Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
11
votes
3 answers

Designing a hash function from first principles rather than depending on heuristics

Is there a general method to design a cryptographic hash function (with desired properties) from first principles? That is, is there a general process for constructing such functions? I get the impression that Merkle–Damgård construction simplifies…
wil3
  • 213
  • 2
  • 7
11
votes
1 answer

AES timing attacks

I'm just interested in cryptography, so please don't expect me to be an expert. ;) I recently read about AES cache timing attacks and found it very interesting. I read the article Cache-timing attacks on AES by Daniel Bernstein, but I don't seem to…
cooky451
  • 257
  • 2
  • 7
11
votes
2 answers

What is the relation between the existence of a cryptographic hash function and the existence of a PRG?

Does the existence of a PRF/PRG/one way function imply the existence of a hash function? I did not find a proof of the existence of a cryptographic hash function, so I want to know whether it is based the same axiom (the PRG axiom)?
Blanco
  • 1,632
  • 1
  • 11
  • 20
11
votes
3 answers

Relative merits of AES ECB and CBC modes for securing data at rest

I need to store several million Payment Card Numbers (PCNs) securely in a mainframe database (that is, 'at rest'). I assume that any attacker will have access to all of the stored data. I assume the availability of a secure device that can: Store a…
Brent.Longborough
  • 335
  • 2
  • 8
11
votes
2 answers

How did someone discover N, order of G for SECP256k1?

Could someone please explain, in simple and easy terms, how the creators did (or should have) derived the N, order of G for SECP256k1? Its my understanding its derived from p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE…
Mine
  • 229
  • 2
  • 8
11
votes
1 answer

What is a trapdoor permutation?

Can anyone explain to me what a trapdoor one-way permutation is? Is RSA a trapdoor one-way permutation? Context: I was reading about ring signatures. On page 560, it describes steps to implementing a ring signature. I am confused by step 3, where…
user1812844
  • 263
  • 1
  • 2
  • 4
11
votes
0 answers

Is there a pen-and-paper way to securely share a secret via public key encryption?

We have several questions tagged pen-and-paper talking about encryption, hashing, signing, etc. but no question asks about exchanging a secret via public key encryption in a secure way. Does any solution exist, which would allow us to exchange a…
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
11
votes
0 answers

Decision R-LWE parameters for spherical error with worst-case hardness

In Peikert et al.'s most recent work (STOC 2017) a direct reduction of worst-case lattice problems to decision R-LWE is achieved for $\alpha q \ge 2 \cdot \omega(1)$ (Theorem 6.2), where $\alpha q$ is the Gaussian standard deviation. However, it is…
Daniela
  • 111
  • 2
11
votes
3 answers

Can there be two hash functions without common collisions?

Is there a way to prove/create (or are there known hash functions) two hash functions that never have the same collision? I mean, like provable in way that someone who took one cryptography class in university can prove. For example, I want hash…
kyliod
11
votes
1 answer

Collision resistance of hash function built on modular exponentiation

Consider the following hash function family for hashing integers: $Gen(1^k)$: generate 2 $k$-bit primes p,q. Let $n = pq$. Choose random $y \rightarrow QR_n$ and output $n,y$. $H_{(n,y)}(x) = y^x \bmod n$ My question is this hash function collision…
chelsea
  • 404
  • 2
  • 12
11
votes
1 answer

Why doesn't CTR mode require blocking?

I've been reading a bit about block cipher modes and I have a relatively straightforward question regarding CTR. In essence, I was hoping you guys would be kind enough to validate my understanding of things. As I understand it, CTR does the…
Louis Thibault
  • 221
  • 2
  • 5
11
votes
2 answers

Real world use cases of Multi-Party Computation

Most of the research papers give imaginary applications of multi-party computation. Either they talk about Yao's millionares' problem or two or more corporates willing to compute some intrustion detection stuff collectively on their private data…
sashank
  • 6,234
  • 4
  • 36
  • 68
11
votes
1 answer

Why was WEP apparently not reviewed by many cryptographers?

According to this analysis of WEP, These attacks point to the importance of inviting public review from people with expertise in cryptographic protocol design; had this been done, the problems stated here would have surely been avoided. It is my…
Henry Elliott
  • 211
  • 1
  • 2
11
votes
2 answers

Summarize the mathematical problem at the heart of breaking a Curve25519 public key

It's pretty easy to generate a Curve25519 private key: generate 32 random bytes of data and then do: e[0] &= 248 e[31] &= 127 e[31] |= 64 You can then generate a public key by doing fancy math on the private key. For example, here's a random…
Kevin Burke
  • 227
  • 2
  • 6
11
votes
1 answer

Are pairings still the most efficient implementation for identity and attribute-based encryption?

I read on Wikipedia: [...] pairings have also been used to construct many cryptographic systems for which no other efficient implementation is known, such as identity based encryption or attribute based encryption schemes. Is this still the…
Shalec
  • 407
  • 2
  • 10
1 2 3
99 100