Highest Voted Questions - Cryptography Stack Exchange

21

votes

8 answers

Does keyless encryption exist?

Does there exist an encoding/hashing/encryption scheme whereby the original string can always be derived in its entirety given the entire encoded/hashed/encrypted string, and nothing else (no key/password). But also, no portion of the original…

asked Mar 22 '18 at 00:53

bhazzard

311
1
2
3

21

votes

5 answers

Are there any (asymmetric) cryptographic primitives not relying on arithmetic over prime fields and/or finite fields?

Trying to figure out if any (asymmetric) cryptographic primitives exists, which do not rely on arithmetic over a prime field and/or arithmetic over a finite field, some people might get lost in research. Therefore, here’s the related question…

asked Dec 27 '17 at 17:00

e-sushi

17,891
12
83
229

21

votes

2 answers

Why does HOTP use such a complex truncate function?

In the HOTP protocol after calculating a 20 byte hash it is truncated to 4 bytes. For this first an offset is calculated (low-order 4 bits of the last byte) which determines the four bytes to be selected: DT(String) // String =…

asked Nov 02 '12 at 11:15

Jeff

493
3
9

21

votes

2 answers

What is a “witness” in zero knowledge proof?

I've seen the term "witness" tossed around when talking about knowledge extractors, but I have no idea what it means. I can't find a definition. What is a “witness” in zero knowledge proof?

asked Feb 01 '17 at 09:56

Zygro

319
2
4

21

votes

1 answer

What exactly is bootstrapping in FHE?

I have been reading about FHE lately, and it seems that bootstrapping is the core concept in order to develop FHE schemes. But, I don't exactly understand the idea behind it. I know that the schemes based on Gentry's design are noise-based, and that…

homomorphic-encryption

asked Dec 31 '16 at 22:07

typos

809
6
11

21

votes

1 answer

What is the theoretical and practical status of mental poker?

I'm able to find a lot of scattered papers on the development of mental poker since RSA proposed the initial solution but no recent report (i.e. after 2005) on what is the status of the problem, eg: What are the remaining open problems/challenges? …

encryption

asked Oct 05 '12 at 16:16

user453455

311
1
3

21

votes

3 answers

Is RSASSA-PKCS1-v1_5 a good signature scheme for new systems?

Is RSASSA-PKCS1-v1_5 a good signature scheme to recommend that people use in new systems? Is it believed to be secure and represent the state-of-the-art in RSA-based signatures? I understand that RSA-PSS is a newer signature scheme, also…

asked Sep 20 '12 at 21:56

D.W.

36,365
13
102
187

21

votes

4 answers

Is it safe to use file's hash as IV?

I'm encrypting some files using AES in CBC mode. I'm also using file's digest (SHA-1) to check that data is decrypted correctly (so I need to store it with file). Is it safe to use this digest as AES's IV and store it in the header of file? Or it…

asked Sep 08 '12 at 18:49

Ariyan

351
2
8

21

votes

5 answers

Hash function that allows to decide if A > B if you only have hash(A) and hash(B)?

Is it possible to construct a hash function with the following property? If you have hash(A) and hash(B) with A and B being integers, you can tell if A is greater than B -- without however knowing the actual values of A and B. Even better: If you…

hash

asked Jan 06 '16 at 15:10

RudolfKaiser

373
2
5

21

votes

4 answers

How secure is the Bitcoin protocol?

Are there any evidence (other than not being cracked so far) that the Bitcoin protocol is secure? "How secure" is it? (I realize that this might not qualify as a meaningful question - feel free to edit if you can improve it. Also, if you liked this…

cryptocurrency

asked Aug 03 '11 at 21:40

ripper234

1,027
1
9
13

21

votes

2 answers

How does Diffie–Hellman differ from elliptic curve Diffie–Hellman?

I didn't understand how ECDH actually works. Disclaimer: I know very little about elliptic curves. Here is how DH works: Alice and Bob agree on a prime number $P$ and a generator $G$. (They use one from RFC 3526) Alice generates a long-enough (how…

asked Oct 17 '15 at 23:48

user28432

211
1
2
3

21

votes

3 answers

Memory-hard proof-of-work: are they ASIC-resistant?

Is a memory-hard proof-of-work scheme necessarily resistant to speedups from custom ASICS? Background: Bitcoin uses a proof-of-work scheme based on SHA256 hashing. The scheme is compute-bound. Initially, people would mine solutions on their PCs or…

asked Oct 16 '15 at 17:41

D.W.

36,365
13
102
187

21

votes

2 answers

What is the advantage of AEAD ciphers?

What is the advantage of AEAD ciphers? Why is the TLS working group pushing for them? I thought modern cipher suites require SHA256 for authentication. What advantage is there to including Poly1305? Slight additional question:…

asked Jul 31 '15 at 09:27

user3201068

701
1
5
18

21

votes

6 answers

Can I encrypt user input in a way I can't decrypt it for a certain period of time?

I run a baseball league and would like to do silent auctions for free agents. This would require teams to enter their highest bid and the highest bidder at the end of the auction period would win. Unfortunately, my league, my code, my server, I…

encryption

asked May 01 '12 at 22:10

dan

313
1
7

21

votes

5 answers

Why is the IV passed in the clear when it can be easily encrypted?

The initialization vector (IV) is exclusive or'd against the plain text before encryption for the first block sent in order to prevent an attacker from learning that duplicate message blocks are being sent. This technique is often used with…

asked Apr 04 '12 at 22:14

Bob Bryan

1,283
2
10
11

Most Popular