Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [nist]

The National Institute of Standards and Technology (NIST) is a U.S. federal agency that works with industry to develop and apply technology, measurements, and standards.

The National Institute of Standards and Technology (NIST) is a federal technology agency that works with industry to develop and apply technology, measurements, and standards. NIST is an agency of the U.S. Department of Commerce.

230 questions
164
votes
4 answers

Should we trust the NIST-recommended ECC parameters?

Recent articles in the media, based upon Snowden documents, have suggested that the NSA has actively tried to enable surveillance by embedding weaknesses in commercially-deployed technology -- including at least one NIST standard. The NIST FIPS…
D.W.
  • 36,982
  • 13
  • 107
  • 196
60
votes
4 answers

Why isn’t SHA-3 in wider use?

SHA-3 was released by NIST just over 4 years ago this week. In my experience it does not seem to be as widely used as I might have expected. I see SHA-2 and even SHA-1 more often. What are your opinions on why this is the case?:
RixN
  • 792
  • 1
  • 5
  • 8
25
votes
5 answers

How useful is NIST's Randomness Beacon for cryptographic use?

NIST have just launched a new service called the NSANIST Randomness Beacon. It has been met with some initial skepticism. Perhaps the cryptography community would have used it before June 2013 when NIST had a trusted reputation. At first I thought…
user3461497
  • 361
  • 3
  • 5
24
votes
1 answer

Is there any difference between NIST and SECP curves in-terms of their algorithms and implementation?

I'm implementing ECDSA for NIST P-256 curve. I just want to know if the same implementation will also work for SECP curves? If it doesn't, can you point me to one or more references of algorithms for SECP 256? To clarify: I specifically want to know…
abejoe
  • 665
  • 2
  • 6
  • 14
24
votes
2 answers

How exactly was the finalist chosen in the NIST AES competition?

I was just reading the Stick Figure Guide to AES and came across an interesting table explaining how the winner was chosen: Unfortunately the NIST site is down so I can't gain further information about the approval process so I was hoping someone…
J_M
  • 341
  • 2
  • 3
24
votes
3 answers

Are NIST's changes to Keccak/SHA-3 problematic?

NIST is working on standardizing SHA-3. They have selected Keccak as the basis for SHA-3, and they plan to make some small changes to it; the result (with NIST's changes) will be standardized as SHA-3. A blog post from the CDT raises concerns over…
D.W.
  • 36,982
  • 13
  • 107
  • 196
23
votes
1 answer

What is the history of recommended RSA key sizes?

One can find up to date recommended key sizes for RSA at NIST sp800-131A for example. In short, it suggests a key size of at least 2048 bits. Is it possible to find a history of recommended key sizes for RSA, going back to the invention of RSA?
Simd
  • 309
  • 1
  • 3
  • 9
23
votes
2 answers

Is there a feasible method by which NIST ECC curves over prime fields could be intentionally rigged?

The NIST elliptic curves P-192, P-224, P-256, P-384, and P-521, prescribed in FIPS 186-4 appendix D.1.2, are generated according to a well defined process, but using an arbitrary random-looking seed value of 160 bits. For this reason a page of DJB's…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
18
votes
1 answer

What are the key differences between the draft SHA-3 standard and the Keccak submission?

I just noticed that on the NIST website there is a PDF with a draft of the SHA-3 standard (i.e. FIPS 202) (marked as "new", and seemingly the page was last changed on April 7, 2014). Previously it was discussed here that NIST would be changing stuff…
Paŭlo Ebermann
  • 22,946
  • 7
  • 82
  • 119
18
votes
1 answer

Did NIST verify “post-quantum” claims in the SHA3 proposal papers?

I have been reading Bernstein’s “Quantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein” paper from 2010… This document disproves the claims of preimage resistance for Blue Midnight…
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
18
votes
1 answer

What NIST protocol was allegedly backdoored by NSA in 2006?

From a recent NY Times article: Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for…
Fixee
  • 4,258
  • 3
  • 26
  • 39
17
votes
2 answers

Is there a contingency plan in the event of a catastrophic attack on AES?

NIST selected Rijndael in 2000 to be AES. In a paper from the Serpent authors, they mention that there was the possibility of choosing a second cipher as a backup in the case of any severe breaks: I believe that there should be only one standard.…
forest
  • 15,626
  • 2
  • 49
  • 103
17
votes
2 answers

How did || come to be used in crypto texts to represent concatenation?

In RFC5647, NIST SP 800-38D, etc., || is used to denote concatenation. How did that come to be? In most programming languages || represents "or" and + denotes concatenation and the fact that crypto texts just kind of mixed it up seems to make for an…
neubert
  • 2,969
  • 1
  • 29
  • 58
17
votes
2 answers

Why is pqRSA in the NIST PQC submissions?

In the NIST post-quantum cryptography workshop, the round one submissions included pqRSA. If memory serves, this is an implementation of RSA using the product of a very large number of 4096-bit primes to protect against Shor's algorithm. It requires…
forest
  • 15,626
  • 2
  • 49
  • 103
16
votes
2 answers

NIST Diffie-Hellman prime: how was it picked? Where did it come from?

According to this Matasano Crypto challenge, the NIST "likes" the following prime modulus, which appears to be expressed in…
Elias Zamaria
  • 279
  • 2
  • 9
1
2 3
15 16