Highest Voted Questions - Cryptography Stack Exchange

12

votes

2 answers

What does "Worst-case hardness" mean in lattice-based cryptography?

In the wiki page of Lattice-based Cryptography the "Worst-case hardness" is defined as below: Worst-case hardness of lattice problems means that breaking the cryptographic construction (even with some small non-negligible probability) is provably…

asked Feb 02 '14 at 18:04

Habib

951
8
23

12

votes

3 answers

Using a Non-Random IV with modes other than CBC

The weakness CWE-329 is an interesting problem with CBC mode. However, does this same weakness affect the other modes of operation that rely upon an IV such as: PCBC, CFB and OFB? My gut feeling is, YES. I am wondering if there a consensus on…

asked Nov 23 '11 at 19:47

Rook

1,496
1
13
22

12

votes

4 answers

Is key size the only barrier to the adoption of the McEliece cryptosystem, or is it considered broken/potentially vulnerable?

A recent paper showed that the McEliece cryptosystem is not, unlike RSA and other cryptosystems, weakened as drastically by quantum computing because strong Fourier sampling cannot solve the hidden subgroup problem. However, in 2008, new parameters…

asked Jul 14 '11 at 23:25

user46

12

votes

2 answers

Secure degree reduction for Shamir's secret sharing

I understand the basic Shamir Secret Sharing protocol, and when two shares are multiplied, the degree of the polynomial increases. I've seen in a number of papers a reference to a degree reduction protocol that can be performed to securely reduce…

asked Jan 23 '14 at 17:15

user3225551

143
4

12

votes

2 answers

Can curve25519 keys be used with ed25519 keys?

Can curve25519 keys be used with ed25519? I'd prefer to use ed25519, but there isn't a fast java version. For my application, I'd like to use curve25519 until I can get a faster ed25519 for java. At the very least can the curve25519 keys be…

asked Jan 22 '14 at 20:21

user7024

12

votes

2 answers

Does there exist a proof-of-retrievability scheme that is publicly-verifiable, limited-use, and does not use homomorphic encryption?

I find myself wanting to test out a practical implementation of a proof-of-retrievability scheme, simply out of curiosity. These schemes seem to be divided into two variations, publicly-verified and privately-verified. Here's a brief explanation of…

asked Jan 05 '14 at 00:21

okw

223
1
6

12

votes

2 answers

Are CDH and Square-DH equally hard?

CDH problem roughly says that choose $U=g^u, V=g^v$ uniformly at random from cyclic group $G$, it's hard to compute $\operatorname{CDH}(U,V)=g^{uv}$. Square-DH problem roughly says choose $U=g^u$ uniformly at random from cyclic group $G$, it's…

asked Dec 25 '13 at 08:18

T.B

1,292
13
24

12

votes

3 answers

How to perform authentication without central server in P2P?

How can one be sure that the man who you're talking with is the one who you think he is? i.e. How can one perform authentication in P2P network without a central trust server or Certificate Authority? I'm just wondering how someone can make…

asked Dec 20 '13 at 11:05

Abzac

263
2
10

12

votes

2 answers

How can I implement the elliptic curve MOV attack myself?

I understand and have implemented elliptic curve signatures in Python without the use of libraries like Sage, and would like to implement the MOV attack against certain weak types of elliptic curves. Even though I understand the mathematical…

asked Nov 20 '13 at 08:00

Myria

121
1
3

12

votes

1 answer

Why does the crypto_box functionality in NaCl library expose the nonce to the programmer?

The idea of crypto_box API in NaCl library is to shield the programmer away from the technical details and provide easy to use functions for encrypting and encrypting messages. Given what I've just written, I do not understand why the idea of nonce…

nonce

asked Nov 19 '13 at 22:31

user7610

283
4
10

12

votes

4 answers

Did non-military cryptography appear in the 50's and 60's only due to NSA leaks?

I'm not talking about scytale, but encryption like RSA, DES, etc. How exactly did civil cryptography evolve after World War II?

asked Nov 05 '13 at 14:55

strand

121
4

12

votes

2 answers

Encrypting and obscuring data between site/user without SSL

Im trying to figure out what the best way to encrypt data sent between a webpage and the user(both ways) is, when hosted in an environment that doesn't support SSL. The purpose of encryption would be obscuring content for delivery through filters…

encryption

asked Nov 09 '11 at 04:53

Jayhal

123
1
5

12

votes

4 answers

Do any non-US ciphers exist?

Plenty of ciphers come out of the USA from government research or selection competitions. AES and DES are examples. Are there any public ciphers produced by other states, China or Iran for example? Do you really think they trust AES? EDIT: List of…

asked Oct 25 '13 at 14:11

user9070

12

votes

4 answers

What is the difference between a 'cipher' and a 'mode of operation'?

What is the difference between the term cipher (a name like RIJNDAEL) and mode of operation (like ECB)? Aren't these both terms for the encryption/decryption technique?

asked Oct 18 '13 at 06:53

hsuk

229
2
5

12

votes

3 answers

Is Blowfish strong enough for VPN encryption?

I'm looking at an OpenVPN connection between two sites configured to use 128 bit Blowfish in CBC mode, and trying to figure out how to assess the strength, but I just don't know enough of the maths. I could ask this over on Sec.SE, but there I think…

asked Oct 31 '11 at 10:53

Rory Alsop

685
1
12
22

Most Popular