Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
25
votes
2 answers

Is RSA encryption with a private key the same as signature generation?

It is often said that RSA encryption of a cryptographic hash with a private key is the same as signing (signature generation). And that verification consists of decryption using a public key. Is RSA encryption with a private key over a cryptographic…
Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
25
votes
5 answers

How useful is NIST's Randomness Beacon for cryptographic use?

NIST have just launched a new service called the NSANIST Randomness Beacon. It has been met with some initial skepticism. Perhaps the cryptography community would have used it before June 2013 when NIST had a trusted reputation. At first I thought…
user3461497
  • 361
  • 3
  • 5
25
votes
2 answers

Why do we use XTS over CTR for disk encryption?

I'm taking Prof. Boneh's crypto class from Coursera, and am unsure on the requirement for XTS mode for disk encryption. It seems that CTR mode would do exactly what XTS can do, but is simpler to implement? In either mode, I will use the disk sector…
shrek
  • 353
  • 3
  • 5
25
votes
5 answers

What is the lowest level of mathematics required in order to understand how encryption algorithms work?

What mathematical fields of knowledge would be required in order to get a good understanding of encryption algorithms? Is it basic algebra, or is there a "higher education" mathematical field dedicated to encryption? I know there is the…
user8601
25
votes
3 answers

What is the ideal cipher model?

What is the ideal cipher model? What assumptions does it make about a block cipher? How does it relate to assuming that my block cipher is a pseudo-random permutation (PRP)? When is the ideal cipher model appropriate to use? How do I tell…
D.W.
  • 36,365
  • 13
  • 102
  • 187
24
votes
3 answers

What does the work "An Efficient Quantum Algorithm for Lattice Problems Achieving Subexponential Approximation Factor" mean?

In An Efficient Quantum Algorithm for Lattice Problems Achieving Subexponential Approximation Factor, the author claims they give a polynomial-time quantum algorithm for solving the Bounded Distance Decoding problem with a subexponential…
user77340
  • 787
  • 4
  • 13
24
votes
4 answers

What are the requirements of a nonce?

Sometimes I read that a nonce has to be a random number but I disagree. A nonce just can't repeat itself. You could increase in by 1 every time if you are sure it would never repeat.
Smit Johnth
  • 1,681
  • 4
  • 17
  • 27
24
votes
1 answer

Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?

I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes: $$ \begin{array}{|c|c|} \hline \begin{array}{c} \textbf{Key Size} \\ \left(\text{bits}\right)…
kapil
  • 343
  • 2
  • 6
24
votes
7 answers

Turning a cipher into a hashing function

This is theoretical question. I'd like to know if it's possible (and what are eventually the consequences), not that I'm going to do it in one of my projects. ;) The first hashing functions created were based on a symmetric cipher (just like the…
Marek Puchalski
  • 373
  • 2
  • 8
24
votes
3 answers

Selective format-compliant JPEG encryption?

I am working towards building a format-compliant encryption system for pictures. The aim of it is to be able to obscure specific areas of a picture (i.e. faces, car license numbers...) while keeping the rest unaltered. The aim would be, for…
DashDotDashDot
  • 349
  • 1
  • 7
24
votes
3 answers

How effective is quantum computing against elliptic curve cryptography?

I've been reading the Wikipedia page on Elliptic-Curve Cryptography and I came across the following. in August 2015, the NSA announced that it plans to replace Suite B with a new cipher suite due to concerns about quantum computing attacks on ECC.…
Fathima Abdur Rahman
  • 421
  • 1
  • 3
  • 4
24
votes
4 answers

What is the progress on the MIT LCS35 Time Capsule Crypto-Puzzle?

Ron Rivest posed a puzzle in 1999. MIT LCS35 Time Capsule Crypto-Puzzle. The problem is to compute $2^{2^t} \pmod n$ for specified values of $t$ and $n$. Here $n$ is the product of two large primes, and $t$ is chosen to set the desired level…
DanBeale
  • 343
  • 2
  • 6
24
votes
3 answers

AES-GCM and its IV/nonce value

I was reading about the differences between the GCM and the CBC more here and I have a follow up doubt on the same. In the CBC mode the person who performs the encryption is the one who provides the IV for the encryption -- and the IV is required to…
user114
24
votes
4 answers

Is using the same IV in AES similar to not using an IV in the first place?

So if I understand how an IV works with AES, I'm supposed to generate a different IV for every message because using only a key, I will get the same encryption if the message was encrypted twice (which is not secure) thus we use the IV which is some…
Ali_Nass
  • 343
  • 1
  • 3
  • 8
24
votes
1 answer

Memory-hard password hash in practice?

Dan Boneh, Henry Corrigan-Gibbs, and Stuart Schechter have proposed Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks (in proceedings of AsiaCrypt 2016). Taking the abstract at face value, it is a blow…
fgrieu
  • 140,762
  • 12
  • 307
  • 587
1 2 3
99 100