Highest Voted Questions - Cryptography Stack Exchange

16

votes

5 answers

Is there an intuitive explanation as to why only the private key can decrypt a message encrypted with the public key?

I have just learned about using PGP/GPG for email encryption and one thing bugs me: How is it possible that a message encrypted with somebody's public key can be decrypted only with that person's private key? This concept of asymmetric encryption is…

asked Jul 28 '13 at 13:36

king_julien

411
4
8

16

votes

3 answers

Why Quantum Key Distribution (QKD) is impractical

In NSA's FAQ on Quantum Computing and Post-Quantum Cryptography, it is mentioned as Q: Should I use a QKD system to protect my NSS from a quantum computer? A: No. The technology involved is of significant scientific interest, but it only addresses…

quantum-key-distribution

asked Sep 01 '21 at 13:35

kelalaka

48,443
11
116
196

16

votes

2 answers

Difference between "one-way function" and "cryptographic hash function"

What's the difference between a one-way function and a cryptographic hash function?

hash

asked Jun 19 '13 at 15:51

juaninf

2,701
2
18
28

16

votes

7 answers

Which is the simplest cryptographic algorithm which is close to commercial-level security?

An algorithm is simpler than another if It is easier to explain to a noob with basic high-school math knowledge. It is easier to securely self-implement by an intermediate programmer (Yes I know one should never 'roll their own' but this is just a…

asked Aug 07 '20 at 12:20

An Ant

271
2
7

16

votes

2 answers

Quality of randomness on a Linux system with haveged

Has anyone checked if using haveged, a Linux daemon which uses the HAVEGE algorithm, changes the non-deterministic properties of the random data from /dev/random in any negative ways?

asked Apr 23 '13 at 05:30

Hal Bal

171
1
4

16

votes

3 answers

Has AES-128 been fully broken?

Has AES-128 been broken over the full 10 rounds? If so, by what means? By a commercial entity? By a supercomputer? If not, why is AES-256 used to replace AES-128 so frequently?

aes

asked Dec 31 '19 at 08:46

Offir

283
1
3
5

16

votes

3 answers

Why is the core ChaCha primitive not good for use in a CRCF? Why create BLAKE?

Why is the core ChaCha primitive not good for use in a collision-resistant compression function (crypto hash)? Why go through the trouble to create BLAKE? What's wrong with using the core ChaCha primitive unaltered in a Merkle–Damgård like…

asked Nov 15 '19 at 09:08

Charlie

374
1
10

16

votes

1 answer

Why is double encryption that's equivalent to single encryption no better than single encryption?

In the "Introduction to Cryptography: With Coding Theory" by Trappe and Washington, in the chapter about DES algorithm the authors say that: "if a cryptosystem is such that double encryption is equivalent to a single encryption, then there is no…

asked Oct 16 '19 at 15:02

AleWolf

461
3
10

16

votes

6 answers

Is the decompression of compressed and encrypted data without decryption also theoretically impossible?

We have two communication points in an information system, call them A(lice) and B(ackup). B has to store encrypted data received from A. The storage of B is encrypted, but not compressed1. B should have no option to decrypt the data of A2. However,…

asked May 30 '19 at 17:48

peterh

390
4
17

16

votes

1 answer

How long does it take to crack RSA 1024 with a PC?

Using an Intel Core i5 CPU, how long does it take to crack RSA using a key size of 1024 bit (generated using a secure key pair generation function)? Suppose for instance that we have thousands of zombies or a big network of computers. To calculate…

asked May 26 '19 at 14:45

R1w

1,952
4
20
45

16

votes

1 answer

Is this paper's technique for factoring RSA 2048 with noisy qubits realistic?

A paper titled How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits has just come out which proposes a technique to factor RSA keys with moduli up to 2048 bits with a design whose assumptions they stress are realistic. What…

asked May 25 '19 at 03:13

forest

15,253
2
48
103

16

votes

1 answer

Commitment scheme using hash functions

Let's say Alice and Bob are playing a game where Bob is trying to guess a number Alice has chosen. Alice chooses a key $K$ and a number $N$ at random and performs $C=Commit(K, N)$ where $Commit(K, N)=h(h(K) \| h(N))$. $h()$ is a collision-resistant…

asked Mar 22 '13 at 07:37

rath

2,548
3
25
40

16

votes

6 answers

Is AES easier to crack when the input is small?

Say you just want to encrypt a number. For example, say the number could be any double. A double in C# and Java is 8 bytes. If you were to encrypt a double using AES (MS-Doc, defaults to CBC as the mode): var cypherText = AES.Encrypt(123d); // 8…

asked Sep 11 '18 at 12:58

user875234

263
2
6

16

votes

1 answer

Selection of rotation constants in ARX design

My question is about choosing the rotation values in ARX design such as SIMON-like or SPECK-like ciphers to provide optimal differential and linear immunity. According to this, the selection of $a$ and $b$ values (shown in SIMON-like figure below)…

asked Aug 29 '18 at 16:51

hardyrama

2,126
1
16
40

16

votes

2 answers

What are zk-STARK's?

The zk-STARK is a proof zero-knowledge proof system that, in contrast to the zk-SNARK, no longer relies on a trusted setup where the "toxic waste" parameters are initialized. What are, in layman's terms, the basic building blocks of the zk-STARK,…

zero-knowledge-proofs

asked Mar 10 '18 at 22:00

CRYPTONEWBIE

468
3
12

Most Popular