Highest Voted Questions - Cryptography Stack Exchange

15

votes

1 answer

Should I be using PKCS1 v1.5 or PSS for RSA signatures?

I am implementing an application where a user needs to sign some data that they have created, store it in an untrusted place, then later retrieve that data and verify it is still authentic before using it. The user already has a RSA keypair for…

asked Jun 17 '17 at 19:42

izzle

591
1
4
12

15

votes

4 answers

Generate ANF from SBox

Given an SBox, how can I generate its component equations (in ANF)? For example, let's say I have this SBox: 6, 4, 7, 8, 0, 5, 2, 10, 14, 3, 13, 1, 12, 15, 9, 11 Then, the equations are: $y_0 = x_1 \oplus x_0x_1 \oplus x_0x_2 \oplus x_1x_2 \oplus…

asked Jun 04 '17 at 04:07

hola

603
6
22

15

votes

2 answers

What is the correct way to implement PBKDF2 + AES CBC + HMAC?

I've been doing a lot of reading on the proper way to implement AES CBC mode with HMAC authentication. I've seen many explanations, however, I've had a hard time finding an actual real example (with code) on all steps including key derivation,…

asked Apr 27 '17 at 00:50

izzle

591
1
4
12

15

votes

3 answers

Is there a specification for the "BEGIN RSA PRIVATE KEY" format?

Until now I didn't find a specification (RFC or similar) for the file format that uses the BEGIN RSA PRIVATE KEY prefix and END RSA PRIVATE KEY suffix. Where is it defined? Is there an official name for it? It seems to be at least related to the…

rsa

asked Apr 25 '17 at 10:44

Gustave

260
1
2
7

15

votes

2 answers

Storing Parameters In Argon2 Hash As Potential Security Issue?

I'm really trying to make sure that I follow best practices when it comes to password storage, and after some looking around for a good algorithm, I found that Argon2 was the "next big thing". I've been testing it out within VB.Net using the NuGet…

asked Feb 01 '17 at 17:12

Nameless

153
1
1
6

15

votes

3 answers

Expected entropy in $P(x)\oplus x$ for random $x$, where $P$ is a random permutation

Let $P$ be a random permutation of $n>1$ bits. Let $F$ be the function on the same domain $\{0,1\}^n$, defined by $F(x)=P(x)\oplus x$. When $P$ is a block cipher with key a message block, that's the Davies-Meyer construction of a one-way compression…

asked Jan 31 '17 at 10:21

fgrieu

140,762
12
307
587

15

votes

4 answers

Best choice out of these six TLS cipher suites

I have a small embedded platform that supports 6 TLS ciphers. Is there a good/better/best one to chose? I was looking around on the web for some kind of rating system or list of ciphers that have known weaknesses, but I couldn't find much. Back to…

asked Dec 29 '16 at 04:53

user554242

153
1
1
6

15

votes

4 answers

Why is Shamir Secret Sharing not secure against active adversaries out-of-the-box?

This linear secret sharing scheme allows us to share a secret between n parties, such that only an honest majority can reconstruct it. I understand that – because I do not allow the user to certify the authenticity of the shares nor the value they…

asked Dec 02 '16 at 18:18

DaWNFoRCe

872
6
17

15

votes

2 answers

Is the Caesar cipher really a cipher?

In this lecture by Dan Boneh on Coursera it was stated at minute 03:37 that The Caesar cipher, actually, is not a cipher at all. And the reason is that it doesn't have a key. What a Caesar cipher is, is basically a substitution cipher where the…

asked Nov 14 '16 at 22:17

Pichi Wuana

261
2
6

15

votes

3 answers

Can or can not D-Wave's quantum computers use Shor's and Grover's Algorithm to find encryption keys? Why?

I read that a company called D-Wave Systems has and is manufacturing quantum computers of 128 qubits. Can they or can they not use Shor's and Grover's algorithms for finding RSA-keys? If they can't then why not? And how come it was so hard for the…

asked Oct 22 '16 at 13:20

user128226

183
1
7

15

votes

1 answer

What is complexity leveraging

Complexity leveraging is a technique that is generally used to prove adaptive security of a selectively secure scheme. Eg: We can prove adaptive security of Yao's garbling scheme using complexity leveraging. Many papers mention about complexity…

asked Oct 17 '16 at 10:47

satya

1,404
10
30

15

votes

1 answer

How to create a decentralized secret ballot among a small group of people?

A small (< 100) group wants to implement an election. For that, each participant must vote in one of N candidates. After everyone has voted, they must be able to determine a winner; yet, nobody must be able to determine the vote of someone else.…

asked Aug 09 '16 at 03:31

MaiaVictor

1,345
8
16

15

votes

4 answers

Which public key cryptosystems are not based on number theory?

Are there any public key cryptographic systems whose hardness assumptions don't involve number theoretic problems?

public-key

asked Jun 27 '16 at 15:58

Elliot Gorokhovsky

375
2
11

15

votes

2 answers

Why is synthetic IV (SIV) mode considered deterministic authenticated encryption (DAE)?

I was just going over my (old) notes from Coursera's Cryptography I course, and I was puzzled by the description of SIV as providing deterministic authenticated encryption (DAE). The general SIV construction shown is to first compute a MAC over the…

asked Jun 14 '16 at 15:27

Neil Madden

547
3
12

15

votes

3 answers

Do key collisions for symmetric ciphers exist?

I'm not sure if I'm calling the thing (key collisions) correctly, and that's probably why I couldn't find any information about it on Google. Still, my question is as follows. Note that I don't work with encryption right now and I'm not going to…

symmetric

asked Jun 06 '16 at 11:27

Vladimir Matveev

253
2
7

Most Popular