Highest Voted Questions - Cryptography Stack Exchange

23

votes

1 answer

What was the first hash and what problem was it supposed to solve?

Today's hashes have many uses. File integrity, verification of a secret without revealing the secret (i.e. passwords), hash maps, bloom filters, and probably a few more cases not immediately coming to mind. The Caeser Cipher and Vigenere Cipher were…

asked Mar 12 '18 at 19:25

Corey Ogburn

851
7
18

23

votes

3 answers

Known methods for constant time (table-free) AES implementation using 'standard' operations?

There are several known methods for implementing AES in constant time using SIMD operations, mostly based around fast byte shuffling (for instance Hamburg and Kasper/Schwabe). Are there any similar approaches that allow a constant-time AES to be…

asked Jul 12 '11 at 23:03

Jack Lloyd

1,694
17
22

23

votes

2 answers

How does a padding oracle attack work?

I am unsure of how a padding oracle attack works. What I am not getting is how changing one bit at one time allows one to exploit(get keys) ASP.NET machines. Can anyone explain this?

asked Sep 04 '12 at 04:10

Mark Dioes

23

votes

2 answers

Is it possible for Alice and Bob to both sign a message "simultaneously"?

Let's say that there is a message which is considered valid if signed by both Alice and Bob. Alice could sign the message and then give it to Bob, so that he can sign it and give it back to her. But, for various reasons, Alice doesn't want Bob to…

asked Jun 04 '16 at 00:41

Jehan

374
1
6

23

votes

2 answers

Does AAD make GCM encryption more secure?

Does additional authenticated data (AAD) make AES GCM encryption more secure? What if we drop AAD in AES-GCM 256? If we drop it, how will it make the encryption less secure?

asked May 31 '16 at 04:52

dReAmEr

343
1
2
7

23

votes

2 answers

Which elliptic curves are quantum resistant?

If I want to learn about quantum resistant crytography what are the best resources? Which type of elliptic curves should I be studying?

asked May 21 '16 at 07:21

Imagin Ation

339
1
2
5

23

votes

4 answers

EC Schnorr signature: multiple standard?

I'm working on some EC-Schnorr signature code. Reading various papers on that, it seems EC-Schnorr is not standardized as well as ECDSA. For example, I found two main differences in two main actors specs (also found other minor variants in other…

asked Apr 26 '16 at 13:33

cslashm

413
3
4

23

votes

2 answers

Is GCM still recommended?

I stumbled across a forum thread where security researcher Thomas Ptacek seemed to have negative feelings towards GCM. I had always thought from prior readings that GCM was the current gold standard for efficient, secure, easy-to-use AES modes? Here…

asked Apr 11 '16 at 14:13

Anthony Kraft

521
3
10

23

votes

3 answers

How to publish a cipher (concept)?

In the last months I was searching for a subject for my bachelor thesis. I came up with an idea for a new cipher concept that works by combining already known techniques in a (hopefully) new way. So I talked to our professor for cryptography.…

asked Mar 02 '16 at 07:10

masinger

463
4
9

23

votes

3 answers

Is there an AES identity key?

The following questions are of pure theoretical nature. I don't have an application in mind. Is there a key that makes AES the identity function? Is there a key that makes AES the identity function for certain inputs? Is it known whether such keys…

aes

asked Feb 23 '16 at 13:05

corny

335
2
6

23

votes

6 answers

Can an Enigma-style cipher of sufficient complexity be considered secure today?

Regarding the German Enigma machines, if I recall correctly, the reason they were defeated was because the Allies were able to generate a massive database of possible rotor settings, and because the day key was encoded twice in the beginning of each…

asked Aug 03 '11 at 02:18

user93

23

votes

2 answers

Design properties of the Rijndael finite field?

So we've already had a question on replacing the Rijndael S-Box. My question is - can we use a different finite field other than the one given by $x^8 + x^4 + x^3 + x + 1$ in $GF(2^8)$. In other words, would any irreducible polynomial over this…

asked Jul 26 '11 at 17:05

user46

23

votes

3 answers

Why is Poly1305 popular given its 'sudden death' properties?

ECDSA has the undesirable property that if a key pair reuses a nonce in a signing operation, the cryptosystem experiences catastrophic failure in the form of private key leakage. I've heard this referred to as "sudden death" cryptography. Of course…

asked Nov 16 '14 at 07:05

edifice

333
2
5

23

votes

1 answer

What is the history of recommended RSA key sizes?

One can find up to date recommended key sizes for RSA at NIST sp800-131A for example. In short, it suggests a key size of at least 2048 bits. Is it possible to find a history of recommended key sizes for RSA, going back to the invention of RSA?

asked Oct 15 '14 at 14:07

Simd

299
1
2
8

23

votes

6 answers

What is the most secure hand cipher?

By "hand cipher", I mean a symmetric cipher for which encryption and decryption can can both be performed with a pencil on graph paper, consuming about 10-20 seconds per character by a proficient user. Additional simple tools, e.g. a deck of cards…

classical-cipher

asked Jan 13 '12 at 01:59

Jordan

575
1
4
9

Most Popular