Maybe it’s a silly question, I’m interested in the best known/chosen plaintext attack on only one round of AES-128. More specifically, what is the smallest number of known/chosen plaintext/ciphertext pairs which allow us to recover the key with high…

aes block-cipher chosen-plaintext-attack known-plaintext-attack

asked May 17 '20 at 09:30

user79425

Most Popular