Highest Voted Questions - Cryptography Stack Exchange

13

votes

3 answers

How are points on an elliptic curve discretized?

I'm a working programmer (read: a person without a maths degree) trying to get a better grasp on elliptic curves specifically in the context of elliptic curve cryptography (though to be clear, this is for personal development — I'm in no way trying…

elliptic-curves

asked Aug 10 '20 at 04:56

QuartzCrystal

133
1
7

13

votes

1 answer

Safely sorting secret data

Suppose you have a secret list of n distinct integers. How would you sort this list in a way that is not vulnerable to timing attacks? I tried looking up "constant time sorting" and other related queries but that expectedly lead nowhere.

asked Jul 09 '20 at 21:08

Kai Arakawa

145
9

13

votes

7 answers

Can I encrypt a message by swapping bits in the text?

I have tried out an encryption method, in which I swap bits in the text. The text length is N bit, then I generate several random number pairs in the range 0..N-1, as [n,k] pairs. After that, I swap the n-th and k-th bits in the message, if they are…

asked Jun 01 '20 at 20:06

Konstantin

239
2
4

13

votes

0 answers

RSA key such that pi deciphers to your name per RSA-OAEP

Can you efficiently construct an RSA public/private key pair with $8k$-bit public modulus such that $C=\left\lfloor\pi\,2^{8k-2}\right\rfloor$ deciphers per RSA-OAEP to your name as a bytestring in ASCII or UTF-8? The decryption must be per…

asked Apr 23 '20 at 11:22

fgrieu

140,762
12
307
587

13

votes

2 answers

Can a computationally unbounded adversary break any public-key encryption scheme?

Assume there is a public-key encryption scheme $(KeyGen, Enc, Dec)$ with perfect correctness (i.e., for all messages M and valid key-pairs (PK,SK), we have $Dec_{SK}(Enc_{PK}(M))=M$). Will there always be a function $A$ such that for all messages M…

asked Sep 24 '11 at 21:25

huyichen

773
1
6
16

13

votes

4 answers

Why are good passwords required if we use good hashing algorithms?

Again and again are we adviced to make good passwords: At least 12 chars, numbers, signs, upper and lowercase. But why is that really needed? I can see the need, if the system uses a hashing algorithm that can be implemented in ASIC, where an…

password-hashing

asked Dec 20 '19 at 10:07

Ole Tange

331
6
14

13

votes

0 answers

How Significant is the New Quasi-Polynomial-Time Attack on Fixed Characteristic Discrete Logarithms?

There is a new paper by Kleinjung and Wesolowski on eprint that claims and proves a new attack on the discrete logarithm problem in finite fixed characteristic fields in quasi-polynomial time. Concretely a run-time of $$(pn)^{2\log_2n+O(1)}$$ is…

asked Jun 26 '19 at 11:31

SEJPM

45,967
7
99
205

13

votes

0 answers

RSA factorization with special primes

Suppose that primes for RSA modulus are generated using formula: $P_i(x,y) = \operatorname{next\_prime}(x^{z_i}+y^{z_i}) = x^{z_i}+y^{z_i}+d_i$ where $x,y$ are unknown random numbers with size 128 bits $z_i$ - are known small integers exponents,…

asked Jun 12 '19 at 20:36

Kamil Pliszka

131
4

13

votes

2 answers

SHAKE-128/256 or SHA3-256/512

Would it be better to use SHAKE-128/256 or SHA3-256/512? In what situation should I chose one over the other?

asked May 15 '19 at 18:36

Alejandro Martinez

141
1
6

13

votes

3 answers

What is Identity-Based Encryption (IBE) and why is it "better"?

Most CS/Math undergrads run into the well-known RSA cryptosystem at some point. But about 10 years ago Boneh and Franklin introduced a practical Identity-Based Encryption system (IBE) that has excited much of the research community and produced a…

asked Sep 16 '11 at 16:47

Fixee

4,158
2
25
39

13

votes

3 answers

Why was the term "discrete" used in discrete logarithm?

Is there anything especially "discrete" about a discrete logarithm? This is not a question of what is a discrete logarithm or why the discrete logarithm problem is an "intractable problem" given certain circumstances. I'm just trying to determine if…

asked Apr 15 '19 at 20:09

JohnGalt

546
4
10

13

votes

2 answers

Does secp256k1 have any known weaknesses?

I am wondering whether there are any properties of the curve which would technically make it easier to attack than any other curves of 256 bits in size. I have heard that being a Koblitz curve, it has a few bits weaker security than some other…

asked Mar 24 '19 at 23:28

Matt

245
2
5

13

votes

1 answer

How would one crack a weak but unknown encryption protocol?

I asked a question on security.stackexchange, but was told it would be a better fit here: https://security.stackexchange.com/questions/32779/how-would-one-crack-a-weak-but-unknown-encryption-protocol My question is: Assume I'm an attacker trying to…

asked Mar 19 '13 at 22:08

Ram Rachum

269
1
5

13

votes

2 answers

What motivated the creation of RSA and ECDH?

Recently I've been learning about cryptography and so far I am loving it. However, there are some things I do not comprehend. As far as I know, RSA was published in 1979 while New Directions on Cryptography by Diffie and Hellman was published in…

asked Jan 27 '19 at 01:52

a-lawliet

151
4

13

votes

3 answers

What happens for factoring algorithms if P=NP?

If someone ever demonstrates that P=NP, will it give us a polynomial factoring algorithm, or will it only tell us that such an algorithm exists, but we still have to find it?

asked Nov 05 '18 at 11:45

tyuil

217
2
5

Most Popular