Highest Voted Questions - Cryptography Stack Exchange

12

votes

3 answers

Mapping between subgroups and the integers

This question is a companion to the equivalent question on elliptic curves. Preliminaries Diffie-Hellman, Elgamal, DSA, etc. are examples of protocols that work in the integers modulus a large prime $p$. However, for security reasons, we do not use…

asked Sep 09 '11 at 16:55

PulpSpy

8,617
1
30
46

12

votes

5 answers

How to use proof of lack of knowledge?

This is a purely hypothetical example but is provable ignorance useful in cryptography? For example, let's say I have a trapdoor collision resistant function. I know the trapdoor and therefore some $x_0 \neq x_1$ such that $f(x_0) = f(x_1)$. This is…

protocol-design

asked Nov 30 '18 at 12:13

user1936752

737
1
4
16

12

votes

1 answer

Relation between entropy and min-entropy

I understand that the entropy is the number of bits that can encode a set of messages. However, I don't understand what the min-entropy is and how it is related to entropy. Let's describe a simple password case: if a password is 100 random bits, is…

entropy

asked Nov 08 '18 at 11:14

graphtheory92

773
5
14

12

votes

1 answer

Why does gnupg create 4 separate keys and what does sub and ssb mean?

When using gpg to create a single key, I get: $ gpg --list-keys ------------------------------- pub 2048R/0C0EA301 2018-01-01 uid [ultimate] sub 2048R/023A0509 2018-01-01 $ gpg --list-secret-keys ------------------------------- sec …

asked Oct 14 '18 at 07:12

zcaudate

233
2
6

12

votes

1 answer

Algorithm to factorize $N$ given $N$, $e$, $d$

I have an RSA public key (public modulus $N$ and public exponent $e$), and the private exponent $d$ of matching private key. How can I compute $p$ and $q$, the primes factor of $N$ ?

asked Sep 19 '18 at 05:45

user61922

123
1
4

12

votes

1 answer

What was the BassOmatic cipher, and what made it so weak?

According to Wikipedia, this homebrew cipher was originally used in PGP, before Phil Zimmermann replaced it with IDEA. Supposedly, insecurities in the algorithm were pointed out to him, leading to this change. While I have read the PGP 1.0 source…

asked Sep 01 '18 at 00:41

forest

15,253
2
48
103

12

votes

3 answers

How small is negligible?

When proving theorems in crypto we often make use of the concept of negligible functions or, more simply, negligible parameters. As a rule of thumb, given today (2018) computational power, what is the smallest inverse power of 2 that we can consider…

asked Aug 24 '18 at 20:46

Rexcirus

313
3
12

12

votes

2 answers

Streaming API to authenticated encryption

In regards to NaCl, I asked DJB he had any intent to add a streaming API to an authenticated cipher. His response was obvious in retrospect, that one should never release a decrypted plaintext before verifying the authenticator. However, this got me…

asked Jan 16 '13 at 20:19

Stephen Touset

11,002
1
38
53

12

votes

2 answers

Why is DES not an ideal cipher?

From Cryptography I on Coursera, Week 2, "Exhaustive Key Search Attacks": Now let's assume that DES is what's called an ideal cipher [...] Of course, DES is not a collection of 2^56 random functions Prof. Boneh doesn't offer any explanation of…

des

asked May 30 '18 at 16:00

0x00

407
2
8

12

votes

1 answer

What is the curve type of SECP256K1?

This is possibly a dumb question. I'm trying to input SECP256K1 curve parameters to a system that expects any custom curve. The form is asking for "curve type". It offers three options: Short Weierstrass Twisted Edwards Montgomery What should I…

asked Apr 19 '18 at 19:25

fernacolo

265
2
6

12

votes

3 answers

Symmetric cipher key size vs number of rounds. Longer key = more secure cipher?

I would have questions related to discussion under this article. Bruce Schneier answered questions regarding key size vs number or rounds: Why do you need more rounds with longer keys? And how did you come up with these seemingly arbitrary numbers…

asked Apr 16 '18 at 12:42

Jolinar

222
1
7

12

votes

2 answers

Why did Histiaeus tattoo his slave's head?

The story is often told that Histiaeus tattooed a secret message on his slave's head, waited for his hair to grow back, then sent him off to Miletus. Why would he have done this? The story is usually cited as an early historical example of…

asked Mar 26 '18 at 18:42

TypeIA

231
2
7

12

votes

2 answers

Why does Signal repeatedly hash the secure passphrase?

Background: I'm working on creating a small program to extract my messages from Signal's newly-added (beta) encrypted backup feature. In the Signal codebase for their Android app, I noticed that instead of just hashing both the salt and passphrase…

asked Mar 20 '18 at 19:39

Aster

231
2
6

12

votes

2 answers

Why is SHA-3 a Sponge function?

A sponge function is supposed to be able to generate an arbitrary length of output. Yet, SHA3 (Bouncycastle) constrains me to choose an output length between 224, 256, 384, and 512. Evidently, these are not arbitrary lengths. How then is SHA3 a…

asked Mar 11 '18 at 14:00

user56848

121
1
3

12

votes

4 answers

Efficient hardware implementation of real-time asymmetric video encryption

I want to encrypt video directly at the source where it is being captured, e.g. inside a video camera. This way I can transmit the encrypted stream over WiFi securely. I could use AES on the chip inside the camera, but this would be open to an…

asked Mar 04 '18 at 18:49

Ventures Joe

193
2
8

Most Popular