Highest Voted Questions - Cryptography Stack Exchange

11

votes

1 answer

CAESAR finalists: Lightweight case (Ascon vs ACORN)

The Ascon cipher has been selected as the first choice in lightweight case and ACORN as the second. However according to Face-off between the CAESAR Lightweight Finalists: ACORN vs. Ascon paper, the winner of the face-off is ACORN. They mentioned…

asked Mar 01 '19 at 10:29

hardyrama

2,126
1
16
40

11

votes

1 answer

Why Static RSA and Diffie-Hellman cipher suites have been removed in TLS 1.3?

Why Static RSA and Diffie-Hellman cipher suites have been removed in TLS 1.3? How keys can be exchanged then? https://datatracker.ietf.org/doc/html/draft-ietf-tls-tls13-28

asked Feb 25 '19 at 17:47

Nathan Aw

2,277
3
17
21

11

votes

1 answer

how does BearSSL's GCM modular reduction work?

BearSSL (in src/hash/ghash_ctmul.c) seems to be doing a modular reduction that I don't completely understand. Here's the code: /* * GHASH specification has the bits "reversed" (most * significant is in fact least significant), which does * not…

asked Jan 13 '19 at 02:06

neubert

2,927
1
28
54

11

votes

5 answers

How do I construct a 256-bit hash function from 128-bit AES?

I would like to generate a 256-bit hash on a microcontroller that has a 128-bit (only) AES engine. How can I construct a 256-bit hash function from a 128-bit cipher?

asked Sep 09 '11 at 17:13

joeforker

561
5
13

11

votes

1 answer

Should the secret key of Shamir's secret-sharing algorithm be interpreted byte by byte?

Should the secret message of Shamir's secret-sharing algorithm be interpreted and processed byte by byte? Interpreting it byte by byte makes it easier to process, but in case one of the shareholders decides to tamper with some of the bytes in his…

asked Mar 05 '13 at 18:54

Penn

153
6

11

votes

4 answers

Why is SHA-512 limited to an input of $2^{128}$ bits?

Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?

asked Dec 09 '18 at 22:15

w0f

213
2
5

11

votes

1 answer

How does the process of creating a new secure Elliptic Curve look like?

I'm especially curious about the technique djb would have used to come up with his Curve 25519. Say I have already written down my goals, such as - Twist Secure, Speed, Side Channel resistance, etc. In this case, how do I go about creating new…

asked Dec 02 '18 at 23:31

Cookies

213
1
7

11

votes

5 answers

Can you explain what an NP statement is when they refer to it in Zero knowledge proofs?

When I read about zero knowledge proof, I keep encountering the term NP-statement. I am aware of complexity classes but I am a little unclear on how it ties up to NP-statement. I came across the following here: C++ library for zkSNARKs A computation…

asked Nov 27 '18 at 10:36

tatepairing

303
2
7

11

votes

2 answers

How can an S-Box be reversed?

So, as an exercise to greater understand some things about cryptography, I decided to try and implement GOST 28147-89, which uses eight 4x4 S-Boxes. I can grasp the concept of putting 4 bits through the S-Box and getting four out, but how would one…

s-boxes

asked Feb 16 '13 at 12:20

LMS

213
2
6

11

votes

2 answers

Why do some key derivation functions (like PBKDF2) use a salt?

Let me start by explaining my understanding of the various concepts involved in this question: Salt: Random bytes of data used as secondary input for a password hashing function, like so: hashfunc(, ) -> And both the …

asked Oct 02 '18 at 13:05

Aran-Fey

212
2
8

11

votes

2 answers

Can quantum computers put computer security in jeopardy?

There are many articles about quantum computers describing how powerful they are in computing and that they can solve very complicated equations in a short time. One of the biggest security measures that provide safety for computer security is that…

asked Sep 02 '18 at 07:52

R1w

1,952
4
20
45

11

votes

5 answers

How to best obtain bit sequences from throwing normal dice?

Throwing normal dice, one can get sequences of digits in [0,5]. In practice, which is the best procedure to transform such sequences into a desired number of bit sequences?

asked Jan 30 '13 at 21:19

Mok-Kong Shen

1,312
1
11
15

11

votes

4 answers

Theoretical pi-based stream cipher

Let's pretend that all digits of pi are known and arbitrarily long sequences of digits are trivial to get. Further, some mathematician proves that there are no patterns in pi. We could create a stream cipher by grabbing a piece of pi as long as our…

stream-cipher

asked Jan 25 '13 at 23:25

Joshua Galecki

213
2
4

11

votes

0 answers

How to build a security model

What are the minimal components to build a security model proof for a protocol? This question might seem trivial, but having read many papers-- from the IEEE, ACM, etc., that talk about a KMP-- I still don't know where to start. For example, should…

asked Jul 31 '18 at 05:50

CipherX

381
2
12

11

votes

3 answers

Is there a length-preserving encryption scheme?

Is there a length-preserving encryption scheme, that preserves the lengths of input sizes such that the length of the input plain text is same as length of the output cipher text ?

asked Jan 24 '13 at 11:41

Digerkam

219
2
5

Most Popular