Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [constants]

Fixed, more or less arbitrary parameter values that appear in the definitions of cryptographic schemes, such as fixed initialization vectors for hash functions or S-box tables for block ciphers.

Fixed, more or less arbitrary parameter values that appear in the definitions of cryptographic schemes, such as fixed initialization vectors for hash functions or S-box tables for block ciphers.

23 questions
41
votes
3 answers

How is the MD2 hash function S-table constructed from Pi?

For fun, I'm learning more about cryptography and hashing. I'm implementing the MD2 hash function following RFC 1319 (https://www.rfc-editor.org/rfc/rfc1319). I'll preface by saying I know there are libraries, I know this is an old hash, and I do…
Keith
  • 513
  • 4
  • 6
35
votes
4 answers

Is there a standard, or widely accepted convention, for magic constants in crypto software?

Inspired by Magic "Nothing Up My Sleeve" Numbers - Computerphile - YouTube [5:31]. If you just need a constant to begin your algorithm, and the value of that constant isn't important, why not have a widely known convention to always use the digits…
Low Powah
  • 451
  • 4
  • 4
14
votes
1 answer

Security considerations on "expand 32-byte k"-magic number in the Salsa20 family of stream ciphers?

I'm currently examining the NaCl library written by Daniel J. Bernstein and I noticed that the library hard codes the sigma: static const unsigned char sigma[16] = "expand 32-byte k"; In all the salsa stream…
Pascal
  • 243
  • 2
  • 7
11
votes
1 answer

Why are the initial states of hashes functions (like SHA-1) often non-zero?

There is already a question asking "Why initialize SHA1 with specific buffer?" and my question follows on from this: Why are the initial states of hash functions often non-zero? For most, I have been able to find a clear explanation of where the…
Cryptographeur
  • 4,357
  • 2
  • 29
  • 40
9
votes
1 answer

How constant value 0x63 in affine transformation is chosen or generated while AES Substitution Box is formed?

Me and one of my friends are working on AES algorithm. We have understood how multiplicative inverse table is generated. Rijndael AES algorithm shows us how S-Box is generated through the affine transformation process. In the original algorithm they…
Arnab Rahman
  • 171
  • 1
  • 6
8
votes
0 answers

How are the constants found in the AVX2 implementation of CRYSTALS-KYBER round 2 generated?

The post-quantum lattice-based cryptosystem CRYSTALS-KYBER which has made it to the second round of NIST PQC includes two implementations: 1) a baseline reference implementation in C and 2) an optimized AVX2 implementation. The code repository can…
caesar
  • 315
  • 1
  • 7
8
votes
1 answer

How complex must round constants be to resist slide attacks?

A key schedule that generates round keys by XORing a round constant with the key is linear and can be vulnerable to related key attacks, but let's ignore that for now. Constants are necessary to avoid the slide attack. How complex do these constants…
forest
  • 15,626
  • 2
  • 49
  • 103
8
votes
1 answer

Why have round constants in hashes?

This may seem like basic crypto knowledge, but why do hash functions like SHA-2 and Whirlpool have round constants that are absorbed into their respective states? I can understand that in a cipher you need some way to incorporate a variable secret…
Paul Uszak
  • 15,905
  • 2
  • 32
  • 83
8
votes
1 answer

How many degrees of freedom up my sleeve?

Now that we know how the MD2 S-box was constructed, I find myself wondering how good a nothing up my sleeve number it really is. It is derived from $\pi$, but not in a very obvious way, even in retrospect. How would you estimate the number of…
otus
  • 32,462
  • 5
  • 75
  • 167
7
votes
3 answers

Nothing-up-my-sleeve numbers standard

Premise Several cryptographic primitives employ randomized numerical constants. To avoid suspicious that the designer selected such constants in order to plant a backdoor, "nothing-up-my-sleeve numbers" are used. These are numbers constructed from…
user38141
  • 170
  • 4
6
votes
1 answer

Significance of rotation constants in SHA-512?

In a single round of SHA-512, in the operations $\Sigma_0(A)$, $\Sigma_1(E)$ why are the constants $28$, $34$, and $39$ used for the number of rotations? What significance do these numbers have? What if they are changed?
Rajiv Patil
5
votes
2 answers

Early propagation of carries in the BLAKE hash function

The BLAKE paper uses round constants derived from $\pi$ to improve diffusion, even if the additions modulo $2^{32}$ are replaced with bitwise XOR when processing a null message and null initial state: The higher weight in the original model is due…
forest
  • 15,626
  • 2
  • 49
  • 103
5
votes
1 answer

How are the IVs of SHA-512/256 and SHA-512/224 calculated?

This seems odd to me, because there are a lot of resources out there saying that the initializer values of SHA-512 and SHA-384 are the first 64 bits of the fractional parts of the square roots of prime numbers. For SHA-256 and SHA-224, the 32 LSBs…
polfosol
  • 221
  • 3
  • 10
3
votes
1 answer

Where do the constants for SHA-1/2/3 come from?

My request is: I need to know the source of constants (shift constants, IV, or S-Box) for the following algorithms: SHA-1 SHA-2 (all sizes) SHA-3 Examples: BLOWFISH uses the hexadecimal values of PI. SKEIN uses chosen constants from…
m.nasim
  • 105
  • 1
  • 7
3
votes
1 answer

Origin of the SHA-224 initial hash value?

At the start of each of the SHA-0 through -2 algorithms, the initial state is set to certain constants. I'm curious where the initialization values in SHA-224 are from. MD5's initial values are simple increasing and decreasing patterns of hex…
Myria
  • 2,635
  • 15
  • 26
1
2