Highest Voted Questions - Cryptography Stack Exchange

16

votes

1 answer

Difference between “ECDH with cofactor key” and “ECDH without cofactor key”?

I need to use “ECDH with a cofactor key” for generating symmetric key. I have a fair idea on how ECDH works, but I don’t understand the cofactor part. What is the difference between ”ECDH with a co-factor key” and ”ECDH without a co-factor key”?…

asked Jul 19 '14 at 10:15

Kiran

191
2
7

16

votes

2 answers

How much can we compress RSA public keys?

To what degree can we define an RSA variant, with a security argument that it is as safe as regular RSA with a given modulus size $m$ (e.g. $m=2048$), in which the public key has a compact representation of $k\ll m$ bits? We can fix the public…

asked Jan 18 '12 at 22:52

fgrieu

140,762
12
307
587

16

votes

1 answer

how to use common modulus attack?

I am struck with the following problem: Let Alice, Bob, Chris and Eve communicate over a public network. They encrypt all messages they send using RSA system. Bob and Chris have the RSA modulus $n_B$ and $n_C$ respectively with $n_B$ = $n_C$ But…

asked May 20 '14 at 16:17

Shankha Jana

181
1
1
5

16

votes

2 answers

Multiple-prime RSA; how many primes can I use, for a 2048-bit modulus?

In standard RSA, the modulus $n=p_1 p_2$ is a product of two primes $p_1,p_2$ of the same size. Suppose we construct the modulus as a product of multiple primes $p_1,\dots,p_k$, i.e., $n=p_1 p_2 \cdots p_k$, where all the primes are of about the…

asked Apr 25 '14 at 19:44

D.W.

36,365
13
102
187

16

votes

1 answer

Security of KDF1 and KDF2 (hash based KDF's)

It's still common to come across implementations of KDF1 and KDF2. Basically these are KDF's that simply derive multiple keys from the key seed and a counter: $K_i = \operatorname{KDF}(K_{master}, i) = \operatorname{H}(K_{master} | c)$ In this…

asked Apr 19 '14 at 16:41

Maarten Bodewes

92,551
13
161
313

16

votes

1 answer

Has the distributed project "Number Fields @ Home" project benefited cryptography in any meaningful way?

Is there any new understanding, property, or knowledge that has come from the Number Fields @Home distributed computing project? Has any outcome advanced the study of cryptography, or altered previous recommendations? If nothing in particular has…

number-theory

asked Dec 11 '13 at 21:48

makerofthings7

2,621
1
20
36

16

votes

6 answers

How exactly is "true randomness" defined in the realms of cryptography?

Especially in relation to stream ciphers, I frequently read about (sometimes theoretical, sometimes practical) attacks that are able to "distinguish a ciphertext from a truly random stream". What's logical to me is that - just because a ciphertext…

asked Oct 05 '13 at 15:57

e-sushi

17,891
12
83
229

16

votes

4 answers

Is there a cryptographic algorithm that can make a "lottery ticket"?

With public-key cryptography, I know Alice can "seal" a message that only Bob can open. But in that case, Alice knows the message that she is sealing. What if Alice wants to seal a random number which she doesn't know? Could she seal it such that…

asked Aug 11 '22 at 05:49

mherzl

263
2
7

16

votes

2 answers

New paper claims quantum polylog time attack on AES

It is well known that Grover's algorithm can solve AES in $O(\sqrt{n})$ time, which is why symmetric key length needs to be double to maintain their security level in the face of a quantum adversary. A recent eprint paper claims there exists a…

asked Jul 24 '22 at 10:45

lamba

1,365
8
18

15

votes

3 answers

Perfect zero knowledge for the Schnorr protocol?

Can somebody explain (or point to a reference) why the Schnorr protocol cannot be proved zero knowledge?

asked Aug 26 '13 at 19:23

Panagiotis Grontas

843
5
14

15

votes

2 answers

Provably fair card deck used by client and server

Say a server plays a game of blackjack with a client, and the cards are shuffled and dealt by the server. The shuffle itself may or may not be fair, but what needs to be shown is that the cards dealt weren't altered during the course of gameplay,…

hash

asked May 03 '22 at 03:10

user4779

253
2
5

15

votes

7 answers

Is it theoretically possible to construct a string that contains its own hash value?

After saw the xkcd comic Self-Description, I wonder if it is theoretically possible to construct a self-descriptive string that contains its own hash value? Let's say the string's MD5 value is 663ef7d3f38cf900574cd4d9f83eb1b7, the string would be…

asked Aug 22 '13 at 04:58

Mys_721tx

253
2
9

15

votes

2 answers

AES in ECB mode weakness

In a project that I'm currently working on, we are encrypting some data using AES with ECB mode in a database. Each piece of data being encrypted is very small, no more than 10 characters long. Very importantly, each entry of that database is…

asked Oct 14 '11 at 10:26

jjsanchez

253
1
2
5

15

votes

2 answers

Is there an asymmetric encryption protocol which provides arbitrarily many seemingly unrelated public keys for a single private key?

I am looking for an encryption protocol with the following properties. Alice has a private key $x$. Using this private key, she chooses public key $p$ corresponding to this private key. She let's Bob know about this public key. Bob then uses this…

public-key

asked Jul 01 '21 at 07:15

zabop

253
1
9

15

votes

3 answers

At the current time, is SHA256 the de facto standard for strong cryptographic hashes?

At the current time, is SHA256 the de facto standard for strong cryptographic hashes? From what I am seeing of more sites utilizing it, I would suppose the answer to this is yes, but would like to hear what the community here has to say about this…

asked Oct 02 '11 at 00:54

Andrew

293
3
4

Most Popular