Highest Voted Questions - Cryptography Stack Exchange

12

votes

4 answers

Best way to hash two values into one?

I'm trying to hash two unique strings together to create a hash. The most obvious way would be simply to concatenate the two and run a hash function on it: hash = sha256(strA + strB) But I was wondering if this is how most people do it, and if…

hash

asked Jan 30 '18 at 16:13

Vlad

569
1
4
12

12

votes

2 answers

What are the pros and cons of Pedersen commitments vs hash-based commitments?

Obviously, it's possible to create a commitment scheme comm(r, S) by using a hash function H and computing H(S||r). This scheme is secure under the assumption that H is collision and preimage resistant, which (IMO) is a lighter cryptographic…

asked Jan 15 '18 at 19:46

Ian MathWiz

505
3
11

12

votes

3 answers

Has any crypto hash function been proven to be surjective?

This answer claims that "it is not proven that all outputs of SHA-1 are possible." Has any crypto hash function been proven to produce all possible outputs (i.e., to be surjective over the codomain of all possible numbers $[0, 2^n]$, where $n$ is…

asked Jan 11 '18 at 20:02

Geremia

541
1
4
12

12

votes

1 answer

What is the difference between "wrapping" a key and encrypting?

I wanted to implement a way to generate an RSA public/private key pair and protect the private key with a password. Looking into the Web crypto api, I thought the wrapKey/unwrapKey pair was the way to go. But then I got confused, and the…

asked Dec 30 '17 at 21:16

Vlad

569
1
4
12

12

votes

4 answers

How does a client verify a server certificate?

As far as I know, when I request a certificate from Verisign (for example), and after they approved that I is me, they create a certificate (for me) that contains the digital signature and public key. The digital signature is data that was created…

asked Nov 11 '12 at 08:37

Royi Namir

263
1
2
8

12

votes

1 answer

What is a universal hash function?

Short and to the point. I'm assuming that it is not a kind of hash function that can be used universally. After having read about universal hash functions used with the one-time pad to form an authentication scheme, these things have bugged me out.

asked Nov 09 '17 at 02:45

Melab

3,655
2
22
44

12

votes

2 answers

Why is there the option to use NIST P-256 in GPG?

I am surely not an expert on the field, but I heard some people say that NIST P-256 somehow has backdoors. I don't know about the seriousness of this claim; maybe it's just a conspiracy theory. If there is some truth to the hearsay, why is NIST…

asked Nov 09 '17 at 01:57

Richard R. Matthews

4,455
7
29
47

12

votes

2 answers

Is it possible to construct an encryption scheme for which breaking is NP complete but there nearly always exists an efficient breaking algorithm

The question stems from the fact that foundations of crypto states: suppose breaking an encryption scheme is NP-complete, then P != NP implies that this encryption is hard to break in the worst case, but does not rule out the possibility that it can…

asked Nov 03 '17 at 23:24

z.karl

435
2
9

12

votes

2 answers

How were the best AES whiteboxes in the CHES 2017 CTF challenge built and broken?

Along CHES 2017 was a Capture the Flag Challenge, aka The WhibOx Contest. Participants submit C source code with interface void AES_128_encrypt(unsigned char ciphertext[16], unsigned char plaintext[16]); that performs AES-128 encryption with some…

asked Oct 28 '17 at 11:54

fgrieu

140,762
12
307
587

12

votes

2 answers

Dice vs quantum random number generator

I recently championed quantum key distribution networks. This has led me to also question quantum random number generators. It appears that randomness is randomness, even if made by custom quantum hardware featuring lasers and photon genies. It…

asked Sep 29 '17 at 23:04

Paul Uszak

15,390
2
28
77

12

votes

2 answers

Why is multiplication uncommon in cryptographic primitives?

Modern computers (which crypto programs are usually run on) have a 64-bit multiply, and it only takes one cycle. It's pretty decent mixing at next to no cost. For block ciphers: Multiplication by a constant is nonlinear (when combined with other…

asked Sep 26 '17 at 23:51

EPICI

359
1
7

12

votes

2 answers

Can RSA be used to encrypt p?

In RSA you choose $n=pq$ where $p$ and $q$ are large primes with similar length. Then you choose $e$ that is coprime with $\phi(n)$ and find $d$ that is modular multiplicative inverse of $e$ modulo $\phi(n)$, so $ed \equiv 1 \mod \phi(n)$. Then…

rsa

asked Sep 25 '17 at 06:08

desowin

163
7

12

votes

5 answers

Why is lattice-based cryptography believed to be hard against quantum computer?

Why is lattice-based cryptography believed to be hard against quantum computer? Learning With Errors(LWE) problem (reduction to SVP) is just one example. Can you provide some intuition of the hardness?

asked Aug 14 '17 at 21:52

mallea

1,605
1
9
21

12

votes

5 answers

What is the malicious potential of a key-substitution-attack?

What is the idea behind a key-substitution-attack? We start from a given pair of message $m$ and signature $s(m)$. The signature can be verified by anybody in possess of the public key $y$: $v(m, s, y)= ok$ Now, by some mathematical magic (details…

asked Jun 13 '17 at 10:21

MichaelW

1,497
1
11
24

12

votes

2 answers

Safe primes in RSA

It's my understanding that there's no longer a requisite of safe primes for $q$ and $p$ when choosing a RSA modulus. How is it that this does not change the hardness of factoring $N$?

asked May 26 '17 at 11:42

boran

131
1
3

Most Popular