Highest Voted Questions - Cryptography Stack Exchange

15

votes

1 answer

How to generate own secure elliptic curves?

I know that the algorithm used to generate the Brainpool curves and the NIST curves is published. The algorithm should be this one (RFC5639 Appendix A). From what it looks like it's rather slow to find secure parameters. After some research I've…

asked Jun 16 '15 at 17:08

SEJPM

45,967
7
99
205

15

votes

1 answer

Logjam on Elliptic Curves?

I think we're all aware of the Logjam attack. From now on we know that re-using primes for DH is a bad idea. But we also say that elliptic curves are safe from the attack (relying on the NFS), because it cannot be applied. I understand this. Now in…

asked May 22 '15 at 18:19

SEJPM

45,967
7
99
205

15

votes

2 answers

The effect of truncated hash on entropy

Suppose I have a 128-bit random binary string (128 bits of entropy), then I hash it using SHA-256, then I take the first 128 bits of the output hash. Does the taken bit string still have (almost) 128 bits of entropy or the entropy is reduced to 64…

asked Mar 26 '15 at 20:50

user40602

517
4
12

15

votes

1 answer

Parallel Pollard's Rho: Number of distinguished points

When using the parallel version of Pollard's Rho algorithm for discrete logs, each processor performs its own random walk to find distinguished points, and reports the starting point and the distinguished point to the server. If two processors…

asked Feb 01 '15 at 05:25

user13741

2,627
11
16

15

votes

2 answers

How were shift amount constants in MD5 found?

The md5 specification gives a series of 4 rounds to execute over a 16-word block. Each round has a repeating sequence of 4 shift amounts (s in [abcd k s i]) : 7, 12, 17 and 22 for the round 1 5, 9, 14 and 20 for the round 2 4, 11, 16 and 23 for the…

asked Dec 22 '14 at 07:48

Antoine Catton

273
1
9

15

votes

4 answers

Are any of the major asymmetric ciphers distinguishable (EG, RSA, ECC)?

Related to "Is it possible to derive the encryption method from encrypted text?". Given ciphertexts generated by any of the major asymmetric ciphers (RSA, ElGamal, ECC, etc..) can these ciphertexts be distinguished from random noise? Justify why,…

asked Jul 19 '11 at 23:07

Ethan Heilman

2,276
1
20
40

15

votes

0 answers

Given a 'good' basis for a lattice, how can we solve the CVP?

I'm doing a little bit of reading about lattices. I read that if we can find a 'short' basis for our given lattice, we can solve CVP and SVP very efficiently. However, the paper didn't describe an algorithm. Can anyone briefly describe an algorithm…

asked Aug 01 '14 at 03:23

pg1989

4,636
23
42

15

votes

1 answer

Compact digital signature for noisy data

The question asks for a signature scheme, with a public verification procedure, that is tolerant to minor alterations of the signed data during its transmission [possibly in analog form over some noisy channel], where the signature is a small…

signature

asked Jun 11 '14 at 22:17

fgrieu

140,762
12
307
587

15

votes

1 answer

RSA cracking: The same message is sent to two different people problem

Suppose we have two people: Smith and Jones. Smith public key is e=9, n=179 and Jones public key is e=13, n=179. Bob sends to them a message $M$. The encrypted message $C_s$ to Smith is 32. The encrypted message $C_j$ to Jones is 127 I tried to…

rsa

asked Jan 10 '12 at 09:33

Tomas

153
1
1
5

15

votes

1 answer

Understanding how SHA-512 achieves its design goals

The Wikipedia entry on SHA-2 contains a usable pseudocode recipe. In the hope of some deeper understanding, I implemented SHA-256 and SHA-512 from it. This was helpful, but I still don't think I have joined together my understanding of how the…

asked May 02 '14 at 11:35

Neil Slater

1,119
8
20

15

votes

2 answers

Cycle attack on RSA

I originally posted this question in the mathematics section, you can see it here. Let $p$ and $q$ be large primes, $n=pq$ and $e : 0

asked Jan 04 '12 at 22:17

Emilio Ferrucci

253
2
6

15

votes

2 answers

Why is there an enormous difference between SAT solvers?

SAT solvers are very important in algebraic attacks, for example walksat and minisat. However, when solving the benchmark problems available here there is an enormous performance difference between the two - Walksat is much faster than minisat for…

algebraic-attack

asked Jul 17 '11 at 14:47

ir01

3,992
3
21
31

15

votes

3 answers

ElGamal: Multiplicative cyclic group and key generation

Here on the ElGamal wikipedia page http://en.wikipedia.org/wiki/ElGamal_encryption Alice generates an efficient description of a multiplicative cyclic group G, of order q, with generator g. How is this done? What are some of the properties here?

asked Dec 12 '11 at 20:36

Bobby S

1,943
4
23
30

15

votes

3 answers

If PGP and GPG both follow the OpenPGP standard, are they 100% compatible in all use cases?

If someone gives me their PGP key, can I use it with GPG, and vice versa, all the time (100% interchangeable)? Or are there times when they are not compatible, when only PGP can be used with a PGP key, and only GPG used with a GPG key?

asked Jan 24 '14 at 23:48

trusktr

261
1
2
6

15

votes

3 answers

Security of simple xor and s-box cipher?

What weaknesses (or strengths) do block ciphers based on only key xor and s-box have when operating in CBC mode? A cipher's internal primitive might be a simple as this: $C = S[M \oplus k]$, where $C$ is ciphertext, $M$ is the plaintext message, $k$…

asked Nov 23 '11 at 13:14

Polynomial

3,527
4
29
45

Prev 1 2 3

…

99 100 Next

Most Popular