Highest Voted Questions - Cryptography Stack Exchange

11

votes

1 answer

Alice trusts Bob only when Bob trusts Alice

some story first: Alice and Bob both have public/private key pairs. Now Bob wants Alice to sign his public key id. Alice agrees but only when Bob signs the public key id of her. Is this something that can be achieved? at the end, the signatures…

public-key signature pgp

asked Mar 26 '13 at 22:23

esskar

373
1
11

11

votes

2 answers

What do NM-CPA and NM-CCA mean?

When I've been researching authenticated encryption, the following terms keep showing up: NM-CPA NM-CCA ....without any definition as to what they mean. I've tried searching the web for their definitions, but I'm not getting very far. Could…

authenticated-encryption terminology chosen-plaintext-attack chosen-ciphertext-attack malleability

asked Mar 15 '19 at 17:05

starbeamrainbowlabs

213
2
9

11

votes

2 answers

What is a rank-1 constraint system?

Why not rank-2 constraint system or rank-3 constraint system? How do rank-1 constraint systems link to circuits?

zero-knowledge-proofs circuit

asked Mar 07 '19 at 23:39

WeCanBeFriends

1,383
11
21

11

votes

1 answer

CAESAR finalists: Lightweight case (Ascon vs ACORN)

The Ascon cipher has been selected as the first choice in lightweight case and ACORN as the second. However according to Face-off between the CAESAR Lightweight Finalists: ACORN vs. Ascon paper, the winner of the face-off is ACORN. They mentioned…

symmetric authenticated-encryption lightweight

asked Mar 01 '19 at 10:29

hardyrama

2,288
1
17
41

11

votes

1 answer

how does BearSSL's GCM modular reduction work?

BearSSL (in src/hash/ghash_ctmul.c) seems to be doing a modular reduction that I don't completely understand. Here's the code: /* * GHASH specification has the bits "reversed" (most * significant is in fact least significant), which does * not…

finite-field gcm aes-gcm

asked Jan 13 '19 at 02:06

neubert

2,969
1
29
58

11

votes

3 answers

Homomorphic encryption - Why does addition not imply multiplication?

As far as I know: There are some partially homomorphic encryption (PHE) systems that support either addition or multiplication. A fully homomorphic encryption (FHE) system can do addition as well as multiplication and thus supports arbitrary…

homomorphic-encryption

asked Dec 29 '18 at 13:57

AleksanderCH

6,511
10
31
64

11

votes

1 answer

Point halving on elliptic curves of even order

I am trying to understand how point halving on elliptic curves of even order works. Specifically: suppose $g$ is an elliptic curve, and $G$ is a generator point on this curve. The order of group generated by $G$ is even and equal to $q$. Suppose…

elliptic-curves

asked Dec 26 '18 at 22:46

irakliy

1,009
8
16

11

votes

5 answers

How do I construct a 256-bit hash function from 128-bit AES?

I would like to generate a 256-bit hash on a microcontroller that has a 128-bit (only) AES engine. How can I construct a 256-bit hash function from a 128-bit cipher?

hash aes

asked Sep 09 '11 at 17:13

joeforker

571
5
13

11

votes

1 answer

Should the secret key of Shamir's secret-sharing algorithm be interpreted byte by byte?

Should the secret message of Shamir's secret-sharing algorithm be interpreted and processed byte by byte? Interpreting it byte by byte makes it easier to process, but in case one of the shareholders decides to tamper with some of the bytes in his…

implementation secret-sharing

asked Mar 05 '13 at 18:54

Penn

153
6

11

votes

4 answers

Why is SHA-512 limited to an input of $2^{128}$ bits?

Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?

hash sha-512

asked Dec 09 '18 at 22:15

w0f

213
2
5

11

votes

1 answer

How does the process of creating a new secure Elliptic Curve look like?

I'm especially curious about the technique djb would have used to come up with his Curve 25519. Say I have already written down my goals, such as - Twist Secure, Speed, Side Channel resistance, etc. In this case, how do I go about creating new…

public-key elliptic-curves tls ed25519 x25519

asked Dec 02 '18 at 23:31

Cookies

213
1
7

11

votes

3 answers

Is signing a hash instead of the full data considered secure?

I reference object in some of my code in hashes. The signature is itself is another object separate from the one I am signing (for obvious reason). I consider simpler to simply sign the reference to my object (its hash), but I wonder if it is…

signature

asked Feb 13 '13 at 02:57

Gopoi

240
2
12

11

votes

3 answers

What is different below two Ciphersuites?

I have two questions; I need an explanation for the differences of below two cipher suites. How do they work with SSL/TLS protocol? (my main concern first one doesn't have 'ecdhe_rsa' part…

encryption hash tls openssl

asked Oct 06 '18 at 14:00

uma

241
1
2
9

11

votes

2 answers

Can quantum computers put computer security in jeopardy?

There are many articles about quantum computers describing how powerful they are in computing and that they can solve very complicated equations in a short time. One of the biggest security measures that provide safety for computer security is that…

encryption quantum-cryptanalysis quantum-computing

asked Sep 02 '18 at 07:52

R1w

1,960
4
23
45

11

votes

5 answers

How to best obtain bit sequences from throwing normal dice?

Throwing normal dice, one can get sequences of digits in [0,5]. In practice, which is the best procedure to transform such sequences into a desired number of bit sequences?

randomness arithmetic

asked Jan 30 '13 at 21:19

Mok-Kong Shen

1,302
1
11
15

Most Popular