Cryptography Stack Exchange
Cryptography Stack Exchange

Most Popular

more tags
1500 questions
12
votes
3 answers

Smallest possible certificate for IoT device

I'm developing an IoT system that uses small nodes connected through RF. This allows messages under 250 bytes long. You can check it at https://github.com/gmag11/EnigmaIOT. All messages are encrypted using ChaCha20+Poly with a dynamic key obtained…
gmag11
  • 121
  • 1
  • 3
12
votes
13 answers

Cryptography elements needed for a story

Note: following Maarten Bodewes's answer, I edited this post to make it clearer. I'm writing something partly driven by the need to crack a few encrypted files. This is what needs to happen in the story: There are two parties involved that are…
Nicola
  • 369
  • 1
  • 8
12
votes
3 answers

Error-correcting Code VS Lattice-based Crypto

I'm not an expert in PQ-crypto, but as I understand error-correcting code and lattice-based crypto, the cryptographic assumptions are very similar. The key difference for me is the nature of the noise. In one case, the noise is inspired by the…
Ievgeni
  • 2,585
  • 1
  • 10
  • 32
12
votes
1 answer

Why does SHA2-224 use different IV's than SHA2-256?

Given that it's otherwise just a truncation, I can guess that being able to compute the 224 value from the 256 value is an unwanted property, but that's just speculation.
hanshenrik
  • 507
  • 4
  • 16
12
votes
3 answers

What happened to Poly1305AES? Is it obsolete?

I've been told that Poly1305AES is a great choice of MAC for constrained (embedded) environments. I'd checked out DJB's writing on it briefly, and have to say that I found its simplicity likeable, performance convincing & security proofs rigorous…
ulidtko
  • 349
  • 2
  • 10
12
votes
2 answers

Are there any signature schemes for underpowered devices (8-bit microcontroller)?

I am currently researching into a small scale home automation system, aiming for cost. The system architecture is basically one master and several slaves which are connected in parallel. Recently i've bumped into the natural question of system…
Bruno Morais
  • 223
  • 2
  • 7
12
votes
1 answer

Efficient decoding of irreducible binary Goppa codes and the role of matrix P in McEliece cryptosystem

If we assume that the support for an irreducible binary Goppa code $\gamma_1, ..., \gamma_n$ is publicly known, when is it possible to efficiently decode the code? I know it's possible if one knows the generator polynomial $g(x)$, and also, if one…
Zuzana
  • 121
  • 2
12
votes
2 answers

Are there any Secp256k1 ECDSA test examples available?

Are there any available test cases for testing elliptic curves like secp256k1 (Korblitz curves from http://www.secg.org/collateral/sec2_final.pdf)? For curves like P192 there are for example those values: http://point-at-infinity.org/ecc/nisttv…
ThePiachu
  • 1,679
  • 2
  • 18
  • 25
12
votes
2 answers

Why does SSH authentication protocol send a challenge message instead of using digital signature to verify client

Why does SSH authentication protocol choose to have the server with the public key send a challenge message encrypted with this public key of the client instead of having the client send a message signed with it's private key along with client ID…
user855
  • 351
  • 4
  • 7
12
votes
3 answers

SHA3-255, one bit less

I need a SHA3-255 or 511. What if I simply truncate a standard SHA3-256 or 512? Apart from the doubled probability of hash collision, are there any other things I should be aware of? I could also truncate one byte instead of one bit, if useful. What…
ragazzojp
  • 413
  • 4
  • 8
12
votes
2 answers

How should one implement a delegated shared trust protocol?

Consider the following (probably naive) scenario. Alice, who is very limited in her knowledge of security in general (clueless about securing a private key for example), wishes to delegate certain contractual operations to Trent, an apparent trusted…
Gary
  • 853
  • 1
  • 6
  • 12
12
votes
4 answers

Is there any protocol for proving that a message was written at a certain time?

Does there exist a way to cryptographically prove that a message was written at a certain time? I know that one can write messages in bitcoin transactions to that the message is preserved in the blockchain, which can be used to prove the message was…
Christine Sheng
  • 121
  • 2
12
votes
3 answers

Examples of protocols that are insecure when run concurrently

I was reading Canetti00 Universally Composable security paper. The first page of introduction says that there are some MPC protocols and Zero knowledge protocols that are insecure under concurrent composition. I don't see why protocols might break…
satya
  • 1,404
  • 10
  • 30
12
votes
0 answers

Why does the Signal protocol use AES/CBC instead of AES/GCM?

AES/GCM has obviously proved itself to be better than AES/CBC. Unless the key is re-used with the same initialization vector (see disadvantages of GCM). More information on its advantages against CBC can be found in source 1 and source 2. Now, most…
OughtToPrevail
  • 344
  • 3
  • 17
12
votes
3 answers

How does AWS Secret key and access key work

Those keys are too short to be public/private RSA keys. What are they? How does it use them to authenticate the client? My guess is: AWS access key ID is a form of unique user/account identifier AWS secret key is like private key When AWS CLI sends…
user855
  • 351
  • 4
  • 7
1 2 3
99 100