Highest Voted Questions - Cryptography Stack Exchange

33

votes

3 answers

How does RSA compute such enormous numbers?

So I have been reading and learning a lot about cryptography lately and in particular asymmetric ciphers such as RSA. One thing that I am curious about but never seems to be mentioned is how the cipher algorithm manages to compute such enormous…

asked Oct 05 '15 at 13:58

Luke

463
4
6

33

votes

3 answers

Why would anyone use an elliptic curve with a cofactor > 1?

In cryptography, an elliptic curve is a group based on a finite field $GF(p^k)$; this group has $n$ elements on it, and we work on a prime-sized subgroup of size $q$. We denote the value $h = n/q$ as the cofactor of the curve. My question is: why…

elliptic-curves

asked Jun 12 '12 at 22:28

poncho

147,019
11
229
360

33

votes

2 answers

Disadvantage AES-GCM

What are the disadvantages and weaknesses of AES-GCM mode for authenticated encryption? Why does the CAESAR competition say that it’s one of the goals to "find an AE scheme that offers an advantage over AES-GCM"? What advantage they are talking…

asked Jul 31 '14 at 19:25

user2035863

437
4
4

33

votes

1 answer

Should I use the first or last bits from a SHA-256 hash?

I have the need for a hexadecimal token that is smaller than the normal length of the hexadecimal representation of a SHA-256 hash. Should I take the first bits or the last bits? Which of them contain the most entropy?

asked Jul 18 '11 at 11:40

Peter Smit

433
5
7

33

votes

3 answers

Is 80 bits of key size considered safe against brute force attacks?

I came across the KATAN family of ciphers for small domain input blocks. They cipher arbitrary block lengths: 32, 48 and 64, but their key size is 80 bits only. Is 80 bits of key size considered safe against brute force attacks with current state…

asked Feb 03 '14 at 14:39

sashank

6,174
4
32
67

33

votes

2 answers

Reason why “XOR” is a linear operation, but ordinary “addition” isn’t?

I'm new in cryptography and try to read some articles in this field. Many of these articles talk about non-linear S-boxes, and nothing more on what they mean by their non-linearity. I have a simple question which I think will guide me through my…

asked Dec 28 '13 at 15:46

Shnd

495
1
4
7

33

votes

2 answers

In RSA, why is it important to choose e so that it is coprime to φ(n)?

When choosing the public exponent e, it is stressed that $e$ must be coprime to $\phi(n)$, i.e. $\gcd(\phi(n), e) = 1$. I know that a common choice is to have $e = 3$ (which requires a good padding scheme) or $e=65537$, which is slower but safer. I…

asked Dec 11 '13 at 02:44

Martin

341
1
3
4

33

votes

2 answers

Why do we need special key-wrap algorithms?

Wikipedia says: Key Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. We are using these algorithms to encrypt (and authenticate) a key, using a symmetric algorithm…

asked Nov 01 '11 at 00:29

Paŭlo Ebermann

22,656
7
79
117

32

votes

2 answers

ECDSA Compressed public key point back to uncompressed public key point

From the ECDH demo here, if I generate a private key for Alice I can get _ P = 1175846487558108474218546536054752289210804601041 Which gives the following public key point. X = 583857549063195252150226340830731484791130788759 Y =…

asked Jun 28 '13 at 09:30

Ian Purton

513
1
5
5

32

votes

2 answers

Theoretically, what if I were to change some magic numbers in, say, AES?

Purely theoretically. I know it's a bad idea to try to invent your own encryption and that's not the intention here. Just a thought experiment. Say, I change some or all of the magic numbers used in, say, AES (but this would also apply to other…

asked Dec 09 '19 at 02:32

RobIII

459
4
10

32

votes

6 answers

What is the practical impact of using System.Random which is not cryptographically random?

I recently noticed a .NET software using PBKDF to derive an encryption key from a password string. This password string was dynamically generated using System.Random. Now, I know that System.Random is not really cryptographically random and should…

asked Aug 29 '19 at 19:46

learnerX

687
1
8
15

32

votes

1 answer

Is a hash a zero-knowledge proof?

I’m trying to wrap my head around zero knowledge proofs, but I’m having trouble understanding it. In my current understanding, zero-knowledge proofs prove to the recipient that the sender has a certain knowledge without disclosing it. Like trying to…

zero-knowledge-proofs

asked May 28 '19 at 18:58

vrwim

468
4
7

32

votes

2 answers

Prevent double-spending with decentralized digital currencies without all transactions being public?

A recent approach to creating a decentralized online currency, called Bitcoin, has been generating some interest. The goal is to have a way to transfer currency without a central authority and without double spending or counterfeiting. Their…

asked Aug 25 '11 at 10:27

Artem Kaznatcheev

421
4
6

32

votes

5 answers

Is it bad to expose the public key?

I am studying about blockchain and have been focusing on encryption protocols that allow authentication. The digital signature of public and private key seems solid, I have focused on the algorithm ED25519. But in some places, some people say about…

asked Jun 18 '17 at 11:44

Victor França

439
1
5
6

32

votes

3 answers

Applicability of IBM's projected 50-qubit quantum computer Q to cryptanalysis?

IBM announced Q, a project for a 50-qubit universal quantum computer, according to the press realease. Here is more PR spin, and the research sub-page. What would be the applicability of that to cryptanalysis?

asked Mar 06 '17 at 16:27

fgrieu

140,762
12
307
587

Most Popular