Highest Voted Questions - Cryptography Stack Exchange

14

votes

3 answers

Why does GMP only run Miller-Rabin test twice when generating a prime?

In mpz_nextprime(), after some sieving with small primes, an MR test function is called, with the number of trials set to 25 (https://github.com/alisw/GMP/blob/master/mpz/nextprime.c#L118): if (mpz_millerrabin (p, 25)) goto done; But…

prime-numbers

asked Dec 01 '22 at 23:48

fjarri

289
1
6

13

votes

5 answers

Hash paradox in an image file that contain hash text?

Is it possible to include a hash digest visibly in an image, such that the hash of the image itself is that same digest? When we draw the text of the hash in the image, we will of course change the hash of the image at the same time, because as we…

asked Jan 30 '22 at 07:18

Muhammad Ikhwan Perwira

255
2
8

13

votes

5 answers

What is wrong with XOR encryption with secure PRNG?

Suppose I want to encrypt a message with a password. Couldn't I just XOR the bytes with bytes from a cryptographically secure pseudorandom number generator (CSPRNG) with seed being the password, or a hash of it? I can't see anything wrong with…

asked Jan 07 '22 at 12:45

newb

141
1
5

13

votes

1 answer

understanding forking lemma

Every time when I read a paper that has digital signature, when it comes to prove the security of a digital signature scheme, many chances that the author will use the forking lemma. The forking lemma says as follows: Let $\mathcal A$ be a…

asked Jul 30 '13 at 15:00

T.B

1,292
13
24

13

votes

1 answer

Does the GCM authentication tag need to be protected?

I am just learning about the GCM mode of AES and I'd like to start using it in my software. However, I have a question about its use. As I understand it the output of a GCM encryption operation is the ciphertext plus an "authentication tag." I…

asked Jul 29 '13 at 15:02

Isaac

133
1
5

13

votes

2 answers

Why does Shamir's Secret Sharing Scheme need a finite field?

I read ampersand's question "Necessity for finite field arithmetic and the prime number p in Shamir's Secret Sharing Scheme", where he asked why Shamir's Secret Sharing Scheme uses arithmetic in a finite field of prime order. The answers to that…

asked Jul 18 '13 at 08:50

Herc11

185
1
7

13

votes

2 answers

Efficient Incremental Updates to Large Merkle Tree

I have a data set with 300 Million entries and every 5 minutes 4000 random entries in this table change. I need to calculate the merkle root on this data set to validate integrity multiple times every 5 minutes. Assuming sha224 hashes this would be…

asked Jul 13 '13 at 04:45

bytemaster

233
2
5

13

votes

3 answers

Building a hard to factor number without knowing its factorization

It is possible to find an efficient algorithm for constructing a provably hard to factor number $N$, together with a witness that shows that it is indeed hard to factor. EDIT, since it was not clear: I also want to be sure that even the person that…

number-theory

asked Jul 12 '13 at 20:53

minar

2,202
14
25

13

votes

1 answer

AES-SIV security

I am invesigating the AES-SIV (rfc 5297) based block cipher. The construction of the S2V is lying on the AES-CMAC and dbl and XOR operation. Given a AAD the size of L and in the 128bit block operation, I have some concern that if the L<16bytes, the…

asked Jul 12 '13 at 18:45

user7453

131
1
4

13

votes

2 answers

Is a small size block cipher usable?

Consider a block cipher with a key of size 128 bits but a small block size, say 32 bits. Is this kind of block cipher secure? I would like to know to what extent I can use a small block cipher, like a 32 bit block cipher. What are the constraints…

asked Jun 19 '13 at 14:07

Dingo13

2,867
3
27
46

13

votes

2 answers

More than one private key for RSA

In an RSA-encryption scenario, Bob's public key pair $(n, e)$ is $(143, 43)$. An attacker Mallory tries brute-force and comes to $d = 7$ as the private key. The value of $φ(143) = 120$ is not known to Mallory. However from $43 \cdot d \equiv 1…

asked Jan 17 '21 at 17:40

user86295

131
1
4

13

votes

1 answer

What does "running in polynomial time" really mean?

I'm currently learning private-key cryptography. I've been able to see that perfect secrecy is achievable if no assumption is made about the computational power of the attacker. However, perfect secrecy is quite heavy to use, so we relax our…

asked Jun 07 '13 at 10:09

Backslash36

231
2
6

13

votes

1 answer

Formally, what is AES?

AES is supposed to be a symmetric key block cipher. The theoretical counterpart to this is a pseudorandom permutation. I'd like to say that AES is a PRP (well, supposedly at least), but that doesn't seem correct; while there are larger variants of…

asked Nov 12 '20 at 04:56

extremeaxe5

249
1
5

13

votes

1 answer

How did the Koblitz/Menezes papers affect the cryptography community?

Two highly-critical papers by Koblitz and Menezes (two well-regarded mathematicians who've contributed to the crypto community) were published years ago: Another Look at “Provable Security” in 2004, Another Look at “Provable Security”. II in…

provable-security

asked Sep 29 '11 at 03:19

Fixee

4,158
2
25
39

13

votes

2 answers

Why OpenSSH prefers ECDSA nistp256 keys over -384 and -521, and those over Ed25519, for host key verification?

According to ssh_config(5), HostKeyAlgorithms “specifies the host key algorithms that the client wants to use in order of preference ... The default for this…

asked Sep 30 '20 at 16:03

squirrel

331
1
2
9

Most Popular