Highest Voted Questions - Cryptography Stack Exchange

14

votes

1 answer

Why are Jacobian Coordinates used?

I couldn't find this explained in another question, but is there an actual reason as to why Jacobian coordinates are used for elliptic curves? Do they provide some sort of advantage in terms of performance? Or are they easier to use for security…

elliptic-curves

asked Jun 25 '18 at 01:00

Lev Knoblock

423
5
17

14

votes

0 answers

Why does Telegram roll its own crypto?

Telegram recently updated its symmetric-key encryption scheme MTProto, which seems to fix some known vulnerabilities. Nevertheless, I still do not understand why they roll their own crypto. What properties/advantages do they gain from their homemade…

asked Jun 19 '18 at 21:24

Shan Chen

2,715
1
12
17

14

votes

2 answers

What are the risks of using CTR mode with 64 bit blocks?

On DJB's blog he writes: I was one of about 40 people sitting in a meeting where the speaker, NSA's Louis Wingers (one of the Simon and Speck authors), falsely claimed that counter mode is safe for 64-bit blocks, since counter mode doesn't have…

asked Jun 03 '18 at 04:55

Future Security

3,313
1
8
26

14

votes

2 answers

What's the difference between rsa_pss_pss_* and rsa_pss_rsae_* schemes?

I'm trying to understand the difference between rsa_pss_pss_ and rsa_pss_rsae_. The picture shows the extension of TLS1.3's ClientHello. I view the OpenSSL code and find the rsa_pss_rsae_* scheme is corresponding to the scheme in Section 8.1 in…

asked Apr 26 '18 at 04:09

Nail Jay

317
1
2
8

14

votes

1 answer

What was NIST’s reason to switch naming from MD… (Message Digest) to SHA… (Secure Hashing Algorithm)?

When NIST introduced SHA-0 in 1993, they – for the first time – switched their naming convention from MD-n to SHA-n. Since both point to similar constructions (read: hashing algorithms with the same cryptographic goals), I am wondering why NIST…

asked Mar 14 '18 at 17:21

e-sushi

17,891
12
83
229

14

votes

2 answers

Why are finite groups used in cryptography?

Most of the cryptographic schemes I know are all based on group theory, e.g. they use finite groups. Can someone explain why is that the case? And why not base the schemes on elements and operations say from natural numbers or some other infinite…

asked Jan 06 '18 at 12:06

dave

149
1
3

14

votes

2 answers

Can one claim that AES has perfect secrecy for a key size and message size of 128 bits?

While looking at this question I discovered the following here (question 5), and wanted to ask it as a separate question. Alice knows that she will want to send a single 128-bit message to Bob at some point in the future. To prepare, Alice and…

asked Dec 20 '17 at 10:52

daniel

912
5
15

14

votes

2 answers

How safe are Libsodium Crypto Boxes?

I am currently working on a huge PHP project and we are seriously considering to use the Libsodium PHP library in it. My question is related to the "sodium crypto box" functionality. We would use this functionality to implement public key…

libsodium

asked Nov 07 '17 at 09:41

abc

331
3
8

14

votes

3 answers

Deciphering the RSA encrypted message from three different public keys

I have three different 1024-bit public keys with common exponent $e$ but different moduli. A message $m$ is encrypted (without padding) using the three keys, which results in three different encrypted messages. Given the three pairs of public keys…

asked Oct 24 '17 at 04:49

user3719749

143
1
1
5

14

votes

1 answer

argon2 vs scrypt

It's a fact that scrypt and argon2 are the two dominant memory hard KDFs. But which one of them is more recommendable for password hashing? scrypt is older and as far as I know resistant to almost every kind of hardware based attack. But vulnerable…

asked Aug 09 '17 at 18:23

Richard R. Matthews

4,455
7
29
47

14

votes

1 answer

Dead-Man's Switch Cryptography?

I was looking at Time Capsule cryptography? and came up wth this idea. Question: Is there a way to store a secret such that the creator must update it or the secret will be decrypted and anyone can access it? Example: I use this algorithm to encrypt…

asked Jun 11 '17 at 17:39

edggy

453
2
10

14

votes

2 answers

AES vs RSA - Which is stronger given two scenarios?

Let's say we have some plaintext. Let's say that we encrypt this plaintext with a random 32 byte key using AES-256. Let's say that we also encrypt this plaintext with an RSA 2048 public key. If only the cipher text was known, which of these would be…

asked Jun 05 '17 at 22:50

user48579

149
1
1
3

14

votes

3 answers

Why are only lattice problems used in cryptography?

There are thousands of NP-hard problems out there. Why have only lattice problems been applied to cryptography?

asked Mar 30 '17 at 02:51

Little Nan

239
1
3

14

votes

2 answers

Interesting implementation practices in popular crypto library

So reading through the salsa20 implementation for the crypto library for go-lang, I noticed something interesting. Specifically this portion. It looks like something I would expect from someone learning programming. They took 80 lines of code of…

asked Mar 10 '17 at 16:56

abrahimladha

195
8

14

votes

2 answers

ed25519 ssh public key is always 80 characters long?

I am creating some ssh keys using ed25519, something like: $ ssh-keygen -t ed25519 $ ssh-keygen -o -a 10 -t ed25519 $ ssh-keygen -o -a 100 -t ed25519 $ ssh-keygen -o -a 1000 -t ed25519 But I notice that the output of the public key is always the…

asked Mar 09 '17 at 10:30

nbari

255
1
2
8

Most Popular