Questions tagged [domain-parameters]

Domain parameters are a set of parameters, usually large integers, that define the characteristics and bounds of a domain. They are for instance used for Diffie-Hellman calculations and Elliptic Curve calculations. The domain defines the key size that is used.

This tag may be used for anything related to domain parameters including domain parameter generation and discussion of named sets of domain parameters.

Many asymmetric cryptographic systems rely on domain parameters; it is recommended to include a tag for the specific cryptographic system in the tag list.

12 questions

votes

3 answers

What does the special form of the base point of secp256k1 allow?

The popular ECC parameters secp256k1 are documented in SEC2 as using curve $y^2\equiv x^3+a\cdot x+b\pmod p$ with $a=0$, $b=7$, $p=2^{256}-2^{32}-\mathtt{3d1_h}$, base point $G$ with the apparently haphazard $(x,y)$ coordinates…

elliptic-curves domain-parameters

asked Jun 30 '18 at 13:32

fgrieu

149,326
13
324
622

votes

3 answers

How to determine required number of rounds for RC6 cipher given custom W and B parameters?

The RC6 symmetric block cipher is parameterized with three parameters : W : The number of bits in a machine word (8 , 16 , 32 , 64) B : The number of bytes specifying key length (0 to 255) R : The number of rounds to execute (1 to 255) A data…

domain-parameters rc6

asked Aug 23 '18 at 20:44

cookiecipher

votes

2 answers

DDH hardness with shared public parameters

DDH is believed hard for subgroup of $ℤ^*_p$ with order $q=(p-1)/2$ when $p$ is a safe prime chosen randomly. What if $p$ isn't random: When parameters are shared, $p$ mightn't have been chosen randomly—primality can be tested, random sampling…

diffie-hellman randomness safe-prime domain-parameters

asked Jan 26 '23 at 07:39

bs-

votes

1 answer

Static Diffie-Hellman in TLS

Static Diffie-Hellman (cipher suites with DH in their name but neither DHE or DH_anon - requires that the server owns a certificate with a DH public key in it. When static DH key exchange is used, the server provides a certificate containing fixed…

diffie-hellman tls domain-parameters

asked Jun 25 '19 at 08:01

blabla_trace

votes

1 answer

How to Derive the Decapsulation Failure Rates for ML-KEM in PQC standards?

I am studying post-quantum key encapsulation mechanisms and came across the decapsulation failure rates for ML-KEM listed in Table 1 of a reference document(FIPS-203). The table specifies failure rates for different parameter sets as…

post-quantum-cryptography lattice-crypto probability kyber domain-parameters

asked Jan 20 '25 at 09:56

smith

votes

1 answer

Why does FIPS 186-4 seem to have an excessively complex q generation?

So in DSA you have two primes - p and q. q is N bits long (let's assume 160 bits) and p is L bits long (let's assume 1024 bits). Here's what FIPS 186-4 says about generating the q parameter for DSA: Get an arbitrary sequence of seedlen bits as the…

dsa prime-numbers domain-parameters

asked Jul 28 '16 at 05:32

neubert

2,969
1
29
58

votes

1 answer

Bilinear pairing for compact BLS signature

What family of bilinear pairing is recommendable for BLS signature when the overriding criteria is compactness of the signature, as desirable for something to be keyed-in from printout, or embedded in a small QR-code? Is there something giving…

pairings bls-signature domain-parameters

asked Feb 15 '23 at 12:42

fgrieu

149,326
13
324
622

votes

2 answers

What are the typical instance parameters of non-commutative cryptographic schemes?

Recently, I grew a tremendous interest for public-key cryptography based on "groupoids", and collaborated with someone on this topic. What I notice afterwards, is that there had been a huge body of work on "non-commutative" cryptography, with a book…

group-theory domain-parameters non-commutative-cryptography

asked Apr 10 '21 at 11:47

DannyNiu

10,640
2
27
64

votes

1 answer

In a safe finite field elliptic curve, why is p not n?

From what I understand, in order for a curve to be safe, it would appear that $n$ being the order of the cyclic subgroup of the curve, is a prime. Also, it is the theoretical upper-bound on the number of private keys the curve can issue, thus it…

elliptic-curves domain-parameters

asked Sep 12 '17 at 04:58

gtr32x

votes

1 answer

exponent bit-length for hard DL (128-bit security)

Following up on my previous post, I thought I might get a more concrete answer if I gave a more concrete question. I require 128-bit security so I choose a 3072-bit RSA modulus ($\ell_n=3072$). Specifically I choose $n=pq=(2p'+1)(2q'+1)$ that is a…

rsa quadratic-residuosity domain-parameters

asked Feb 09 '23 at 16:18

gormatron3000

votes

1 answer

Hardness of DL in group of Quadratic Residues (product of safe primes)

A protocol I am working with requires $\ell_n$-bit RSA modulus and $\ell_\Lambda$ such that computing $\ell_\Lambda$-bit discrete logs is hard in $QR_n$ (technically $n$ is $\ell_n+2$ bits in the definition of the paper). Note we have the additional…

rsa quadratic-residuosity domain-parameters

asked Feb 05 '23 at 22:19

gormatron3000

votes

1 answer

Domain parameters in the Schnorr identification scheme

I have been recently studying the Schnorr identification scheme. The book Cryptography: Theory and Practice by Stinson and Paterson states the following about the domain parameters in the Schnorr identification scheme: The scheme requires a trusted…

discrete-logarithm schnorr-identification domain-parameters

asked Sep 05 '21 at 11:58

Jan