Highest Voted Questions - Cryptography Stack Exchange

12

votes

1 answer

How many bits of entropy does an elliptic curve key of length n provide?

A FAQ for an open source project makes the claim: Indeed, an elliptic curve key of length n provides $n/2$ bits of security. I have two questions: What is the practical difference between "bits of entropy" and "bits of security"? How does one…

asked Jul 08 '15 at 00:14

Rich Apodaca

221
1
5

12

votes

1 answer

If RSA is only used to encrypt symmetric keys which are random, what's wrong with textbook RSA?

As far as I know, IND-CPA is used to protect against frequency analysis. But if RSA is only used to encrypt symmetric keys, what's wrong with using only textbook RSA because random keys are very unlikely to repeat?

asked Jul 07 '15 at 16:49

wlad

1,239
1
13
24

12

votes

2 answers

Is standardizing a modified AES a good idea?

"Recently" the Ukraine standardized a new block cipher Kalyna, which according to the abstract of"A New Encryption Standard of Ukraine: The Kalyna Block Cipher" by Oliynykov et al. (warning: the paper contains a lot of test-vectors) is basically a…

asked Jul 02 '15 at 20:59

SEJPM

45,967
7
99
205

12

votes

2 answers

How were the number of rounds for different key sizes of AES selected?

The number of AES rounds increases with the key length. Why increase the number of rounds at all, and how were these round counts chosen?

asked May 21 '12 at 14:34

user1449

12

votes

1 answer

What are the differences between the elliptic curve equations?

I think we're all aware of the "classical" Weierstrass (short?) elliptic curve equation: $y^2\equiv x^3 + ax +b \pmod p$. Well known examples of these curves include the NIST's and Brainpool ones. Now there's also the "Montgomery" representation:…

asked Jun 16 '15 at 16:54

SEJPM

45,967
7
99
205

12

votes

4 answers

Is the one-time-pad a secure system according to modern definitions?

Occasionally I hear people say that one-time pads are "useless" or even "broken". "modern cryptography knows more security definitions, under some of which the one-time pad is completely broken." -- How do we know a cryptographic primitive…

asked Jun 05 '15 at 01:09

David Cary

5,664
4
21
35

12

votes

3 answers

Why can’t DSA be used for encryption?

This question at StackOverflow mentions that DSA cannot be used for encryption. But both RSA and DSA can be used to generate public and private keys, right? Then why can't I use the DSA public key to encrypt?

asked May 11 '12 at 08:40

Lunar Mushrooms

709
3
8
11

12

votes

4 answers

Is it fair to assume that SHA1 collisions won't occur on a set of <100k strings

I'm building a system that has to take file paths, and generate a unique name for each one. I'm planning on using SHA1 as the hash function. My question is: do I have to deal with possible collisions (2 different paths producing the same SHA1…

asked May 11 '12 at 10:13

Denis Hennessy

223
1
2
6

12

votes

4 answers

Alice and Bob's crush

Suppose Alice and Bob both want to determine whether the other has a crush on him/her, but they only wish to share the information if the crush is mutual. Is there a cryptographic protocol that makes this possible without using trusted third…

protocol-design

asked Apr 30 '15 at 23:33

user24215

121
2

12

votes

1 answer

XSL on serpent and rijndael - which is most affected?

So I've often looked at serpent and thought it was a very strong contender in AES. Not so long ago I was looking for evidence as to why it didn't beat rijndael. So far, the closest I've got answering that is this: The 32 rounds means that Serpent…

asked Jul 26 '11 at 17:27

user46

12

votes

2 answers

How does a certificate authority issue a digital certificate?

I am new to cryptography and I want to know the details of how a Certificate Authority issues a digital certificate. From what I know (please correct me if I'm wrong at any parts of my explanation): If Alice wants to request a digital certificate,…

asked Apr 22 '15 at 14:42

user2935569

135
2
6

12

votes

2 answers

Under what conditions did a Bletchley bombe stop?

I am trying to understand the conditions necessary for one of the Bletchley Park bombes to stop. Let me give an example. I have been experimenting with Enigma machine and bombe simulators to try to understand better how the bombe works. Using a…

enigma

asked Apr 20 '15 at 21:00

Geoff

351
2
14

12

votes

1 answer

Probability of SHA256 Collisions for Certain Amount of Hashed Values

I wonder if you can help me figure out that question: Is there a known probability function f: N -> [0,1], that computes the probability of a sha256 collision for a certain amount of values to be hashed? The values might fulfill some simplicity…

asked Apr 01 '15 at 11:40

vern

123
1
1
6

12

votes

1 answer

How to use RCON In Key Expansion of 128 Bit Advanced Encryption Standard

I have a question about RCON here is my illustration... this is the 128 bit key.. [2b] [28] [ab] [09] [7e] [ae] [f7] [cf] [15] [d2] [15] [4f] [16] [a6] [88] [3c] and then I will get this.. [09] [cf] [4f] [3c] and then I will put down the first…

asked Apr 21 '12 at 13:52

goldroger

1,727
8
33
41

12

votes

1 answer

Why are the outputs of the md5sum tool and Crypto++'s MD5 different?

Could you please tell me what is the difference of coreutils' md5sum and sha*sum tools (sha1sum, sha224sum, etc.) compared to Crypto++'s digest functions? I've written a piece of code using Crypto++ hash functions but the result is different from…

asked Feb 25 '15 at 11:53

SP5RFD

223
1
6

Most Popular