Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [misuse-resistant]

For questions about design decisions of schemes and implementations of cryptographic primitives to make them resistant to misuse.

Property of algorithm/construct design making secure and correct implementation/usage easy and straightforward.

Topics including:

  • Constant-time implementation.

  • Absence of exception cases.

  • Nonce/IV reliance and reuse remedies.

  • etc.

7 questions
5
votes
1 answer

Is XChaCha20-Poly1305 nonce misuse-resistant?

In the Libsodium v1.0.12 and v1.0.13 Security Assessment one can read The ChaCha20-Poly1305 implementation combines a stream cipher and is resistant to timing attacks by design. In addition, this particular construction has two additional…
Raoul722
  • 3,003
  • 3
  • 23
  • 42
3
votes
1 answer

Is XTS-AES a NIST-approved nonce-misuse-resistant AES mode?

If I use XTS-AES and treat the tweak as a nonce/IV would the result be considered nonce-misuse-resistant? I'm thinking of something like the following AEAD-like scheme: enc(encKey, macKey, plaintext, aad): tweak = ... # 128 bits, generated like an…
orip
  • 328
  • 4
  • 12
2
votes
0 answers

Tracking Spread of CoV-19 along Social Graph while Protecting Privacy and Anonymity

In several countries there are currently ideas to track the spread of HCoV-19 by use of mobile location data. A good knowledge of the virus' spread throughout communities and countries will certainly be a huge benefit to everyone, as it provides…
mbl
  • 21
  • 2
1
vote
0 answers

Misuse-resistant ephemeral key exchange?

This recent question had me the idea to ask: is there a "misuse-resistant ephemeral key exchange"? At first sight, this seemed self-contradictary - ephemeral implies there's a random part, while misuse-resistant often implies determinism. But when…
DannyNiu
  • 10,640
  • 2
  • 27
  • 64
1
vote
1 answer

The purpose of Enigma plugboard

It is well known the number of Enigma combinations with plugboard: $${5!\over(5-3)!}\cdot26^3\cdot{26!\over(26-20)!\cdot2^{10}\cdot10!}=158,962,555,217,826,360,000$$. So, $(26-20)!\cdot2^{10}\cdot10!$ just decreases the overall number of…
Mikhail Gaichenkov
  • 111
  • 2
1
vote
0 answers

Safety of multiple public keys per McEliece private key?

I noticed that, when deriving a Classic McEliece public key from a private key, randomness is required, and also that this randomness is normally provided at once, during key pair generation. I'm guessing it's not usual to ever generate additional…
JamesTheAwesomeDude
  • 968
  • 7
  • 23
0
votes
0 answers

Can I Achieve Deterministic Encryption Using AES-GCM with Nonce = HMAC [ message ]

I would like to implement a deterministic encryption scheme within .NET. From the following post it is established using AES-SIV mode is appropriate. As AES-SIV mode is not implemented within the System.Security.Cryptography .NET namespace an…
user67152
  • 1
  • 1