Highest Voted Questions - Cryptography Stack Exchange

17

votes

1 answer

Salary Negotiation Problem

Imagine Alice is applying for a new job. Alice has an idea of the minimum salary that she is willing to accept—let's call this value A. Bob, the hiring manager for a company that Alice is applying to, also has a number in mind: the maximum…

asked Nov 05 '15 at 03:24

Robert Quattlebaum

514
3
9

17

votes

2 answers

Why Elliptic Curves?

What is the benefit of using elliptic curves over the standard finite field, when the cyclic subgroup we consider of the EC's solution group is just isomorphic to some integer residue class of prime order? Is it because the group operation is more…

elliptic-curves

asked Jul 11 '15 at 20:32

dylan7

551
4
10

17

votes

4 answers

About Cryptography in a Character Language

Suppose I had a message in Chinese (or another non-phonetic language) and I wanted to encipher it. Some of the simplest encryptions in English are substitution ciphers, but such ciphers don't seem to be a viable option for a language such as…

asked Jul 27 '11 at 18:16

davidlowryduda

2,329
1
18
18

17

votes

2 answers

Using ECB as RSA encryption mode when encrypted messages are unique?

As I understand, ECB should not be used as encryption mode unless you are encrypting single blocks of data which are always unique and only are encrypted once. I have a collection of ids represented by integers that I encrypt and transmit…

asked May 24 '15 at 22:34

user3685322

171
1
1
4

17

votes

3 answers

At what point can you you implement crypto algorithms?

First off, this feels like it should be a common question, so I'm sorry if I've missed an older thread. Note that in my question, I'm talking about "implementing AES" rather than "designing AES2" or something. I am of course familiar with the saying…

encryption

asked May 08 '15 at 21:08

Leonhart231

173
5

17

votes

4 answers

Is Wiener's attack on RSA extendable to larger keys with low hamming weight?

Using small private exponents with RSA improves performance. However, it has been shown (Wiener, 1990) that if $\log d \leq \frac14 \log N$, the private exponent $d$ can be reconstructed from the public key $(N,e)$. Smart, Inc. uses special private…

asked Mar 06 '11 at 06:51

SecureFish

17

votes

2 answers

Twofish vs. Serpent vs. AES (or a combo)

I've seen some posts and info online, but they are from 2009, 2010, 2011 or 2012, which is 3-6 years ago, which is a very long time. So I'm looking for an up-to-date answer about which of these is the safest encryption to be used, or rather most…

asked Mar 01 '15 at 08:40

Jack

273
1
2
6

17

votes

1 answer

Is CAST5 still a secure algorithm to use?

I just installed GnuPG for Windows. The documentation says the default symmetric cipher is CAST5. In PGP also, default cipher was CAST5. Is CAST5 secure to use? Any known attacks reported on this algorithm?

asked Feb 21 '15 at 13:17

RPK

571
1
5
12

17

votes

2 answers

Can one reduce the size of ECDSA-like signatures?

Using $n$-bit ECDSA, a signature has a size of $2·n$. It is possible to recover the public key from this signature, which shows that there is a publicly visible redundancy in the signature. Is it possible to exploit this redundancy to reduce the…

asked Apr 16 '12 at 08:05

CodesInChaos

24,841
2
89
128

17

votes

1 answer

Dancing confusion with Daniel J. Bernstein's stream ciphers

I know of Salsa20 which won the ESTREAM competition. This is dated of 25 Dec 2007. There is also the ChaCha20 stream cipher (cr.yp.to/chacha.html). This claims to increase the amount of diffusion per round. This is dated 28 Jan 2008. Then there is…

asked Dec 17 '14 at 10:58

x9c8v7

173
1
4

17

votes

3 answers

Are there asymmetric cryptographic algorithms that are not based on integer factorization and discrete logarithm?

In the computer security class (in which cryptography is a big chapter) that I took, I remembered the professor said about current asymmetric cryptography algorithms are based on integer factorization (i.e. prime numbers) and discrete logarithm. So…

asked Jul 19 '11 at 14:58

Lukman

1,387
1
12
10

17

votes

1 answer

What are the advantages of a static ECDH key?

What are the advantages of using "static-ephemeral ECDH" over "ephemeral-ephemeral ECDH"?

asked Feb 17 '12 at 20:26

TomW

171
1
3

17

votes

2 answers

Is perfect-forward secrecy achieved with RSA?

I am new to cryptography and am going through the book Understanding Cryptography by Paar and Pelzl. From what I understand Symmetric key distribution systems like Kerberos do not provide PFS because an attacker will be able to decrypt every…

asked Aug 01 '14 at 02:15

Ben Lamm

273
1
2
6

17

votes

2 answers

What curve and key length to use in ECDSA?

I'm developing a client/server system in Java which is not interacting with third-party software, so I don't have to worry about compatibility. At a certain point, I need the client and server to exchange a digitally signed value. I thought to use…

asked Jul 05 '14 at 15:36

Marcello

347
1
2
5

17

votes

5 answers

Why is RSA encryption key based on modulo $\varphi(n)$ rather than modulo $n$?

While calculating RSA encryption key we take modulo $\varphi(n)$ rather than modulo $n$. I can’t understand why it’s done this way.

asked Feb 01 '12 at 07:52

user5507

1,913
5
20
29

Most Popular