Highest Voted Questions - Cryptography Stack Exchange

32

votes

1 answer

What do the signature security abbreviations like EUF-CMA mean?

From time to time, one stumbles across formal security definitions. This includes security definitions for signature schemes. The most common ones are the *UF-* ones, advertising security against specific classes of attackers. Now these notions may…

asked Feb 25 '17 at 16:15

SEJPM

45,967
7
99
205

32

votes

3 answers

New quantum attack on lattices (or Shor strikes again)?

Lior Eldar and Peter W. Shor published a paper on arXiv.org in which they present a new quantum algorithm against a variant of BDD. They claim that their new algorithm can efficiently solve the following problem: Given a lattice $L$, a vector $v$,…

asked Nov 22 '16 at 12:46

mephisto

2,888
19
29

32

votes

2 answers

Key derivation functions (KDF): What are they, what are their main purposes and how they can be used?

What are KDFs? What are their main purposes? How they can be used, in other words, what's their drill in a cryptography scheme?

asked Oct 17 '16 at 14:42

Samuel Paz

485
1
4
6

32

votes

3 answers

How many KDF rounds for an SSH key?

What is the best practice on choosing how many key derivation function (KDF) rounds/iterations when generating an SSH key pair with ssh-keygen? Am I correct in saying that it is unnecessary if the passphrase is strong enough? Is there some kind of…

asked Sep 29 '16 at 03:36

Peter Tseng

423
1
4
6

32

votes

2 answers

Why can't one implement bcrypt in Cuda?

I had heard that although it's easy to implement message digest functions like MD5, SHA-1, SHA-256 etc. in CUDA (or any other GPU platform), it is impossible to implement bcrypt there. bcrypt is different from these hash functions, in that Blowfish…

bcrypt

asked Aug 13 '11 at 01:36

Rook

1,496
1
13
22

32

votes

1 answer

What is a ratchet?

while reading Whatsapp's Security Whitepaper I found the term "ratchet". What does it mean in cryptography? The Message Key is derived from a sender’s Chain Key that “ratchets” forward with every message sent. Additionally, a new ECDH agreement…

asked Sep 03 '16 at 16:38

M-elman

1,248
3
15
24

32

votes

2 answers

How much computing resource is required to brute-force RSA?

It's been over 30 years since Rivest, Shamir and Adleman first publicly described their algorithm for public-key cryptography; and the intelligence community is thought to have known about it for around 40 years—possibly longer. It's fair to assume…

asked Jun 25 '12 at 06:14

eggyal

507
1
5
10

32

votes

3 answers

Are common cryptographic hashes bijective when hashing a single block of the same size as the output?

It's been said that CRC-64 is bijective for a 64-bit block. It the corresponding statement true for typical cryptographic hashes, like MD5, SHA-1, SHA-2 or SHA-3? For example, would SHA-512 be bijective when hashing a single 512 bit block?

asked Aug 03 '11 at 15:50

SDL

1,867
13
25

32

votes

1 answer

How is SHA1 different from MD5?

On the surface, SHA1 and MD5 look pretty similar. Their diagrams include chunks of bits, bit rotation, xor and special functions. Their implementations are roughly the same length (at least the ones I've seen). Yet it's widely known that MD5 is…

asked Aug 12 '14 at 23:40

qwr

435
1
4
13

32

votes

3 answers

Random oracle model proofs and programmability

Proving the security of a scheme with the random oracle model (ROM) involves two steps: first you prove that the scheme is secure in an idealized world where a random oracle exists, and then you implement this scheme in the real world by replacing…

asked Dec 07 '11 at 10:51

dira

421
5
3

32

votes

2 answers

Using the same RSA keypair to sign and encrypt

The RSA signature operation is basically the same as encrypting with the private key. In particular, both operations use the same kind of keys. Is it safe to use the same RSA keypair both for encryption / decryption and for signing / verification?

asked Dec 03 '13 at 09:39

Lay András

421
1
4
3

31

votes

1 answer

Is it possible to actually verify a “sponge function” security claim?

When using a “sponge function” to create a cryptographic hash, we can look at the flat sponge claim, which flattens the claimed success probabilities of all attacks using a single parameter: the claimed capacity cclaim Is there any way to actually…

asked Jul 06 '13 at 19:44

e-sushi

17,891
12
83
229

31

votes

3 answers

repeating-key xor and hamming distance

I read that to break repeating-key xor you can do the following: try a keysize $n$ and compute the hamming distance between the first $n$ bits of the encrypted string and the bits $n+1$ to $2n$ of the encrypted string and normalize by keysize. The…

asked Apr 25 '13 at 00:34

user782220

443
1
4
4

31

votes

3 answers

Is 128-bit security still considered strong in 2020, within the context of both ECC Asym & Sym ciphers

Given that much of our ECC crypto primitives provide “only” 128-bit security when defined over a 256-bit curve due to pollard-rho, is it then still safe in 2020 to consider 128-bit security safe for the medium term (5-8 years). I’m looking for an…

asked Jan 13 '20 at 20:57

Woodstock

1,384
1
13
23

31

votes

4 answers

How to fairly select a random number for a game without trusting a third party?

Several people are playing a game with random events and require a way to produce a random number. (Such as dice rolls or a lottery.) Can this be done such that each player has the power to be reasonably sure that the random number was fairly…

asked Sep 23 '11 at 23:45

billpg

711
5
14

Most Popular